BGU Startup Fights Cybercrimes
April 9, 2019
BBC – Billions of dollars are being lost to cybercrime each year, and the problem seems to be getting worse. So could we ever create unhackable computers beyond the reach of criminals and spies? Ben-Gurion University researchers are coming up with some interesting solutions.
“We need to bring prevention back into the game,” says Yuval Danieli, vice president of customer services at Israeli cyber-security firm Morphisec.
“Most of the world is busy with detection and remediation – threat hunting – instead of preventing the cyberattack before it occurs.”
Morphisec – born out of research done at Ben-Gurion University – has developed what it calls “moving target security.” It’s a way of scrambling the names, locations and references of each file and software application in a computer’s memory to make it harder for malware to get its teeth stuck into your system.
The mutation occurs each time the computer is turned on so the system is never configured the same way twice. The firm’s tech is used to protect the London Stock Exchange and Japanese industrial robotics firm Yaskawa, as well as bank and hotel chains.
But the most effective way to secure a computer is to isolate it from local networks and the internet completely – this is called air gapping. This way, you would need to gain physical access to the computer to steal data.
“The obvious way to attack an air-gapped machine is to compromise it during the supply chain when it is being built,” he says.
“So, you then have a compromised air-gapped computer in a nuclear power station that came with the malware – the attacker never has to enter the premises.”
Indeed, in October last year, Bloomberg Businessweek alleged that Chinese spies had managed to insert chips on servers made in China that could be activated once the machines were plugged in overseas. The servers were manufactured for the U.S. firm Super Micro Computer Inc.
The story suggested that Amazon Web Services (AWS) and Apple were among 30 companies, as well as government agencies and departments, that had used the suspect servers.
Apple and Amazon strenuously denied the claims.