CrowdStrike AI Predicts Cyber Threats Before Attacks Begina

Published 2 hours ago
CrowdStrike AI Predicts Cyber Threats Before Attacks Begina

CrowdStrike will soon launch new AI-powered indicators of attack (IOA) models to fight advanced threats available later this year.  

  • AI-powered IOAs (indicators of attack) use machine intelligence (computer systems that can perform tasks that usually require human intelligence) to detect and predict malicious behavior as it happens. This helps prevent security breaches, regardless of the tools or types of malware attackers use.  

Since 2011, CrowdStrike has focused on harnessing AI and machine learning (ML) for cybersecurity in three main ways:  

  • AI allows us to counter complex attacks by detecting adversary behavior and patterns.  
  • AI helps us quickly analyze large amounts of data and track data.  
  • AI automates routine security tasks, addressing the skills gap and accelerating detection and response.  

CrowdStrike was the first to introduce AI-powered indicators of attack (IOAs). IOAs are sequences of events that indicate someone is trying to breach a system, such as code execution, persistence, or lateral movement. By looking at these events across an organization, IOAs help teams break down barriers between tools, study their environment as a whole, and their ability to predict and prevent suspicious activity.  

Last year, we improved how we generate iOS using AI, making multi-layered defense even more effective across devices and cloud systems. Cloud-based machine intelligence (AI analysis done by powerful computers) enables remote servers to detect new behavior faster and more accurately. We use a type of deep learning (a method where computers learn from data sets) called a convolutional neural network. This technology is inspired by how animal brains analyze images and helps us identify two types of adversary behavior.  

When we first launched, we introduced two models: one to detect malicious post-op exploitation payloads and another to detect malicious PowerShell scripts. We are now expanding our AI features to work across the cloud, and these protections will be available to CloudStrike customers worldwide later this year.  

The Arsenal Expands: New AI-Powered Indicators of Attack 

Attackers are always finding new ways to break in, such as writing new scripts, using legitimate tools, and avoiding detection. The CrowdStrike 2023 Global Threat Report found that 71% of attacks do not use malware and 80% involve stolen or compromised credentials.  

Attackers are getting faster at gaining access and moving inside networks, with an average breakout time now at 84 minutes. Our new AI-powered IOAs cover more of these attack methods, giving security teams the speed and accuracy they need to stop threats. Here are some of the latest innovations.  

Innovation: Multi-process Atomic Conduct Analysis in Windows 

An elementary behavior is a single action by a process (a program running on a computer) that might not be obviously malicious, but could indicate attacker activity. For example, a user could take a screenshot for work, or an attacker could take one to steal information. Falcon (CrowdStrike Security Platform) uses indicators of attack, compromise, and behavior, sending them to the cloud to search crowds for incidents (a system that scores threats) and detect threats based on a combination of these actions. Atomic behaviors (basic actions that can indicate attacks) are scored for detection. Machine learning (computer algorithms that improve by learning from data).  

Attackers frequently use several tools, file types, and processes to carry out attacks. Looking at just one tool or process may not provide enough information to determine whether something is safe or dangerous. By analyzing atomic behaviors across multiple processes, this model leverages the platform’s detailed context to provide more accurate detections.  

Benefit: proactively detect and prevent advanced threats  

Innovation: Detecting Malicious Command Lines or LOLbins 

Attackers are increasingly using Legend of the Land binaries (LOLbins) to hijack legitimate tools already on the system and carry out attacks. This helps them avoid traditional security tools that look for known malware, letting them stay hidden longer. Our new model will focus on LOLbins command-line activity and the sequence of related processes to better spot suspicious behavior.  

Benefit: detect and respond to fileless attacks faster  

Innovation: AI-Powered IOL Coverage for Malicious Linux Scripts 

Linux is a key operating system software that manages computer hardware and software resources for many important business applications. As more AI organizations adopt Linux and malware targeting Linux grows, this AI-powered indicator of attack will help Falcon detect malicious scripts written in languages such as Bash, JavaScript, Python, and Perl. It will also detect harmful Python and batch scripts on Windows and other operating systems, providing broader protection across major platforms.  

Benefit: gain coverage for malicious threats on Windows and Linux.  

Innovation: Detecting Malicious Windows Management Content 

Attackers frequently modify their scripts to avoid detection. This model will help us spot common attacker tactics using PowerShell (a scripting language for automated tasks), JavaScript, VBScript (both scripting languages for automating actions in Windows or web browsers), and VBA (Visual Basic for Applications, typically used within Microsoft Office programs). These kinds of scripts are supported by Windows Script Control, a tool that allows automation of scripting languages in Windows environments. The model is also designed to resist evasion tricks such as tampering, debugger registries (settings that change how scripts are debugged), and other methods attackers use to conceal their actions.  

Benefit: enhanced protection for Windows script threads  

Innovation: Detecting File-Less .NET Assemblies 

As more developers adopt .NET frameworks, we are launching our first machine learning model to detect threats in in-memory .NET assemblies. Hackers like these assemblies because they are harder for conventional antivirus tools to find, since those tools mainly watch files. This model helps us spot common attack methods, such as using reflective DLL injection to load .NET assemblies into memory or hiding traces of their activity by setting NTFS file attributes.  

Benefit: proactively detect fileless .NET attacks using AI  

Conclusion 

Machine learning and AI are powerful for finding new patterns in data and analyzing behavior to understand attacker goals. CrowdStrike is committed to using AI and the cloud together to strengthen defenses and disrupt attacker methods. We help our customers stay ahead to prevent breaches.  

Source: Introducing AI-Powered Indicators of Attack: Predict and Stop Threats Faster Than Ever 

Amazon
Harish Shenoy

Harish Shenoy

Total Post: 746

Harish Shenoy | Technology Journalist Harish Shenoy is a veteran technology journalist at Xthe with over 21 years of experience spanning tech, health, finance, and future technology. Specializing in semiconductor roadmaps, enterprise AI infrastructure, and consumer hardware, his reporting is driven by primary-source verification and official corporate disclosures. With more than a decade of focused writing across the US, UK, Australia, Canada, and India, Harish maintains a strict commitment to factual, non-sensationalized reporting on the economic and logistical shifts within the global tech sector. His current work centers on the technical evolution of "agentic AI" and next-generation silicon.

Related Article

News
SEC Updates Digital Asset Custody Rules for Institutions

News
US Tightens AI Chip Export Rules to Control Global Access

Leave a Reply

Your email address will not be published. Required fields are marked *