 Security is really hard. Well, just throw that out there. That's the first words I gotta say about this. And it's always getting harder as products get better and we have more layers and more complexity in our networks, in our systems. It's really difficult to keep things secure. The challenge with security is you have to be right all the time. Not some of the time, not on Mondays or Tuesdays, but 24 seven. And I bring this up because people, you know, they asked me a lot about this because I've worked in the industry for so long of what antivirus should I use, what's the best one? And that's a really moving target. And from any moment, I will change my mind, so to speak, based on new information available and product quality of which ones work and which ones don't. But it's becoming harder and harder to do. And the reason I say that is a lot of people have asked me about silence. And I think they have a great product. Don't get me wrong. The absolutely not a hit piece on silence. And I know there's a vice article out there that makes it, they hit it kind of hard. And of course that's selling news. I wanna talk about security and what happened with this silence bypass. Now I will admit, I was thinking, I was click baited when I said, when I seen the headline easily bypasses, it in a way is an easy bypass. And it's rather fascinating the way the security researchers did this. So let's dive into a little bit of what they did. But before we do that, let's talk about what is silence for those of you who may have never heard of it. Silence is the first and probably biggest company known for their AI learning system when it comes to doing antivirus. Now AI or machine learning, however you wanna phrase it, the details of how it works is you train AI systems with sets of data. We go, hey, this is what malicious looks like and this is what not malicious looks like, learn. And those learning sets are very interesting. And this goes by, let's use a more simpler example, like when we wanna train something to do reading, we can say I want to create a AI system that understands what the number five is. We draw lots of variations to the number five and we keep training it until it understands what a number five is. Now how accurate is it? Depends on the training models. And these are the interesting things about the AI systems is they're only as good as the training sets that go into them. There's a lot of training has to go in. And it's a neat concept to understand that what a malicious file versus a non-malicious file is because signature-based is bypassed by simply modifying the file, slightly recompiling it, slightly different, and it doesn't match the signature. AI aims to look at the behavior of that file and make an assumption of yes, that file behaves in a way that will harm the system or not harm the system. And that's where the security richer started out. So the folks at Skylight Cyber, they took aim at silence. And they really dove into this and this takes a really strong hacker mindset to make this happen. This is a wonderful walkthrough and this is the shortened version me going over it, but please read all of this if you kind of wanna know every step that went into how they reverse engineered this. And I'll do the TLDR. AI applications and security are clear and potentially useful. However, AI based products offer a new and unique tax surface. Now this is where I get into a hacker mentality. It is a different attack surface. It is not the signature base where we just modify things and bypass the signature. This is a different way. So it's not that the criminals have given up and it's certainly not security researchers or hackers who go, hey, I wanna poke at this as well. This is gonna happen and it's happening on both sides. You want companies like Skylight Cyber doing this because this is how we find out these flaws. And I will mention absolutely I'll leave a link to it and the resolution for the silence, bypass silence and everything right. They're a BlackBerry company. That's why it says BlackBerry. They did it right. They acknowledged the security researcher. They looked into the problem. They understood and made it reproducible. They issued a fix on a Sunday even. So the company's on top of it. That's the kind of response you wanna see from companies that they don't deny it. They don't hide it. They post about it. They go, yes, we've realized it. Yes, we're resolving it. And hey, it's Sunday night and we're rolling out updates to our customers and getting fixes. This is the kind of response that I do like seeing from company. Now, how they did this. By carefully analyzing the engine model, Silence's AI-based antivirus product we identified a peculiar bias towards a specific game. Now, they did not disclose the game. They're gonna probably disclose it sometime later after Silence has reached to make sure all these updates have been patched. But this is where things get really interesting and I'll jump to the bypass part and I'm gonna make it full screen here. So this is where they take, and they take MemeCats. And I'm gonna, the early innovative they showed yesterday they identified MemeCats as a threat. They go, yep, that's completely malicious. And the way that Silence system works is a scoring system of this looks really malicious or this is completely benign and it's particularly like a game like they said. So they literally did a copy slash be MemeCats plus secret game.txt. And what they're doing is making a new version of the MemeCats that will bypass Silence and it absolutely works as simple as that. That's the part that amazes me is that they didn't see this threat factor. So by appending this game, which has a score of benign and MemeCats, which has a score of the worst, going, hey, this is absolutely malicious, it chose to analyze only the benign part and then assume that this file is good. So they go here and they also put Sam Sam on here. And away we go. They're gonna also put WannaCry on here. And I like that they walk through all the process of doing this. Done, now we'll now drop these threats to the desktop and let Silence have a go at it. Yep, then we change them to EXEs, no detection. Like I said, I skipped the part. It detected these same files before. This is kind of the whole point of this. They are running these executables just by appending these together. So here's some content. They're gonna show that they're gonna be able to find this stuff. There's MemeCats running. And Silence is silent. This, like I said, this is really some impressive work. And this is actually the fun thing about security work. I can't imagine enthusiasm they have when they found out this worked. They tried a lot of other stuff. This is a long read for everything that went through analyzing Silence to then find out that this simple bypass, that's actually a lot of how security research works. There's a lot of time spent researching things on a very broad scale until you narrowed down and go, I wonder if this works. So essentially security research is poke, poke, poke, poke, nothing, poke for seven more hours, 10 more hours a week. And then all of a sudden, you're like, how did I not see this 24 hours ago when I've seen this? And they wanna cry crypto-lockered it at the end to kind of bring it home that it completed it. Now, one of the solutions I always recommend, and this is the summary of all of this. One, Silence has addressed it. This is great, and they probably stood up and the security researcher says, yes, Silence is probably still better than the majority of systems out there, but you can't just rely on one product. And this is why anyone who tries to tell me, or if you are a business owner watching this right now and researching IT companies, and one of them walked in and said, we guarantee absolute security. Just grab them, spin around, send them right back out the door. I don't ever make those type of bold claims. We do defense in depth. We're gonna put layers in. We're gonna have, walk you through, like, all right, this is what we're gonna do. There's no layer in here. This is what happens if any of these layers fail. And people sometimes look at you, I'm like, I'm very realistic. I am going to put in best effort. I'm going to use quality software with our clients, but I will not put in writing that there is never a failure. I didn't write all the code and I'm not bold enough to say, oh yeah, I wrote this code and it's absolutely the most bulletproof thing ever. Unless they plan to physically not use the computers, there is always going to be a way in. Even air gap we found ways that things can happen. There's been lots of discussion about that. I won't get too off topic though. So you always have to be looking at all the different threat models. And as gary as this is, the threat model that is most abused is remote code execution. And I don't mean remote code execution like they found a bypass in the computer. It's people are an important aspect of the training. That's another defense in depth because we've even seen attacks where the attackers get really aggravated because they can't get anything on the computer because well, they couldn't get whoever they called to load it. So they talked to about loading it at home. Hey, can you just open that file at home seeing those are some reason that you can't open it there. And it's all about different attack factors. So you have to have user training. There's a layer, you have to have decent software anti-virus threat protection and then still have backups that you keep offline that you're disconnected from some other federated system because if they pop the federated system, you don't want them to delete the backups, which is frequently a step people miss. They just keep it all together. Then you want offsite backups that are immutable so they can't be deleted. There's a lot of steps that go into the entire plan. It's not just, well, I loaded this software and the sales rep said, I'm magically protected forever. I'll never have a problem. That's just wishful thinking and not realistic. The attacks get better at the same time that the defenses get better. And it keeps this game interesting if you want to see it. It keeps security researchers poking at it and it keeps us all on our toes. So never assume anything is going to be magic, but good news for silence. Like I said, it is not a bash on product. Matter of fact, they responded as they should have of addressing it, acknowledging it, because it is real. And that's why this person has proof of concept and working with a security researcher to go, we're going to close the hole, we're going to fix it. And even on a Sunday, they're rolling out updates and announcements to their clients. They undoubtedly this cause some panic going on and these are learning lessons. And that's what we want to see from these companies is this because, hey, now we all got protected and I'm so much happier that a security researcher found this rather than a devastating attack that took down a lot of people running silence because that's not where you want it to happen. All right, thanks. Thanks for watching. If you liked this video, give it a thumbs up. If you want to subscribe to this channel to see more content, hit that subscribe button and the bell icon and maybe YouTube will send you a notice when we post. If you want to hire us for a project that you've seen or discussed in this video, head over to laurancesystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you want to throw at us. Also, if you want to carry on the discussion further, head over to forums.laurancesystems.com where we can keep the conversation going. And if you want to help the channel out in other ways, we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.