AI-driven adaptive protection against human-operated ransomware

In human-operated ransomware attacks, threat actors use predictable methods to enter a device but eventually rely on hands-on-keyboard activities to move inside a network. To fortify our existing cloud-delivered automated protection against complex attacks like human-operated ransomware, we developed a cloud-based machine learning system that, when queried by a device, intelligently predicts if it is at risk, then automatically issues a more aggressive blocking verdict to protect the device, thwarting an attacker’s next steps.

The data-driven decisions the system makes are based on extensive research and experimentation to maximize blocking effectiveness without impacting customer experience. Since the adaptive protection is AI-driven, the risk score given to a device is not only dependent on individual indicators but on a broad swath of patterns and features that the system uses to determine whether an attack is imminent or underway. This capability is suited in fighting against human-operated ransomware because even if attackers use an unknown or benign file or even a legitimate file or process, the system can help prevent the file or process from launching.

In a customer environment, the AI-driven adaptive protection feature was especially successful in helping prevent humans from entering the network by stopping the binary that would grant them access. By considering indicators that would otherwise be considered low priority for remediation, adaptive protection stopped the attack chain at an early stage such that the overall impact of the attack was significantly reduced. The threat turned out to be Cridex, a banking trojan commonly used for credential theft and data exfiltration, which are also key components in many cyberattacks including human-operated ransomware.

Microsoft Defender for Endpoint customers who have enabled cloud protection are already getting the benefits of this improvement on their devices (servers excluded)—no additional step required. While cloud-delivered protection is turned on by default, we encourage customers to check and ensure that it remains on. This backend enhancement can help prevent human-operated attacks and other sophisticated threats from progressing inside a network and give incident responders more time to analyze and remediate attacks when they do happen. Microsoft will continue to use data science techniques to enrich and develop machine learning algorithms used in Microsoft 365 Defender.

Seeing adaptive protection in action

At Microsoft, our data scientists are constantly researching and prototyping advanced AI techniques to battle ransomware attackers. One feature that has proven to be effective against these attacks is the new AI-driven adaptive protection, recently released to our enterprise customers.

Diagram showing how adaptive protection works

Figure 1. How the AI-driven adaptive protection works. Note that the device risk scoring is done in real time by design and thus does not cause any latency.

The adaptive protection feature works on top of the existing robust cloud protection, which defends against threats through different next-generation technologies. Compared to the existing cloud protection level feature, which relies on admins to manually adjust the cloud protection level, the adaptive protection is smarter and faster. It can, when queried by a device, automatically ramp the aggressiveness of cloud-delivered blocking verdicts up or down based on real-time machine learning predictions, thus proactively protecting the device.

We can see the AI-driven adaptive protection in action in a case where the system blocked a certain file. Before the occurrence of this file on the device, there were suspicious behaviors observed on the device such as system code injection and task scheduling. These signals, among others, were all taken into consideration by the AI-driven adaptive protection’s intelligent cloud classifiers, and when the device was predicted as “at risk,” the cloud blocking aggressiveness was instantly ramped up. Owing to the increased aggressiveness, Microsoft Defender Antivirus detected and blocked this file. It’s more difficult by nature to detect and block new malware at first sight, so without the adaptive cloud protection capability, this file might not have been blocked on this customer’s device.

Later the file was determined as a variant of Cridex, which is commonly used for credential theft and data exfiltration, leading to these credentials and data being used by cybercriminals in later attacks. These behaviors are also key components in human-operated ransomware attacks, where early detection is critical to prevent further impact. We elaborate more on how the adaptive cloud protection can protect customers from human-operated ransomware attacks in the next sections.

Using machine learning to power adaptive cloud protection

For this feature to perform as we intended, we needed it to do two things quite well. One, we needed the system to accurately determine whether a device is at risk. Two, the system then needed to respond and adjust depending on the previous judgment or score.

Predicting whether a device is at risk

As devices come under attack, activities on a device often start as a small number of suspicious indicators that would not, in isolation, typically be surfaced as a malicious attack. However, when these signals are seen in sequence over time or in a cluster pattern, AI-driven protection can assess the state of a device at the arrival time of each new signal and can immediately adjust the risk score of the device accordingly. Example signals include previous malware encounters, threats, behavior events, and other relevant information.

If a device is incorrectly scored as not at risk when it is in fact at risk, the attacker could perform additional activities that might be more difficult for detection technologies to catch, for instance if the attacker steals credentials and uses them to move laterally. Conversely, if a device is incorrectly determined as at risk when it is not, then the customer experience suffers. To strike a balance, we needed to find an intelligent machine learning model that can give an accurate score and test that model vigorously.

The model we chose is a binary classifier with pattern recognition (specifically, frequent itemset mining) integrated. A study has shown that the co-occurrence or pattern is a stronger discriminator for these purposes rather than individual tokens, and that using co-occurrence increases the overall robustness of the model. To this end, we’ve included frequent patterns that commonly show up in the malicious samples as input features. To further increase the accuracy of the model (or the number of correct classifications over total predictions), only discriminative patterns were selected by excluding the patterns that have a small Jaccard similarity distance to the frequent patterns present in the benign samples.

The risk score for the device as calculated by the model at that point in time then determines the system’s next steps.

Adjusting cloud blocking aggressiveness automatically

If the risk score of the given device exceeds a certain threshold, cloud protection automatically switches to aggressive blocking. This level of blocking means that some processes or files that would not immediately be considered malicious might also be blocked given that the device is at risk, and they are likely to have been used maliciously. Both the risk score threshold and the switch to aggressive mode are data-driven decisions based on intensive research and experiments to maximize blocking effectiveness without impacting customer experience.

Furthermore, since the risk of a device is scored and refreshed in real time, the cloud immediately ramps down the aggressiveness right after the device is deemed to be no longer at risk. Therefore, we can make sure that this AI-driven adaptive protection feature won’t cause unnecessary false positives or disrupt customer experience.

Delivering contextual and personalized protection

The responsiveness of the blocking mechanism to the real-time risk score computation in the cloud assures that the system makes better-informed decisions, resulting in contextual or stateful blocking in devices. This level of protection customization is such that the protection experience on each device is different—even for the same file or behavior.

For instance, process A can be allowed on a device that has a low risk score, but process A can be blocked and alerted on a potentially risky device. This “personalization” is beneficial for customers because they are less likely to contract false positives or false negatives, unlike machine learning models trained on a dataset that is a mix of every device. Essentially, each device receives a level of protection that is tailored to it.

Adaptive cloud machine learning against human-operated ransomware

AI-driven adaptive protection has a wide range of use cases and tremendous potential value. Its application in human-operated ransomware prevention has been particularly successful. Human-operated ransomware attack chains usually follow specific patterns, starting with campaigns to distribute malicious files, then using techniques such as lateral movement for credential theft and data exfiltration, and finally deploying and activating ransomware payloads to encrypt files on the device and display a ransom note.

However, since threat actors react and adjust to specific findings in the environment, they are able to move fast and use a variety of alternatives to get to their next steps. This makes it challenging for incident responders to quickly determine whether an attack is underway and how to stop the attackers. Our adaptive protection, however, can pick up traces of attacker activity that occur before the actual encryption of files. These data are all collected by our machine learning algorithm and used as evidence to evaluate risk. When the system determines that the current device is compromised or at risk, aggressive cloud blocking kicks in instantly.

Detecting and blocking abuse of legitimate processes or files

In the hands-on-keyboard phase of human-operated ransomware attacks, attackers often use legitimate processes or files for their succeeding steps. For example, network enumeration is a benign behavior by nature, but when it is observed on a device that is determined to be compromised, the likelihood that attackers are performing reconnaissance activities and identifying targets is greater. Adaptive protection can intelligently block network enumeration behavior on risky devices to stop the attack chain and prevent further attacks.

Detecting and blocking ransomware loaders

Ransomware loaders refer to a set of tools or commodity malware that are usually used in the initial and intermediate stages of a ransomware attack. For example, Ryuk is delivered through banking trojan infections like Trickbot. If Trickbot infections go undetected, attackers may be able to move laterally and gain privilege on critical accounts, leading to destructive outcomes.

Known ransomware loaders are fairly easy to detect, so attackers usually make slight changes to the file to evade file signature matching. They then distribute many versions of the file so they can increase the chances that at least one will not be blocked. Due to their polymorphic nature, these files can sometimes be missed by traditional approaches to malware detection. However, with real-time knowledge of the device state, adaptive cloud machine learning significantly reduces the chance of missing them.

Stopping ransomware payloads

Hypothetically, in attacks where early to mid-stage attack activities are not detected and blocked, AI-driven adaptive protection can still demonstrate huge value when it comes to the final ransomware payload. Given the device is already compromised, our AI-driven adaptive protection system can easily and automatically switch to the most aggressive mode and block the actual ransomware payloads, preventing important files and data from being encrypted so attackers won’t be able to demand ransom for them.

Smarter, faster protection from the cloud

With the AI-driven adaptive protection, Microsoft Defender for Endpoint can adjust the aggressiveness in real time according to the device state, buy security operations centers more time when incidents happen, and potentially stop an attack chain from the beginning. With the wide coverage and high blocking quality of this feature, we believe it will benefit all enterprise customers and further enhance next-generation of AI-powered protection.

The AI-driven adaptive protection feature in Microsoft Defender for Endpoint is just one of the many different AI layers that support our threat intelligence, which strengthen our ability to detect and protect against security threats. More threat data increases the quality of signals analyzed by Microsoft 365 Defender as it provides cross-domain defense against costly attacks like human-operated ransomware.

Ruofan Wang and Kelly Kang
Microsoft 365 Defender Research Team