Mikko Hyppönen: WithSecure will focus on ML to fight cybercrime

Missed a session at the Data Summit? View on demand here.

When cybersecurity vendor F-Secure today announced the new name for the upcoming spin-off of its enterprise security division, now known as WithSecure, Mikko Hyppönen, the company’s longtime chief research officer, said machine learning (ML) capabilities will be an increasing focus. gain as it pursues more business customers.

In particular, ML will be needed to counter the inevitable adoption of ML by cybercriminals for automating cyberattacks, such as ransomware attacks, Hyppönen said in an interview with VentureBeat.

Hyppönen said he predicts that cybercrime organizations such as ransomware gangs will start using ML in this way within the next 12 to 24 months.

Currently, our response for cyber defenders is automated. When there’s a change on the enemy’s side, our systems detect it and adapt very quickly, because that’s ML/AI,” Hyppönen said. “So if it’s a game of ping pong, there’s a ‘ping’ on their side, and our ‘pong’ goes right back. But when they switch to automation, their response will also be immediate.”

And when that happens, “it changes in this massively escalating race — with both sides automatically reacting to what the other side is doing. That’s not at all what we see today,” he said.

Instead, today we have “a quick response. They’re reacting slowly,” Hyppönen said. “So it’s going to be very clear when this happens. And it hasn’t happened yet. And I really believe it will happen in the near future. “

As WithSecure plans to split from the F-Secure consumer security business at the end of June, AI/ML is an area where “we believe the technology we have on the WithSecure side will shine – because we use so much of our responsiveness, Hypponen said.

More focus

Originally founded in 1988 under the name Data Fellows, Hyppönen has been with the company since 1991. The Helsinki-based company was renamed F-Secure in 1999.

Now the process has begun to split into two publicly traded companies, with a plan for WithSecure to start trading on the Nasdaq Helsinki exchange from July 1. brand, especially in Europe, Hyppönen said.

The move will bring greater focus to each side of the business, especially its faster-growing corporate security business, said Hyppönen, whose title will remain with WithSecure as Chief Research Officer. WithSecure will have 1,400 employees and the other 300 employees will remain with F-Secure.

The company now known as WithSecure provides security consulting services, managed detection and response (MDR), endpoint detection and response (EDR), incident response (IR), and other cybersecurity offerings for businesses.

“As we expanded into consulting and into the MDR and EDR business, with bigger and bigger companies, the same brand that worked very well for home users and small businesses, not so well for large companies,” said. “It took a lot of explanation — ‘Yeah, it’s the same company. But we actually have all this expertise in world-class security, enterprise-level security and consulting and incident response.”

The business-to-business side has “grown very quickly, but we’re also investing a lot — meaning it’s not very profitable at the moment,” he said.

‘Trustworthy partner’

In part, WithSecure aims to differentiate itself in the cybersecurity space, in part through its long track record.

“In many ways, the security business revolves around trust. And I would like to think that in the last 34 years we have proven that we are a reliable partner,” Hyppönen said.

WithSecure will also differentiate itself through its longstanding focus on AI/ML for security. F-Secure started in 2005 in the field of ML-powered security, Hyppönen said, which is “quite remarkable”.

That experience with ML will prove critical, in terms of what the future of the cybercrime threat is, he said.

“We’ve been waiting all these years for our enemy to catch up – for malware creators and online criminals to catch up and start using machine learning in their attacks,” Hyppönen said.

His prediction – that this will happen in the next 12 to 24 months – is based in part on new information that has recently come out about the amount of money some ransomware gangs have managed to collect. Chainalysis has identified more than $602 million in ransomware payments in 2021 alone (though it said that’s likely a significant underestimate). Ransomware gang Conti led the way with at least $180 million, followed by DarkSide, the group behind the Colonial Pipeline ransomware attack.

Competing for talent

“They are certainly rich enough now to be able to compete for the same” [ML] skills like real companies do,” Hyppönen said. “The biggest barrier to entry into machine learning and AI at scale — be it for criminal or legal purposes — is to find the skills, find the people.”

The problem cybercriminals have had is that if a professional knows how to program ML systems — “if they understand how TensorFlow works” — they don’t have to go through a life of crime, he said.

On the other hand, “some people will always go to the dark side if it’s financially tempting enough,” Hyppönen said. “And now where these gangs are making tens of millions, hundreds of millions of dollars — I think they can start competing with legit companies in finding the skills they need and expanding into that world.”

That development could potentially accelerate the deteriorating ransomware threat even further. According to SonicWall, the total number of ransomware attacks will more than double in 2021 – a 105% increase over the year compared to 2020.

“They are certainly rich enough now to be able to compete for the same” [ML] skills like real companies do.”

Mikko Hyppönen, Principal Investigator, WithSecure

Good AI vs Bad AI

While some phishing attacks have already made use of AI/ML — for example, to produce a deepfake of a CEO to mislead employees — cyber-attacks such as phishing and ransomware attacks are still largely human-driven, it said. Hypponen.

This is evidenced by numerous indicators, including the fact that cybercriminals’ response time is not automatic at this point, he said. For example, “when we add new filters, it takes a while for them to detect it.”

However, ML can “automatically change the URLs, wrap the exploit in a different wrapper, recombine the binary — even reprogram the ransomware to evade detection,” Hyppönen said. “Today, all this was already possible with automation. It’s just not done yet.”

And that’s where WithSecure comes in, with its automated systems in MDR and other solution areas, protecting enterprise customers, he said.

“If we cross the threshold to ‘bad AI’, the only thing that can protect you is good AI,” Hyppönen said.

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more

This post Mikko Hyppönen: WithSecure will focus on ML to fight cybercrime

was original published at “https://venturebeat.com/2022/03/22/mikko-hypponen-withsecure-will-bring-focus-on-ml-to-counter-cybercrime/”