Tamper detection technologies: it takes a thief to catch a thief

Tamper detection technologies: it takes a thief to catch a thief

Tamper detection technlogies are already present in our everyday life, even when we are not aware that they can be called by that name. Tamper detection and tamper evidence methods are already in use in many common situations. They provide proof of unauthorized access to the inner components of a device (i.e. it can void the warranty) or even just of a luxury good in department stores. We speak about tamper evidence when the goal is to reveal the unauthorized access upon examination by a human, and about tamper detection when we implement some sort of automatic action in response to the event. Baseline, tamper evidence and detection methods detect […]

Communication cyber threats landscape

Communication cyber threats landscape

In the new evolving communication landscape, cyber threats do not just target things, objects, or devices. First and foremost, cyberattacks target people and leverage on user’s and programmer’s psychology. On the one side, users are often the practical means by which an attack hits the mark: cybercriminals leverage on the lack of security knowledge and on the speed at which our society moves to infiltrate a system and to damage both network infrastructures and our everyday environment. Sending fraudulent emails, stealing credentials, uploading malicious attachments to applications are just some of the most common ways of exploiting human interactions with technologies to execute an attack. On the other side, even […]

Fighting insecurity and threats with Machine Learning

Fighting insecurity and threats with Machine Learning

Introduction: Machine Learning and Insecurity Machine learning could fight insecurity and cyber threats. The landscape of possible cyberthreats is rapidly changing, exploiting vulnerabilities in new technologies, systematically jeopardizing wide and multifaceted systems, and threatening the security of an ever increasing amount of information. Then, the question follows naturally: how can we secure our infrastructures, systems, and information in this new landscape? Many solutions are already available. Outstanding research programs are already developing and implementing techniques to secure both new technologies, such as new Radio Access Networks and Software Defined Networks, and devices, such as lightweight technologies for IoT devices. But will this be enough? Probably not. Cyberattacks will evolve together […]

Foreseeing what is next: the rise of 5G technologies

Foreseeing what is next: the rise of 5G technologies

Foreseeing 5G technologies as the future of world innovation was right? History teaches us that such predictions were pretty accurate. At the end of the 17th century, the French artist Jean-Marc Côté made some illustrations about en l’an 2000. Already back then, life in the 2000 was pictured as highly automatized: an automatic barber would take care of your skin and a barely self-standing robot would do the housework. But many intuitions that our ancestors would have thought of as barely possible are now features of our pasts. 5G Technologies and Innovation The technological innovation that took place over this past century reaches far beyond these forecasts. Cars will drive […]

The Lazarus’ gaze to the world: What is behind the second stone ?

The Lazarus’ gaze to the world: What is behind the second stone ?

// Introduction Today we explore “the Lazarus’ gaze to the world.” In a recent blog post (link here) we analysed the first part of an operation likely conducted by APT38/Lazarus, which targeted various organizations, including financial and banking ones. We already described the initial phase of the kill chain where we get to describe the fact that the actor implemented in the operation two different first-stage payloads to be released to the victims on the basis of their system architecture. These payloads are used in order to carry out a first recognition phase. Beyond this, we have already described a first-level backend script used by the threat actor inside a […]

Telsy Event: “An overview on cryptanalysis of ARX ciphers”

Telsy Event: “An overview on cryptanalysis of ARX ciphers”

Telsy has organized the following event in collaboration with the University of Turin: “An overview on cryptanalysis of ARX ciphers” The event will take place on 22 on November, at Turin University (Aula 2), in ‘’Via Carlo Alberto 10’’ Following, a short abstract: ‘’ We present some features of block ciphers based on the three operations: addition mod 2n, rotation and XOR (ARX ciphers) and themain cryptanalytic attacks obtained by developing the methods underlying differential cryptanalysis. We focus on the recent tecnique of rotational-XOR differential cryptanalysis giving some ideas of this attack and its application to SPECK 32/64.’’ Have a look here for more info

Make the Internet a Secure++ Word: The Internet Service Provider Role

Make the Internet a Secure++ Word: The Internet Service Provider Role

Telsy announces the publishing of a new piece on cybersecurity: “Make the Internet a Secure++ Word –The Internet Service Provider Role” “The current world of telematic communications appears as fast-changing environment. The actors of this ecosystems are represented by billions of nodes that, every day, globally transmit a huge amount of data and information. With a factor directly proportional to the increase in these nodes and to the quantity and type of information in transit within it, the number and type of information that the community has learned to classify as “cyber threat” have also grown exponentially, by species and by potential risk factor.” This paper, written by security researcher […]

The Lazarus’ gaze to the world: What is behind the first stone ?

The Lazarus’ gaze to the world: What is behind the first stone ?

// Introduction: The Lazarus’ gaze Lazarus (aka APT38 / Hidden Cobra / Stardust Chollima) is one of the more prolific threat actors in the APT panorama. Since 2009, the group leveraged its capability in order to target and compromise a wide range of targets; Over the time, the main victims have been government and defense institutions, organizations operating in the energy and petrochemical sector in addition to those operating in financial and banking one. Let’s explore the Lazarus’ gaze, then. The group has also a wide range of tools at its disposal; among these, it’s possible to catalog [D] DoS botnets, first stage implanters, remote access tools (RATs), keyloggers and […]

DDOS and botnet attacks: the deadly link

DDOS and botnet attacks: the deadly link

What’s the link between zero-day and DDOS botnet attacks? The growing demand for connectivity and faster data transfer, along with new technology trends such as the Internet of Things (IoT) and the Artificial Intelligence (AI), combined withthe progressive implementation of the 5G network, are going to irreversibly reshape the pre-existing structure of cybersecurity at a global level. It is true that 5G network will bring new services, new capabilities, new technologies and new regulatory requirements, but it will also bring new security threats and an increased attack surface. With IoT inception many and different actors and devices with different security standards will become involved in the transition, requiring superior attack […]

Telsy’s Engineer Andrea Molino spoke at the National Cryptography Association

Telsy’s Engineer Andrea Molino spoke at the National Cryptography Association

Telsy is proud to cooperate with the National Cryptography Association. On 14 October 2019, a member of our team, Eng. Andrea Molino, gave a speech at the event ”La De Cifris incontra Torino”, organized by De Componendis Cifris, or National Cryptography Association,and held at Politecnico in Turin. The event focused on successful advancements in cryptography research and applications. The initiative involved several experts from academic institutions and business operating in the cryptography sector. The main goal was fostering cooperation between those who work in the Italian crypto domain. The contribution given by Andrea, finally, dealt with implementation aspects of cryptography. He underlined: “security architecture and schemes cannot ignore hardware systems […]