[ad_1]
A new form of cyberattack has been developed that highlights the potential future ramifications of digital assaults on the biological research industry.
On Monday, academics from Ben-Gurion University in the Negev described how “unwitting” biologists and scientists could fall victim to cyber attacks designed to take biological warfare to another level.
At a time when scientists around the world are advancing the development of potential vaccines to fight the COVID-19 pandemic, Ben-Gurion’s team says it is no longer the case that a threat actor has need physical access to a “dangerous” substance to produce or deliver it – instead, scientists could be tricked into producing synthetic toxins or viruses on their behalf by targeted cyber attacks.
See also: Human biohacking: an exciting prospect, but only for the rich?
The research, “Cyberbiosecurity: Remote DNA Injection Threat in Synthetic Biology,” was recently published in the academic journal Biotechnology of nature.
The attack shows how malware, used to infiltrate a biologist’s computer, could replace substrings in DNA sequencing. More specifically, the weaknesses of the Guide to the Screening Framework for Suppliers of Synthetic Double Stranded DNA and Harmonized Screening Protocol v2.0 Systems “allow protocols to be bypassed using a generic obfuscation procedure. “.
When DNA orders are placed from synthetic gene suppliers, US Department of Health and Human Services (HHS) guidelines require testing protocols to be in place to look for potentially dangerous DNA.
However, it was possible for the team to bypass these protocols through obfuscation, in which 16 of the 50 obfuscated DNA samples were not detected against the “best match” DNA screening.
Software used to design and manage synthetic DNA projects may also be susceptible to human in-browser attacks which can be used to inject arbitrary DNA strings into genetic orders, facilitating what the team calls an “end-to-end cyber-biological attack”.
CNET: Tesla Model X vulnerable to bluetooth hack that facilitates theft, report says
The synthetic genetic engineering pipeline offered by these systems can be tampered with during browser-based attacks. Remote hackers could use malicious browser plugins, for example, to “inject masked pathogenic DNA into an online order of synthetic genes.”
In a case demonstrating the possibilities of this attack, the team cited the residue of the Cas9 protein, using malware to turn this sequence into active pathogens. The Cas9 protein, when using CRISPR protocols, can be exploited to “disobfuscate malicious DNA in host cells,” according to the team.
For an unintentional scientist processing the footage, this could mean the accidental creation of dangerous substances, including synthetic viruses or toxic materials.
TechRepublic: Top 5 industries targeted by ransomware
“To regulate the intentional and unintentional generation of hazardous substances, most synthetic gene suppliers screen DNA drives, which is currently the most effective line of defense against such attacks,” commented Rami Puzis, Chief from the BGU Complex Networks Analysis Lab. “Unfortunately, the screening guidelines have not been adapted to reflect recent developments in synthetic biology and cyberwarfare.”
A potential chain of attack is described below:
“This attack scenario underscores the need to strengthen the synthetic DNA supply chain with protections against cyber-biological threats,” added Puzis. “To address these threats, we propose an improved screening algorithm that takes into account gene editing in vivo.”
Previous and related coverage
Do you have any advice? Get in touch securely via WhatsApp | Signal to +447713025499, or more to Keybase: charlie0
[ad_2]
Source link