Infosecurity Group Websites
Latest
News

Cybersecurity Flaws Could Lead to Biological Attacks: Report

Unwitting scientists may be tricked into creating synthetic viruses and other toxins in their labs, according to Israeli researchers who claim to have discovered a new “end-to-end cyber-biological attack.”

Published in Nature Biotechnology, the research by a team at Ben-Gurion University (BGU) of the Negev describes how criminals no longer need to have physical contact with a dangerous substance to produce and deliver it.

Part of the problem boils down to a weakness in the US Department of Health and Human Services (HHS) guidance for DNA providers which allows screening protocols to be circumvented using a generic obfuscation procedure.

The researchers claimed that, when they used this procedure, 16 out of 50 obfuscated DNA samples were not detected.

The second major factor is insufficient cybersecurity controls on lab computers. In the scenario painted in the report, a bioengineer has her PC infected with a malicious browser-plug-in, which enables a man-in-the-browser attack.

In so doing, attackers are able to change her order of sequences placed with a DNA synthesis company, to malicious sequences.

DNA obfuscation techniques camouflage the malicious nature of the order, which is therefore processed without raising any alarms and returned to the lab.

“This attack scenario underscores the need to harden the synthetic DNA supply chain with protections against cyber-biological threats,” said Rami Puzis, head of the BGU Complex Networks Analysis Lab.

“To address these threats, we propose an improved screening algorithm that takes into account in vivo gene editing. We hope this paper sets the stage for robust, adversary resilient DNA sequence screening and cybersecurity-hardened synthetic gene production services when biosecurity screening will be enforced by local regulations worldwide.”

On the cybersecurity side, the report recommends electronic signatures be placed on orders to improve transparency, and intrusion detection systems be used in labs, featuring heuristics and AI behavioral analysis to identify malicious code on PCs.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

MasterChef Producer Hit by Double Extortion Ransomware

2
News

Delaware County Pays $500,000 Ransom After Outages

3
News

Over 80,000 ID Cards and Fingerprint Scans Exposed in Cloud Leak

4
Editorial

The Final Shot, and Farewell

5
News

Two in Five Home Workers Vulnerable to Cyber-Attacks

6
News

New Egregor Ransomware Steps into Maze Group’s Shoes

1
News

Only 14% of Online Users Frequently Use Biometric Authentication

2
News

#thinkcybersec: Don’t Presume Legacy Tech is a Negative Thing

3
News

Personal Info Available on Dark Web for as Little as 50 Cents

4
Opinion

Overcoming Healthcare’s Cybersecurity Challenges

5
News

#thinkcybersec: Reconsider Hiring Strategies to Meet 2021’s Digital Challenges

6
News Feature

Infosecurity Magazine’s Infosec Christmas Advent Calendar

1
Webinar

2020 Cybersecurity Headlines in Review

2
Webinar

Insider Risk Maturity Models: Tales from the Insider Crypt

3
Webinar

Putting People First: Overcoming Human Error in Email Security

4
Webinar

How to Mitigate Insider Threats in the Current Technology Landscape

5
Webinar

The Remote Workplace: Managing the New Threat Landscape with ISO 27001

6
Webinar

Behind the Scenes of a Live DDoS and BOT Attack: Launch and Mitigation

1
News Feature

#IFAW2020: Fighting Back Against Rising Fraud During #COVID19

2
Blog

Solving the Global Cybersecurity Skills Gap in Two Simple Steps

3
Interview

#IFAW2020 Interview: David Britton, VP of Industry Solutions, Experian

4
Webinar

How to Mitigate Insider Threats in the Current Technology Landscape

5
Opinion

#HowTo Master Cybersecurity Training with a Third Party

6
Interview

Interview: Richard Betts and Eward Driehuis, Cybersprint