Santeri Kangas, CUJO AI: “any trend in device use can create new possibilities for cybercriminals”

As smart devices find their way into each home, the need for making them secure grows, with providers like CUJO AI utilizing artificial intelligence (AI) to provide network intelligence solutions.

While most cybersecurity solutions are reactive, artificial intelligence can act proactively by analyzing network communication metadata to detect any abnormal activity during its first signs. Thanks to that, it becomes an effective tool to mitigate potential threats - and its uses do not stop there.

We reached out to Santeri Kangas, CTO at CUJO AI, to talk more about the benefits of artificial intelligence in today’s threat management practices and the ways in which the pandemic influenced the state of cybercrime worldwide.

CUJO AI started out as a startup, and now you’re trusted by major network operators worldwide. What has your journey been like?

Almost seven years ago, it became clear that smart devices would populate consumer homes. Since then, IoT consumption has grown exponentially. However, cybercrime evolved, too. Advanced cyber security features were available to enterprises only, thus there was an obvious opportunity to bring that technology to consumers, providing protection for all devices on the home network.

First, CUJO AI created a prototype: a hardware device that connected to the home router. The team launched an Indiegogo campaign that reached 763% of its goals. This new technology led to global recognition, and in 2017, we were directly approached by the biggest network operator in the United States. They were interested in deploying AI-powered technology directly on their systems and offering advanced protection to every household and every device.

Since then, we have been chosen as security partners by Tier-1 network operators globally and won some of the most coveted industry awards in telecommunications, cybersecurity, and artificial intelligence. We have also been invited to join the World Economic Forum’s Global Innovators Community and the Global AI Action Alliance.

Our solutions are deployed in over 40 million homes, covering more than 1 billion devices, and increasing at a rate of 5 million devices a week. Today, we cover the largest inventory of devices in the world with the broadest ability to detect, categorize, and protect end-user machines.

Can you tell us a little about what you do? How is Artificial Intelligence incorporated into your services?

We use machine learning systems that can detect malicious activity as soon as a device starts acting abnormally. When compared to traditional endpoint antiviruses, CUJO AI has exceptional speed and robust protection against novel threats, as well as network-wide protection for devices that could not use endpoint protection.

A key aspect of why AI is crucial for modern security is that it is an active solution. Many cybersecurity systems still are reactive solutions and rely solely on past factual knowledge or threat intelligence. And, while reactive threat management is extremely important in cybersecurity, relying solely on it is not sufficient, as it leaves a time gap between when a new vulnerability is discovered or exploited and when protection measures are released.

An efficiently developed ML and AI solution can close this gap and stop malicious activity from the very beginning. Our platform does this by analyzing network communication metadata from millions of homes that use our solution. We also use this real-life data to help us improve, retrain, and test our AI and ML solutions. This is one of the main drivers of success for CUJO AI: as with most questions related to AI and ML, data is the answer.

You recently released a report on the state of connected devices. What would you consider the most important takeaways?

The device landscape is changing rapidly, and it might pose serious challenges to those Internet Service Providers (ISPs) who do not have reliable device inventorying solutions to help them adapt their networks to new threats and consumer needs.

The device landscape changed quite significantly with the pandemic, quarantines, and self-isolation. We saw how the use of computers, smart readers, and smart fitness devices correlated with the start of the pandemic or remote schooling.

It is also worthwhile to note that Black Friday sales and the Winter Holiday period have a significant effect on the Internet of Things (IoT) device population, as we can expect some smart gadgets to double, triple, or almost quadruple in number, as was the case with smart photo frames last year.

There were, of course, many general insights into the dozens of device categories that we analyzed. Perhaps the most astounding statistic is that close to 40 percent of all connected consumer devices in North America are made by a single company – Apple.

iOS devices make up over two-thirds of mobile devices in use, while no single Android model has more than 3 percent of the Android market. It raises some valid questions about which mobile OS ecosystem is an easier target for attackers to target at scale, as our Head of Vulnerability Research Lab discussed in a recent article.

Has the pandemic encouraged you to integrate any new vital features?

CUJO AI detected a surge in malicious remote access attempts as more people started working from home during the pandemic. We prevented millions of these attempts during the pandemic and worked with network operators to make security easy for their end-users. Network operators (Comcast, Charter, Telus – just to name a few), who’ve already integrated CUJO AI Digital Life Protection services within their offering, provided solid protection against such threats.

Now, as people go out with their smart devices and are on the move more often, we see that this protection needs to extend, regardless of where end-users are and how they connect – via trusted networks or even public Wi-Fi. Operators have no means to extend protection to end-users outside their home networks, thus connected experiences can be compromised as soon as end-users step out of their home networks. This is why we have released and are focusing on our newest product called On The Move, which extends CUJO AI services outside the protected home network.

As more companies adopt work-from-home policies, what cybersecurity threats do you see becoming a common occurrence?

Our threat researchers note that malware developers are more often iterating on existing exploits and combining them instead of creating something completely new. This means that we are most likely to see existing trends continue - large IoT botnet activity, as well as ransomware attacks on residential networks, which will have more valuable targets on them, such as devices that are used for work – laptops, tablets, smartphones.

CUJO AI’s malware researchers have recently released a report about attacks on residential networks, showing that smart devices are exposed to an exceptionally large number of malicious activities.

It's also worth noting that people usually have outdated hardware running their home networks, combined with weak, or even default, passwords. This is, quite likely, the most alarming aspect of a massive migration towards working from home.

In any case, any trend in device use can create new possibilities for cybercriminals. COVID-19 was no exception, and it was quickly harnessed to spread malware.

Besides providing cybersecurity solutions, you also conduct research using honeypots. Can you tell us more about your recent findings?

Our researchers use honeypots to examine attacker tactics and discover malicious binaries. In recent months, these honeypots led to the discovery of several new malware strains, and we have published extensive analyses, which examine their malicious binaries, attacker tactics and campaigns, payloads, as well as important malware functions.

What our honeypot data clearly shows is that when devices are exposed to the internet, they are probed constantly. Weak passwords and default credentials are a key focus area of the attackers. They mostly use automated scanners, credential stuffing, and automated propagation techniques to spread malware and, often, to mine cryptocurrencies by deploying coin miners.

Again, these tactics do evolve over time, as examined in our research of the Sysrv botnet and its evolution during this year alone. Malicious binaries are combined and re-combined, sometimes in the timespan of a couple of weeks, while the attack surface is expanded by adapting malware to other operating systems.

You often describe third-party website trackers as a serious privacy problem. Could you briefly explain what they are and what issues can they cause?

Most users visiting a website or using an app have no intention of providing any data to a third party. They have no other business in mind except their primary purpose, for example, to buy a pair of shoes. Instead, as users visit a website, they’re being connected to dozens of third-, fourth- and fifth-party entities to a degree where no one can answer who has access to what aspects of your data.

The most pressing issue with privacy today still is the lack of policy. Despite the major improvements that were brought up by GDPR in the EU, globally, it’s unclear who holds responsibility for preventing users from unwanted tracking or where people should turn when they think their privacy has been compromised. Now, we all understand that adverts form a part of the Internet economy and that targeted ads draw higher revenues. But when it comes to third-party tracking, we must ask one key question: Is the end-user giving informed consent?

On top of this, there is a cost to users, as those third parties consume resources, such as the device’s battery life and additional traffic data.

Which security solutions do you see taking off in 2022? Alternatively, what measures do you think are going to fall off the radar in the near future?

Any solutions that cannot handle sophisticated attacks, detect patterns on the go and provide reliable, active protection for all devices, especially IoT devices, are already falling off the radar, and this trend will continue. The professionalism and the maturity of cybercriminals groups raise great challenges that cannot be handled by legacy cybersecurity solutions.

The current panorama of the most feared threats includes ransomware attacks, denial-of-service attacks, and supply chain attacks. While ransomware and DDOS are quite common, one of the emerging threats of the last 12 months is undoubtedly the one targeting software supply chains. Everyone remembers the attacks against SolarWinds and Kaseya, which impacted more than 20,000 large companies and administrations worldwide, including very sensitive entities, such as certain critical government services. But this is beside the point for our services.

I would also note that safe browsing is a very interesting and challenging area in cybersecurity. Our data shows that consumers often encounter malicious websites that are spreading malware, spam, or are impersonating a legitimate site. The latter, also called phishing sites, can be devastating to everyday users. Since phishing sites are usually very short-lived and quite unique, we use AI algorithms to detect and analyze them. There is no better way to prevent users from accessing phishing sites, as they are usually gone before they are added to any malicious website databases.

Would you like to share what’s next for CUJO AI?

We are rolling out a large update to CUJO AI Lens, which gives network operators easy access to large datasets about security issues and device inventories on their network, as well as working on releasing several new products next year that are yet to be disclosed.

With an increasingly hostile environment and a growing attack surface, there is no choice but to innovate and increase collaboration between NSP/ISP and the security industry. Our team is working very hard on new deployments in several countries as we ramp up our services for new top-tier telecommunications clients.