ACM launches industry-focused journal on digital threats

EurekAlert  March 26, 2020 ACM, the Association for Computing Machinery, today announced the launch of Digital Threats: Research and Practice (DTRAP), a new peer-reviewed open access journal that targets the prevention, identification, mitigation and elimination of digital threats. As DTRAP seeks to bridge the gap between academic research and industry practice, the new journal is aimed at concrete, rather than theoretical, threats…read more.

Computer scientists’ new tool fools hackers into sharing keys for better cybersecurity

Science Daily  February 27, 2020 Researchers at UT Dallas aim to solve a major challenge to using artificial intelligence for cybersecurity: a shortage of data needed to train computers to detect intruders. They have developed a method called DEEP-Dig (DEcEPtion DIGging), which ushers intruders into a decoy site so the computer can learn from hackers’ tactics. The information is then used to train the computer to recognize and stop future attacks. Most cyber defense programs try to disrupt intruders before anyone can monitor the intruders’ techniques. DEEP-Dig will give researchers a window into hackers’ methods as they enter a decoy […]

Hackers could shut down satellites–or turn them into weapons  February 12, 2020 According to researchers at the University of Denver the lack of cybersecurity standards and regulations for commercial satellites, in the U.S. and internationally, leaves them highly vulnerable to cyberattacks. If hackers took control of the satellites, they could shut them down, deny access to their services, jam or spoof the signals from satellites, creating havoc for critical infrastructure. If hackers took control of steerable satellites, they could alter the satellites’ orbits and crash them into other satellites. Complex supply chains and layers of stakeholders, and multiple parties involved in their management means it is often not […]

WPI researchers discover vulnerabilities affecting billions of computer chips

Eurekalert  November 12, 2019 Researchers at Worcester Polytechnic Institute discovered two vulnerabilities located in trusted platform modules, which are specialized, tamper-resistant chips that computer manufacturers have been deploying in nearly all laptops, smart phones, and tablets for the past 10 years. One of them was found in Intel’s TPM firmware, and another in  STMicroelectronics’ TPM. The vulnerabilities have been addressed. They would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the chips. The recovered keys could be used to compromise a computer’s operating system, forge digital signatures on documents, […]

Detector that stops lateral phishing attacks

Science Daily  October 29, 2019 Lateral phishing is a phishing email comes from an internal account within the organization. Vast majority of email security systems can’t stop it. According to the FBI data these cyberattacks caused more than $12 billion in losses between 2013-2018. And in the last two years, the attacks have resulted in an increase of 136 percent in losses. A team of researchers in the US (Columbia University, UC Berkeley, UC San Diego, industry) has developed a prototype of a machine-learning based detector that automatically detects and stops lateral phishing attacks. They analyzed a dataset of 113 […]

Using machine learning to hunt down cybercriminals

MIT News  October 8, 2019 Border Gateway Protocol (BGP allows different parts of the internet to talk to each other) hijacks remain an acute problem in today’s Internet with widespread consequences. To predict these incidents in advance by tracing things back to the hijackers a team of scientists in the US (MIT, UC San Diego) developed and trained a machine learning model to automatically identify Autonomous Systems (ASes) that exhibit characteristics like serial hijackers. The classifier identifies ≈ 900 ASes with similar behavior in the global IPv4 routing table. They analyze and categorize these networks, finding a wide range of […]

Attackers could be listening to what you type

Science Daily  August 14, 2019 Researchers at the Southern Methodist University investigate the capability of mobile phone sensor arrays, using audio and motion sensor data, for classifying keystrokes that occur on a keyboard in proximity to phones around a table, as would be common in a meeting. They developed a system of mixed convolutional and recurrent neural networks and deployed the system in a human subjects experiment with 20 users typing naturally while talking. Using leave-one-user-out cross validation, they found that mobile phone arrays have the ability to detect 41.8% of keystrokes and 27% of typed words correctly in such […]

Russian hackers are infiltrating companies via the office printer

MIT Technology Review  August 5, 2019 The Russian hackers, who go by names like Strontium, Fancy Bear, and APT28, are linked to the military intelligence agency GRU. The new campaign from GRU compromised popular internet of things devices including a VOIP phone, a connected office printer, and a video decoder in order to gain access to corporate networks. Although things like smartphones and desktop computers are often top of mind when it comes to security, it’s often the printer, camera, or decoder that leaves a door open for a hacker to exploit. The hackers moved from one device to another, […]

Hackers could use connected cars to gridlock whole cities

EurekAlert  July 28, 2019 A team of researchers in the US (Georgia Institute of Technology, industry) studied a scenario envisioned by cybersecurity experts leading to a large number of internet-connected vehicles being suddenly and simultaneously disabled. To investigate the aftermath of the post hack they used an agent-based simulation and discovered the critical relevance of percolation for probabilistically predicting the outcomes on a multilane road in the immediate aftermath of a vehicle-targeted cyberattack. They developed an analytic percolation-based model to rapidly assess road conditions given the density of disabled vehicles and applied it to study the street network of Manhattan […]

New computer attack mimics user’s keystroke characteristics and evades detection

Science Daily  June 6, 2019 Researchers in Israel have developed a new attack called Malboard and a detection module. Malboard automatically generates keystrokes that have the attacked user’s behavioral characteristics. The keystrokes are injected into the computer in the form of malicious commands and thus can evade existing detection mechanisms designed to continuously verify the user’s identity based on keystroke dynamics. In demonstration attack against three existing detection mechanisms, the results showed that Malboard managed to evade detection in 83–100% of the cases, depending on the detection tools in place. They also developed three different modules, aimed at detecting keystroke […]