A new cyber attack which can mimic a user’s personalised keystroke characteristics

SciTech Europa | June 06, 2019

A new cyber attack which can mimic a user’s personalised keystroke characteristics
Ben-Gurion University of the Negev (BGU) cybersecurity researchers have developed a new cyber attack which can mimic a user’s personalised keystroke characteristics. The cyber attack, called Malboard, evades several detection products because they are designed to continuously verify the identity of user based on personalised keystroke characteristics. Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, and a member of the BGU Department of Industrial Engineering and Management, said: “In the study, 30 people performed three different keystroke tests against three existing detection mechanisms including KeyTrac, TypingDNA and DuckHunt. Our attack evaded detection in 83% to 100% of the cases.” How does it mimic personalised keystroke characteristics? In this cyber attack, a compromised USB keyboard automatically generates and sends malicious keystrokes which mimic the attacked user’s personalised keystroke characteristics. Usually maliciously generated keystrokes do not match human typing so they are easily detected. However, Malboard using artificial intelligence to generate commands autonomously and in the style of the user to inject the keystrokes as malicious software into the keyboard. The keyboards used to test this attack in the research were products by Microsoft, Lenovo and Dell.

Spotlight

Many organizations are not aware of the targeted attacks and advanced threats that readily breach existing security defenses. Today's attackers conduct advance reconnaissance on their targets, in order to custom-design advanced malware attack methods that are specifically designed to evade detection. To protect data, intellectual property, and communications, and to avoid the unexpected costs associated with targeted attacks and advanced threats, organizations need the ability to discover attacks that traditional security is blind to.

Related News

Microsoft shares threat intelligence, security guidance during global crisis

CXOtoday | April 23, 2020

With much of the world now transitioned to virtual work, digital safety has become a key area of concern. This is not something security professionals, were given time to prepare for, yet many of our customers have been thrust into a new environment and challenged to respond quickly.Our threat intelligence teams at Microsoft are actively monitoring and responding to this shift in focus. Our data shows that these COVID-19 themed threats are rethreads of existing attacks that have been slightly altered to tie to this pandemic. This means we’re seeing a changing of lures, not a surge in attacks. Our intelligence shows that these attacks are settling into a rhythm that is the normal ebb and flow of the threat environment.

Read More

PLATFORM SECURITY

Stellar Cyber Partners with SonicWall for Advanced Prevention, Response

Stellar | September 08, 2021

Stellar Cyber, the innovator of Open XDR, the only intelligent, next-gen security operations platform, announced today that it has joined the SonicWall SecureFirst Partner Program to integrate Stellar Cyber’s advanced threat detection and response with SonicWall’s award-winning prevention technology. This combination of prevention, detection and response provides an outstanding platform for enterprises that want to stop many attacks before they occur while detecting and remediating complex threats. “As a customer of both SonicWall and Stellar Cyber, it’s great to see these two solutions working together,” said Michael Crean, CEO of Solutions Granted. “By using this combination of products, we’ve been able to discover attacks and respond more quickly. Our analysts are now much more productive than they were before.” Leveraging SonicWall’s next-generation firewalls for network protection, Capture Client for endpoint protection and Secure Mobile Access for remote access to corporate resources, Stellar Cyber’s AI-driven intelligent SOC platform collects, normalizes, enriches and analyzes data to spot even the most sophisticated attacks. The combination also makes security analysts more productive by correlating the data from these different tools and reducing the alert fatigue that firewalls may generate. “We rely on SonicWall’s firewalls for the ultimate in perimeter security, and being able to use the Stellar Cyber platform to correlate and respond to SonicWall log data with telemetry from our other security tools is of significant benefit to our analysts and customers,” said Phil Burnett, CISO of High Wire Networks. “We’re glad to hear that these two companies are working together.” This partnership allows security analysts to: Gain context for alerts: Firewall log data is centralized, normalized and fused with contextual information such as threat intelligence, geolocation, user information, asset information, domain registrar information and more to gain better context for alerts. Eliminate alert fatigue: Stellar Cyber focuses on actionable, high-fidelity security events that matter versus the millions of alerts generated by firewalls. Advanced machine learning algorithms determine what events are the important ones. Identify sequences of events: Using automatic correlation that identifies events seen on the firewall that lead to other events seen on endpoint and cloud applications, Stellar Cyber delivers a better understanding of a breach’s timeline. Audit firewall policies: Stellar Cyber cleans up firewall policies and eliminates unused and unneeded policies by leveraging machine learning to identify commonly used versus unused policies that are configured on firewalls. Take automated action: Stellar Cyber’s built-in security orchestration and response (SOAR) functionality takes automated action, such as automatically blocking a malicious actor on the firewall or disconnecting a compromised endpoint via Capture Client, or disabling an infected user through Active Directory within the enterprise. Now, enterprises and MSPs can use this solution combination to secure their networks from brute-force attacks as well as to discover and remediate complex exploits that individual tools can miss. “SonicWall’s next-generation firewalls, Capture Client and Secure Mobile Access, integrated with Stellar Cyber’s Open-XDR platform, provide stronger automation and artificial intelligence capabilities for our joint customers,” said Edward Cohen, Vice President, Strategy & Operations, at SonicWall. “This partnership will help deliver superior threat prevention and simplified security operations across all environments.” “SonicWall is a leader in cyberattack prevention, and Stellar Cyber complements their solutions by automating threat detection and response,” said Steve Garrison, Vice President of Marketing at Stellar Cyber. “Through this partnership, the integration enables our resellers and go-to-market partners to deliver additional value to SonicWall customers by adding advanced threat detection and response capabilities to their existing investment.” About Stellar Cyber Stellar Cyber’s Open XDR platform delivers Everything Detection and Response by ingesting data from all tools, automatically correlating alerts into incidents across the entire attack surface, delivering fewer and higher-fidelity incidents, and responding to threats automatically through AI and machine learning. Our XDR Kill Chain™, fully compatible with the MITRE ATT&CK framework, is designed to characterize every aspect of modern attacks while remaining intuitive to understand. This reduces enterprise risk through early and precise identification and remediation of all attack activities while slashing costs, retaining investments in existing tools and accelerating analyst productivity. Typically, our platform delivers a 8X improvement in MTTD and an 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

DATA SECURITY

Tammy Moskites, a Veteran CISO, has been Appointed to AppViewX's Advisory Board

AppViewX | May 04, 2021

AppViewX, the leader in next-gen machine identity management via automation and application delivery automation, today announced the appointment of Tammy Moskites, CEO and founding father of CyAlliance®, as Executive Board Advisor. Tammy joins the AppViewX planning board to supply strategic cybersecurity guidance to customers and across go-to-market channels to drive awareness, growth, and customer success. With over 30 years of technology experience, security acumen and leadership Tammy may be a result-driven and passionate executive who helped create the Machine Identity Management market category and enterprise requirements to raised govern keys and certificates. As a distinguished career CISO, Tammy actively guides peer CISOs and security architects worldwide to assist defend their organizations from cyber attacks, unplanned outages, and failed audits. Tammy has previously held executive security and technology leadership roles at Accenture, Venafi, Time Warner Cable, and residential Depot. "We're delighted to possess Tammy Moskites to join AppViewX as an Executive Board Advisor," said Gregory Webb, AppViewX CEO. As cryptographic keys and certificates became the critical infrastructure for DevOps, SecOps, and NetOps, the importance of Machine Identity Management to an organization's overall security posture and digital transformation has become a top priority. As a highly experienced and influential executive, Tammy will add significant value to our team. Her experience as a successful career CISO is invaluable to us as we still accelerate growth and supply the foremost comprehensive, next-gen machine identity management solution for global enterprises." Tammy may be a highly recognized cyber and ladies in technology social influencer. Amongst the various things she is involved in, she may be a Ventture Advisor to YL Ventures, a Distinguished Fellow with the Ponemon Institute, and volunteers her time with many technology organizations. She is an internationally recognized keynote/speaker, not only on security and governance but also on career building, women in technology, and leadership mentoring. She is currently an executive company board advisor to Blue Lava, Raxis, RiskIQ, and SecureAuth and a seed investor at Grip Security. "I was an early voice, champion, and adopter of what's now, Machine Identity Management, which dates back nearly 10 years," said Tammy Moskites, Executive Board Advisor at AppViewX. "As a career CISO, I even have always had a passion and expressed the need to manage your keys and certificates and shared that zeal worldwide. I even have certainly been excited to observe the expansion and maturity during this cybersecurity space as an entire. I feel that AppViewX is maturing Machine Identity Management and also within the areas of IoT Key/Certificate Lifecycle Automation, PKI Management/PKIaaS, and Application Delivery Automation. I'm truly impressed by their dedication, focus, and most significantly, their passion for 'doing the proper things right' – which has allowed them to require Machine Identity and Automation to a subsequent level! I'm super excited to be an Executive Board Advisor at AppViewX and appearance forward to their partnership with CyAlliance® and welcome them to our Cy'Alliance' portfolio of partners!" According to Gartner's Top Security and Risk Management Trends for 2021, Machine identity Management may be a top trend for 2021. "Machine identity management aims to determine and manage trust within the identity of a machine interacting with other entities, like devices, applications, cloud services, or gateways. Increased numbers of nonhuman entities are now present in organizations, which suggests managing machine identities has become an important part of the safety strategy." About AppViewX AppViewX is revolutionizing the way NetOps and DevSecOps teams deliver Machine Identity Management and Application Delivery Automation solutions services to Enterprise IT. The AppViewX Platform may be a modular software application that permits the automation and orchestration of network infrastructure using an intuitive, context-aware, visual workflow. It quickly and simply translates business requirements into automation workflows that improve agility, enforces compliance, eliminate errors, and reduce cost. AppViewX customers are among the world's most demanding Fortune 1000 organizations in financial services and banking, healthcare, oil and gas, manufacturing, and high tech.

Read More

Spotlight

Many organizations are not aware of the targeted attacks and advanced threats that readily breach existing security defenses. Today's attackers conduct advance reconnaissance on their targets, in order to custom-design advanced malware attack methods that are specifically designed to evade detection. To protect data, intellectual property, and communications, and to avoid the unexpected costs associated with targeted attacks and advanced threats, organizations need the ability to discover attacks that traditional security is blind to.