AI is Making Unmanaged Devices More Dangerous

Unmanaged devices are some of the most significant cybersecurity vulnerabilities for businesses.

Company IT departments do everything they can to keep company-owned devices secure. They make sure security patches are applied promptly, block access to known-risky sites and disallow installation of shadow IT apps. But unmanaged devices – devices over which they have no direct control, such as IoT devices and the personal laptops, phones and desktops that vendors, contractors, and employees working from home use when accessing corporate applications – are a great unknown. And AI is making those unmanaged devices even more dangerous.

AI-Driven Cyberattacks

Large Language Models like ChatGPT allow people with low levels of technical expertise and limited or no coding ability to create powerful malware that can exploit vulnerabilities in unmanaged devices, such as software that has not been updated with security patches.

ChatGPT is supposed to have safeguards in place to prevent the tool from being used to create malware. Researchers have demonstrated just how easy it is to circumvent those safeguards. One cybersecurity specialist took a known Operating Technology (OT) exploit that ran on Windows and translated it to the Go language using ChatGPT. This move not only enabled the malware to run much faster on Windows, it allows it to easily run on a variety of other embedded industrial devices, greatly increasing the number of potential targets.

The researchers accomplished this porting with ChatGPT in a mere 15 minutes, without activating the malware safeguards built into the AI program.

Today, hackers needn’t worry about circumventing malware safeguards: There’s a black-hat alternative to ChatGPT called “WormGPT,” which can be used even by non-native English speakers to create convincing phishing and business email compromise (BEC) text.

AI is behind the proliferation of malware that can exploit known vulnerabilities. Unmanaged devices, which are generally less promptly updated than devices managed by enterprises, government bodies and other organizations, are among the most likely targets for this kind of attack.

Of course, just as ChatGPT is prone to “hallucinate” when creating text, not all AI-generated malware will accomplish its nefarious goals. But some of it will be very effective, and given how easy it is to create malware with these tools, there is certain to be more—and more effective–malware in circulation than there was just a short time ago.

Unmanaged devices, even ones with limited access to your network, can be used by cybercriminals to establish a toehold in your network which can then be further exploited with more sophisticated tools.

Protection From Unmanaged Devices

The best way to protect against the hazards of unmanaged devices is to keep them from directly accessing your IT assets. Not a trivial task, since contractors and employees working on BYODs often require access to private enterprise applications and cloud and SaaS applications.

Ericom Web Application Isolation (WAI) addresses this challenge by allowing users to access the information they need from unmanaged devices while keeping potential threats away from your applications, and protecting your data from risk of exposure.

With WAI, access from unmanaged devices to applications and data is “air gapped” via the cloud. Content from user devices is routed via an isolated container, with only safe rendering data reaching the application. No code is directly traded between the device and your network. Within the container, DLP and content controls are applied to restrict copy-paste, print and downloading of data.

WAI is a clientless solution, so there’s no need to demand that contractors and employees install software on personal devices, and no extra IT burden associated with supporting remote client installation.

WAI protection covers applications and data reside wherever they reside, on the corporate network, private cloud apps, or public apps such as O365.

Additional protections can include:

• Granular, policy-based controls on everything from app access to uploads, downloads, clipboarding and more.
• Scan uploads with Content Disarm and Reconstruction (CDR) to eliminate malware in attachments, enabling safe uploads with desired file functionality intact.
• Scan downloads with Data Loss Protection (DLP) to block exfiltration of sensitive data.
• Application surfaces are cloaked from view, even if threat actors have established persistence on an unmanaged device.
• Sensitive data never reaches device caches, so it cannot be exposed in the event that a device is stolen or lost.

Conclusion

Unmanaged devices are a growing concern for CISOs, and an increasingly thorny challenge for organizations seeking to reap the productivity benefits of work-from-anywhere and contractor work. With the rapid proliferation of zero days and unknown malware that will result from AI-enabled malware creation, the threat is expected to grow. As a simple, affordable and highly effective solution that prevents even zero-day exploits from reaching applications via unmanaged devices, WAI is a security solution that no organization can afford to neglect.

Ericom’s Cloud Security Platform provides an entire suite of Zero-Trust based cybersecurity protections that make it quick and easy for small and midsize enterprises to upgrade to the state of the art in cybersecurity without breaking the bank.

---

Share this on:

---

About Mendy Newman

Mendy is the Group CTO of Ericom's International Business operations. Based in Israel, Mendy works with Ericom's customers in the region to ensure they are successful in deploying and using its Zero Trust security solutions, including the ZTEdge cloud security platform.