LATEST BLOG POSTS
How Artificial Intelligence and Machine Learning will change the world of cybersecurity
Artificial Intelligence (AI) and Machine Learning (ML) tools could substantially help in the fight against cybercrime. But even these technologies can’t guarantee absolute security, and they could even be exploited by malicious hackers. Here we will consider some of the implications about the use of these new instruments in the cybersecurity sector. In 2020 cyber criminals pose a growing threat to all kinds of organisations and companies, as well as their customers. Businesses are doing their best to defend themselves, but it’s hard to predict what new types of cyberattacks will emerge and how they’ll work, which cyber criminals tend use in their favour. Artificial Intelligence and Machine Learning can give a decisive contribution to cybersecurity AI and ML are playing an increasingly important role in cybersecurity, powering security tools that can analyse data from millions of previous cyber incidents, and use it to identify potential threats or new variants of malware. These tools are particularly useful if we consider that cyber criminals are always trying to modify their malware code so that security software is no longer able to recognise it as malicious. By applying AI and ML, cyber-defenders are attempting to stop even the unknown, new types of malware attack. The machine-learning database can draw upon information about any form of malware that’s been detected before. Therefore, when a new form of malware appears, either a variant of an existing malware, or a new kind entirely, the system can check it against the database, examining the code and blocking the attack on the basis that similar events have previously been deemed as malicious. That’s even the case when the malicious code is bundled up with large amounts of benign or useless code in an effort to hide the nefarious intent of the payload. Tracking and analysing users’ behaviour But detecting new kinds of malware isn’t the only way that AI and ML technologies can be deployed to enhance cybersecurity: an AI-based network-monitoring tool can also track what users do on a daily basis, building up a picture of their typical behaviour. By analysing this information, the AI can detect anomalies and react accordingly. This way AI and ML enable cybersecurity teams to respond in an intelligent way, understanding the relevance and consequences of a breach or a change of behaviour, and developing in real time an adequate response. For example, if an employee clicks on a malicious link, the system can work out that this was not a normal behaviour and could therefore be a potentially dangerous action. Using ML, this kind of event can be spotted almost immediately, blocking the potential damage of an intrusion and preventing many criminal activities. And all of this is done without impacting the daily activity of the company, as the response is proportionate: if the potential malicious behaviour is on one machine, locking down the whole network is not required. A great support with some potential risks A huge benefit derived from the use of ML in cybersecurity is that the system will be able to identify and react to potential problems almost instantly, preventing the disruption of the business. By deploying AI-based cybersecurity to automate some of the defence functions, it’s possible to ensure that the network is going to be safe, without relying on humans having to perform the impossible task of monitoring everything at once. In fact, the growing volume of data and its variety make it practically impossible for humans to manage it and automated tools can greatly help in this sense. This statement is further supported when observing how employees operate on the network. Many large companies train their staff to improve cybersecurity, but it’s possible that some employees will attempt to take shortcuts in an effort to do their job more efficiently, which could possibly lead to serious security problems. AI and ML can manage this issue. Human cybersecurity staff will still be needed While AI and ML do provide great advantages for cybersecurity, it’s important for companies to realise that these tools cannot completely replace human cybersecurity staff. It’s possible for a machine learning-based security tool to be programmed incorrectly, for example, resulting in unexpected attacks being missed by the algorithms. Something like this could lead to very serious problems and it must be taken into account right from the start. That’s why AI-based cybersecurity tools need to be regularly evaluated like any other software on the network. There’s also the risk that AI and ML could even create additional problems, because it’s highly likely that cyber criminals themselves are going to use these same techniques in an effort to make their attacks more efficient and disruptive. AI and cybercriminals A report by the Europol’s European Cybercrime Centre has warned that Artificial Intelligence is one of the emerging technologies that could make cyberattacks more effective and more difficult to identify than ever before. It’s even possible that hackers have already started using these techniques to conduct hacking and malware attacks. It’s very likely that by using ML, cyber criminals could develop self-learning automated malware, ransomware, social engineering or phishing attacks. Currently, they might not access to the deep wells of technology that cybersecurity companies have, but there exists code that can provide cyber criminals with access to these resources. In that case, it’s correct to assume that these instruments will soon be part of a criminal’s toolkit, if they aren’t already. While it may be unclear if hackers have used machine learning to help develop or distribute malware, there is already evidence of AI-based tools being used to conduct cybercrime. Last year, for example, it was reported that criminals used AI generated audio to impersonate a CEO’s voice and trick employees into transferring a great amount of money to them. Machine learning systems could also be used to send out phishing emails automatically and learn what sort of language works in the campaigns, what generates clicks and how attacks against different targets should be developed. Like any machine-learning algorithm, success would come from learning over time, meaning that it’s possible that phishing attacks could be driven in the same way security teams try to defend against them. Conclusion Having said all of this, if AI-based cybersecurity tools continue to develop and improve, and are applied correctly alongside human cybersecurity teams, rather than instead of them, this could help companies and governments stay secure against increasingly sophisticated and effective cyberattacks. Ultimately, AI could greatly help us in creating a world where our whole cybersecurity sector is much improved, thanks to a self-learning and self-healing network that can identify in advance negative behaviours and stop them from happening. In any case it’s clear that these new technologies will be at the heart of the cybersecurity of the future.
Simjacker and other cyber threats for mobile devices in 2020
At the end of last year, a security company discovered a serious threat to the world of cell phones and beyond: Simjacker, an attack technique that allows, in fact, to take control of a mobile phone by simply sending an SMS. Given the always increasing use of smartphones, it’s easy to understand the great dangerousness of this type of attack. Here we will see some details about this and other cyber threats for mobile devices that have recently emerged. Simjacker, the first case of Malware-SMS The Simjacker technique is particularly dangerous because it can be successfully exploited against a large variety of connected devices: not only mobile phones and smartphones, but also IoT devices that require the presence of a SIM card inside of them. It is a “platform-agnostic” attack (which means that it doesn’t depend on a specific type of hardware or software) and the victim can do almost nothing to defend himself against this threat, especially because the attack is completely transparent to the user who cannot in any way notice that he has become a target. The principle on which this technique is based it’s quite simple: it’s sufficient to send a specially formatted SMS containing precise instructions, in order to open a direct communication channel with the SIM card, which will respond to the message by sending the IMEI code and the location relative to the cell to which the device is connected. The user is unable to notice any anomaly because there is no trace of these operations on the SMS log. The attack is made possible by the S@T Browser software – a contraction of the SIMalliance Toolbox Browser – which has been defined by the SIM Alliance and is installed on a wide variety of SIM Cards including eSIMs. It is a small software, originally meant to provide specific services to users by network operators. According to the security company, in most cases the purpose of the attack was to trace the geographical position of the device, with the transmission of the unique IMEI code. It should be noted, however, that in fact the technique can allow you to take control, in a more or less profound way, of the targeted device. The fact that Simjacker can issue a list of instructions makes it the first real case of malware / spyware delivered directly via SMS. In all previous cases, the spread of malware via SMS always involved sending a link, not the malicious software integrated into the message itself. The way the Simjacker attack works. Some of the other threats to mobile security in 2020 In addition to Simjacker, several other threats to mobile devices have emerged in recent times. showing that they are becoming the favourite targets of many cybercriminal groups. Recent research has also found that hackers have significantly expanded ways of hiding their attacks, making them increasingly difficult to identify and remove, suggesting that 2020 will be the year of stealthy mobile attacks. The hidden apps Hidden apps are the most prevalent mobile threat, generating almost 50% of all malicious activities in 2019, an increase of 30% over 2018. These malicious applications are designed to avoid being detected on the device once installed and are therefore extremely difficult to remove. The main objective of these applications is to generate money for the attacker, often by downloading apps and automatically clicking on the background advertising links or by constantly bombarding the user with pop-up ads that they cannot get rid of. Social engineering and gaming A criminal tactic that works better on mobile devices than on the desktop is social engineering. In fact, due to the small screen size, many mobile email clients only display the sender’s name and it’s mainly for this reason that mobile users are three times more likely to be victims of a phishing attack than desktop users. Hackers are also exploiting the popularity of online gaming to distribute their malicious apps via links diffused through the most popular chats and video platforms. These apps disguise themselves as authentic with icons that closely mimic those of the real apps, and then spread unwanted ads and collect user data. Cryptojacking Cryptojacking is a type of attack in which a cybercriminal uses a device to extract cryptocurrencies without the owner’s knowledge. It was born on the desktop, saw a surge on mobile devices between the end of 2017 and the beginning of 2018. You realize that you are a victim because the autonomy of the smartphone drops drastically, moreover this malware often causes overheating of the components that can also physically damage the device. The right approach to solve these security issues All these new threats to mobile devices must make us reflect on what is the right approach to take in the IT security sector. Security is in fact a process whose strength is equal to that of the weakest link in its chain. Although often the weakest link is the end user (who is targeted in many ways, all the result of the most sophisticated and refined social engineering techniques), sometimes it happens, as in the case of Simjacker, that the weakest link in the chain is totally beyond the control of the end user. It is for this reason that the security by design approach must be the key priority in the world of technological development: think first about the security of a system (whether it is a technology, a software or a device) and only afterwards to its functionality. With this in mind, a great collaborative effort is needed from all the actors involved (companies, public, private, research) in order to build an ecosystem composed of knowledge, skills, solutions, procedures that can lead to a continuous and effective risk management, able to adapt more and more readily to the constantly changing threats that are putting the security of all devices at risk.
The revolutionary methods to attack air-gapped devices
In the last few years, the Cyber-Security Research Center of Israel’s Ben Gurion University of the Negev coordinated by Dr. Mordechai Guri, has developed and tested several new types of malware that allow to covertly steal highly sensitive data from air-gapped and audio-gapped systems. Here we will briefly analyse some of the most surprising techniques that they have successfully tested. What air-gapped systems are and the difficulty of hacking them The term “air-gapping” indicates a network security measure employed on one or more computers to ensure that a certain computer system is physically isolated from unsecured networks, such as the public Internet or an unsafe local area network. Air-gapped systems are considered a necessity in environments where sensitive data is involved, because they can highly reduce the risk of data leakage. The devices in these systems sometimes are also audio-gapped, which means that their audio hardware is disabled in order to prevent potential attackers from leveraging the built-in speakers and microphones to steal information via sonic or ultrasonic waves. It’s practically impossible to subtract data from this kind of devices, because there is no way to transmit the desired information outside of the system. Nonetheless the group of researchers guided by Dr. Guri has demonstrated that certain malwares and highly innovative ways of transmission can allow you to steal data even from these air-gapped devices. Three of the most innovative hacking methods Lately the research center of dr. Guri has worked on many different projects, all very innovative, even if not equally effective. Here we are going to summarize the details about three of their most revolutionary techniques. It’s important to note in advance that practically all of these methods work after the installation of very specific malwares into the targeted device or system. Using Power Supply as an Out-of-Band Speaker Named “POWER-SUPPLaY”, the latest research is based on the use of a new malware that can exploit the computer power supply unit (PSU) to play sounds and use it as an out-of-band, secondary speaker with limited capabilities. Essentially, the air-gap malware regulates the workload of modern CPUs to control its power consumption and the switching frequency of the PSU to emit an acoustic signal in the range of 0-24kHz and modulate binary data over it. The acoustic signals can then be intercepted by a nearby receiver, such as a smartphone, which demodulates and decodes the data and then sends it to the attacker via the Internet. To make this method work, both the transmitting and the receiving machines must be located in close physical proximity to one another and they have to be infected with the appropriate malware to establish the communication link. Subtracting data by modulating the device’s screen brightness The researchers also invented a new method called “BRIGHTNESS”, basically a covert optical channel that allows to steal data by altering the levels of brightness of the targeted device’s screen. This covert channel is invisible, and it works even while the user is operating on the computer. Malware on a compromised pc can obtain sensitive data (e.g., files, images, encryption keys, and passwords), and modulate it within the screen brightness. The small changes in the brightness are absolutely invisible to humans but can be recovered from video streams taken by cameras such as a local security camera, a smartphone camera or even a webcam. The fundamental idea behind encoding and decoding of data is practically the same for all these methods, because the malware encodes the collected information as a stream of bytes and then modulate it as ‘1’ and ‘0’ signal. Stealing information from faraday cage air-gapped computers via magnetic fields The Cybersecurity Research Center has also developed two techniques that allowed them exfiltrate data from devices placed inside a Faraday cage. Dubbed “MAGNETO” and “ODINI”, both the techniques work even if the device is kept inside a Faraday shielding case, which blocks any type of inbound and outbound wireless communication (Wi-Fi, cellular, Bluetooth, etc.), and they even work if the smartphone or the pc is set on airplane mode. These methods make use of proof-of-concept (PoC) malware installed on an air-gapped computer inside the Faraday cage to control the magnetic fields emanating from the computer by regulating workloads on the CPU cores and use it to transmit sensitive data over the magnetic signals. The magnetic sensor of a smartphone located near the device can then receive the covert signals. A cybersecurity’s challenge for the future The Research Center has also tested many similar techniques that exploit other means of transmission, such as vibrations, audio-waves and even thermal signals. It’s clear that all of these innovative methods represent a real challenge for the cybersecurity of the future, because only new and more advanced security systems will allow companies to defend against these new types of cyber-attacks. It’s true that many of these techniques are quite fanciful and not completely viable in the real world, but they all bring to mind a consideration that has become a famous maxim in the world of IT security: the only safe PC is a switched off PC.
Telsy partecipa all’Open Innovation challenge della Regione Lazio
Lo scorso 29 aprile Telsy ha lanciato, in collaborazione con la Regione Lazio e Lazio Innova, la challenge “Autenticazione innovativa per dispositivi mobili”. L’obiettivo della sfida è quello di promuovere la progettazione e lo sviluppo di metodi e tecnologie innovative per l’autenticazione su dispositivi mobili. Ai gruppi partecipanti viene richiesto in particolare di sviluppare un sistema di autenticazione realmente affidabile e sicuro, capace di proteggere efficacemente gli smartphone del futuro. In particolare la challenge è rivolta a: startup e PMI innovative registrate nelle apposite sezioni del Registro delle impresemicroimprese, startup e PMIteam informali composti da almeno tre personespin off universitari e di centri di ricerca. Le iscrizioni sono aperte e sarà possibile candidarsi fino alla mezzanotte del 3 giugno 2020. In seguito, una giuria formata da rappresentati di Lazio Innova e di Telsy selezionerà 6 team, i quali accederanno ad un percorso gratuito di mentorship per la definizione e validazione dei loro modelli di business. Alla fine del percorso i diversi gruppi presenteranno i propri progetti durante l’evento di premiazione. Per quanto riguarda i premi stessi, il primo classificato riceverà un premio in denaro del valore di 20mila euro e servizi specialistici, mentre il secondo e il terzo classificato si aggiudicheranno dei servizi specialistici per lo sviluppo del proprio business. Telsy ha deciso di lanciare questa challenge per facilitare lo sviluppo di nuovi modelli di business che mettano al centro l’innovazione e la sicurezza digitale e per confrontarsi direttamente con le idee e i progetti di startup e team d’innovazione tecnologica presenti sul territorio della Regione Lazio. Lo scopo attuale è quello di avviare un percorso di collaborazione che permetta la messa a punto di un efficiente nuovo sistema di autenticazione per dispositivi mobili, ma la speranza è che poi queste collaborazioni possano continuare nel tempo, permettendo il futuro sviluppo di altri progetti d’innovazione tecnologica nel settore della cybersecurity. Ulteriori dettagli e la documentazione relativa alla challenge sono disponibili a questo link: Regione Lazio, al via la Open Innovation challenge di Telsy