Connect with us

Indian Defense

The Vexing Technological Challenge of Fighting Ransomware

Published

on

The Vexing Technological Challenge of Fighting Ransomware

The finding seeks to address a vexing challenge that has stymied international efforts to stop such attacks. Recent ransomware attacks such as that on JBS, which temporarily shut all US beef plants for the largest meat producer globally, have exposed gaps in protection for critical industries

by Jordan Robertson

115 milliseconds. As quick as a blink, that’s the amount of time a new technology — developed by researchers from Australia’s national science agency and a university in South Korea — takes to detect that ransomware has detonated on a computer and block it from causing further damage.

The finding seeks to address a vexing challenge that has stymied international efforts to stop such attacks. As hackers execute bolder attacks with bigger potential pay outs, computer scientists are pushing the limits of software to make near-instantaneous decisions and save victims from ruin.

A spree of recent ransomware attacks have focused attention on the issue and spurred booming growth for part of the cybersecurity industry — one that has benefited from a presidential endorsement of sorts. Since 2016, spending on “endpoint protection” software has more than doubled to $9.11 billion last year, according to data from Gartner Inc. Those are cybersecurity tools that protect “end-user” devices such as laptops and desktop computers, which are vulnerable to being hacked through their users clicking on malicious links or phishing emails.

Last month, US President Joe Biden issued an executive order that will require civilian federal agencies to deploy a specific type of that technology, called endpoint detection and response software on their networks. Leading companies include SentinelOne Inc., Cybereason Inc., Microsoft Corp. and CrowdStrike Holdings Inc., according to Gartner.

The innovation of that software is that it blocks files deemed to be malicious — what traditional antivirus does — and goes a step further, automating the hunt for suspicious behaviour on users’ machines, aiming to identify poisoned code before it causes damage, according to Oliver Spence, co-founder of UK-based North Star Cyber Security. Still, Spence said the technical challenge remains daunting.

“Solving ransomware is magnitudes harder than solving spam and that isn’t solved yet,” he said. “How do you tell which email is legitimate or not? How do I tell if a process is legitimate or not? Solve either problem completely, and you are well on your way to being rich enough to retire.”

Ransomware is a type of cyberattack that encrypts files on victims’ computers, rendering them useless until a ransom is paid. It can take just minutes to cripple an entire network. The recent hacks of Colonial Pipeline Co., which shut the biggest gasoline pipeline in the US for nearly a week, and of JBS SA, which temporarily shut all US beef plants for the largest meat producer globally, have exposed gaps in protection for critical industries.

One of the few ways to get ahead of the problem is to have security software running deep inside a computer’s operating system. There, it can see each program — or process — running on the machine and have the best shot at distinguishing between legitimate and nefarious ones.

“The technology exists to identify authorized processes versus unauthorised processes — that’s actually not that terribly hard,” said Lawrence Pingree, a managing vice president at Gartner. “The hard part is that ransomware, as a category, can use many hundreds of techniques including modifying or injecting authorised processes. Most security practitioners will tell you that it’s a race condition where defenders keep augmenting security to match the changing threats.”

Hackers often trigger alarms as they move around victim networks, performing reconnaissance and manipulating accounts while staging ransomware attacks, said Jared Phipps, senior vice president of sales engineering for SentinelOne. Endpoint detection and response software automate the analysis of those behaviours to try and stop the hackers before they escalate, he said.

“Executing the ransomware is the last thing they do,” Phipps said. “There are weeks and weeks or even months of lead time in the attack. There are going to be many different systems touched and in most cases, there are a lot of security alerts.”

One challenge of staying ahead of the problem is that skilled hackers routinely test their code and techniques against the latest security software, adapting when needed to evade detection, said Andrew Howard, chief executive officer of Switzerland-based Kudelski Security.

“Ransomware attacks today are typically human-operated, meaning that a human is actively guiding the attack,” Howard said. “As the defences get better, this drives new offensive techniques, which drives better defences, which drives new offensive techniques, and so forth. There is not a 100% effective technical solution for this problem.”

An executive at a leading cyber incident response firm, who asked not to be named discussing internal matters, said his company always recommends that ransomware victims it’s assisting buy some form of endpoint detection and response software and that about 70% do. He said his firm analyzed its deployments from one of the leading vendors and found that the software blocked almost all of the attacks. “The only three fails we have seen in three years were because of poor implementation by the client,” the person said.

The person noted that such technologies aren’t cheap, starting at about $12 per “endpoint” — or device — per month, with discounts for big deployments. For large organisations, that can mean millions of dollars per year. But to put that in perspective, Colonial paid a $4.4 million ransom, while JBS paid $11 million.

One way that organisations are paying for the upgrade is by replacing their antivirus programs. Gartner projects that within five years, more than 60% of large organisations will have replaced antivirus with endpoint detection and response and similar software. In the meantime, computer scientists are racing to improve the speed and accuracy of their code for handling the “response” part of the equation, trying to shave milliseconds off their times for blocking malicious actions.

In January, researchers from the digital arm of Australia’s national science agency — the Commonwealth Scientific and Industrial Research Organisation’s Data61 unit — and from Sungkyunkwan University in South Korea published details of an experimental technology they developed to detect ransomware by looking at some of the lowest-level signals in a computer’s operating system.

One result, the researchers said, was the ability to detect ransomware on average in about 115 milliseconds, after just one file was encrypted — saving the rest of the computer and its contents. Software makers generally haven’t disclosed specific performance metrics in this area, so it’s unknown how the researchers’ findings compare to commercial efforts to thwart the attacks.

The paper’s lead author, Muhammad Ejaz Ahmed, wrote in an email that these results point to a goal that the security industry is urgently chasing. “Our approach can detect such activities at the early stages of a ransomware infection,” he said. This opens the door to “detect and give an early warning even before any damage is done.”

Source link

Continue Reading
Click to comment

Leave a Reply

Indian Defense

INS Arihant’s Nuke-Capable K-4 Submarine-Launched Ballistic Missile ‘Ready To Roll’

Published

on

By

INS Arihant’s Nuke-Capable K-4 Submarine-Launched Ballistic Missile ‘Ready To Roll’


NEW DELHI: India tested its nuclear capable K-4 submarine-launched ballistic missile (SLBM), designed to have a strike range of 3,500 km, for the second time in six days on Friday. The missile test, as the one conducted on January 19, was undertaken from an undersea platform in the shape of a submersible pontoon off the coast of Andhra Pradesh according to a report by Rajat Pandit of TOI.

The solid-fuelled K-4 missile is being developed by DRDO to arm the country’s nuclear-powered submarines in the shape of INS Arihant and its under-development sister vessels. INS Arihant, which became fully operational in November 2018 to complete India’s nuclear triad, is currently armed with the much shorter K-15 missiles with a 750 km range.

“The K-4 is now virtually ready for its serial production to kick-off. The two tests have demonstrated its capability to emerge straight from underwater and undertake its parabolic trajectory,” said a source.

India has the land-based Agni missiles, with the over 5,000-km Agni-V inter-continental ballistic missile now in the process of being inducted, and fighter jets jury-rigged to deliver nuclear weapons. But INS Arihant gives the country’s deterrence posture much more credibility because nuclear-powered submarines armed with nuclear-tipped missiles are considered the most secure, survivable and potent platforms for retaliatory strikes.

Once the K-4 missiles are inducted, they will help India narrow the gap with countries like the US, Russia and China, which have over 5,000-km range SLBMs. The K-4 missiles are to be followed by the K-5 and K-6 missiles in the 5,000-6,000 km range class.

The 6,000-ton INS Arihant, which is propelled by an 83 MW pressurised light-water reactor at its core, in turn, is to be followed by INS Arighat, which was launched in 2017. The next generation of nuclear submarines, currently called S-4 and S-4*, will be much larger in size.





Source link

Continue Reading

Indian Defense

After Upgradation, Sukhoi Su-30MKI Indigenisation To Reach 78%

Published

on

By

After Upgradation, Sukhoi Su-30MKI Indigenisation To Reach 78%


India has received clearance to upgrade 84 Sukhoi Su-30MKI fighter jets, which will result in 78% indigenization after the upgrade

In a significant step towards bolstering its military might with indigenously developed technology, India is poised to witness its Russian-origin Sukhoi Su-30MKI fighter jets evolve into a domestic platform. Speaking at a recent lecture.

The upgrade program is being led by Hindustan Aeronautics Limited (HAL) in partnership with the Indian Air Force and other partners. The upgrade is expected to cost US$7.5 billion.

The Defence Acquisition Council (DAC) granted Acceptance of Necessity (AoN) for the upgrade. The upgrade is part of India’s efforts to improve the capabilities of its primary fighter aircraft, it refers to as the “Super Sukhoi”.

This initiative is a part of a larger effort by the Indian Air Force to modernize its ageing fleet. Air Chief Marshal Chaudhari asserted the critical role of an offensive air force as demonstrated in current global conflicts and emphasized India’s move towards an indigenized arsenal. To this end, the IAF has been proactive, from upgrading its Mirage 2000 to enhancing its MiG-29 fleet.

In summary, the IAF’s commitment to updating their combat forces with the latest technology, including shifting to fifth-generation fighter jets, ensures operational preparedness and a strong deterrence capability. The gradual indigenization of its air fleet marks a pivotal shift in India’s defence landscape, reducing dependency on foreign imports and fostering technological sovereignty.





Source link

Continue Reading

Indian Defense

Akash Weapon System Exports For The Armenian Armed Forces Gathers Pace

Published

on

By

Akash Weapon System Exports For The Armenian Armed Forces Gathers Pace


According to unconfirmed reports, Armenia is a top contender for an export order for Akash SAM system manufactured by Bharat Dynamics Limited (BDL).

While there is no official confirmation because of the sensitivities involved, documents suggest that the order for the same has already been placed the report further added.
There are nine countries, in turn, which have shown interest in the indigenously-developed Akash missile systems, which can intercept hostile aircraft, helicopters, drones and subsonic cruise missiles at a range of 25-km. They are Kenya, Philippines, Indonesia, UAE, Bahrain, Saudi Arabia, Egypt, Vietnam and Algeria reported TOI.

The Akash export version will also be slightly different from the one inducted by the armed forces. The 100-km range air-to-air Astra missiles, now entering production after successful trials from Sukhoi-30MKI fighters, also have “good export potential”, said sources.

Akash is a “tried, tested and successfully inducted systems”. Indian armed forces have ordered Akash systems worth Rs 24,000 crore over the years, and MoD inked a contract in Mar 2023 of over Rs 9,100 crores for improved Akash Weapon System

BDL is a government enterprise under the Ministry of Defence that was established in 1970. BDL manufactures surface-to-air missiles and delivers them to the Indian Army. BDL also offers its products for export.

Akash Weapon System

The AWS is a Short Range Surface to Air Missile (SRSAM) Air Defence System, indigenously designed and developed by Defence Research and Development Organisation (DRDO). In order to meet aerial threats, two additional Regiments of AWS with Upgradation are being procured for Indian Army for the Northern borders. Improved AWS has Seeker Technology, Reduced Foot Print, 360° Engagement Capability and improved environmental parameters.

The project will give a boost to the Indian missile manufacturing industry in particular and the indigenous defence manufacturing ecosystem as a whole. The project has overall indigenous content of 82% which will be increased to 93% by 2026-27.

The induction of the improved AWS into the Indian Army will increase India’s self-reliance in Short Range Missile capability. This project will play a role in boosting the overall economy by avoiding outgo of precious foreign exchange to other countries, increasing employment avenues in India and encouraging Indian MSMEs through components manufacturing. Around 60% of the project cost will be awarded to the private industry, including MSMEs, in maintaining the supply chain of the weapon system, thereby creating large scale of direct and indirect employment.





Source link

Continue Reading

Trending

Copyright © 2017 Zox News Theme. Theme by MVP Themes, powered by WordPress.