The recent Petya ransomware attack, which centered on Ukraine, has highlighted the growing global cyber threat. Swiss scientists have developed new defences to protect both businesses and individuals from attack.
A big part of the problem is that the internet was designed decades ago when the most powerful super-computer had less oomph than today’s smartphone, a cyber risks summit at Zurich’s Federal Institute of Technology (ETHZ) heard.
Imagine walking home at night with no choice of the route you take. You could be sent along a well-lit, guarded road or a back alley frequented by muggers. The random nature of routing data through cyberspace makes it vulnerable to theft, hijacking or manipulation, argues Adrian Perrig, head of ETHZ’s Network Security Group.
He has worked out a means of tearing down the obsolete architecture of delivering data and replacing it with an armour-plated version. This goes by the name of ‘Scalability, Control and Isolation on Next-Generation Networks’ – or SCION for short.
SCION creates protected, autonomous bubbles that only connect with other trusted bubbles. The controllers of these secure spaces can choose which routes their data takes when moving it from A to B. Perrig has persuaded Swiss state telecoms provider Swisscom and the foundation Switch, which registers .ch domain names, to give their backing to the open source system.
“No other architecture has been designed specifically for security,” he said at the cyber risks summit on Monday. Perrig estimates that Switzerland could completely adapt to the SCION system with an outlay of CHF25 million ($26 million). Several companies have expressed an interest in using SCION, including a Swiss bank.
SCION provides protection against data hijacking and Distributed Denial of Service (DDoS) attacks but not ransomware such as Petya or WannaCry.
Other ETHZ researchers claim to have found a more efficient method of identifying cyberattacks before they can cause real damage. They joined forces with the Swiss army’s procurement and technology department, armasuisse, after defence contractor RUAG was hacked by Advanced Persistent Threat (APT) malware.
The bug stole around 23 gigabytes of data between 2014 and 2016 before being discovered. ETHZ and armasuisse have developed an APT early warning system that identifies differences in the way the bug communicates compared to normal web browsing activities.
The first task was to build a more complete fingerprint of normal website browsing chatter. In trials, researchers then had a 99.5% success rate at distinguishing unusual malware signals. They also claim that the system, which will be taken to the market by ETHZ spin-off company Exeon Analytics, can identify malware within minutes of infection.
The system can also quickly detect ransomware attacks, but lead ETHZ researcher Laurent Vanbever said that would not be enough to prevent damage if malware starts encrypting data immediately after infection. While swift detection is a crucial factor in defending against cyberattacks, Vanbever’s system does not switch off the malware.