This new cyber attack may trick DNA scientists into creating dangerous viruses and toxins



[ad_1]

A new form of cyber attack has been developed that highlights the potential future ramifications of digital attacks against the biological research sector.

On Monday, academics from Ben-Gurion University of the Negev described how “unwitting” biologists and scientists could become victims of cyberattacks designed to take biological warfare to another level.

At a time when scientists around the world are pushing ahead with the development of potential vaccines to fight the COVID-19 pandemic, Ben-Gurion’s team says it’s no longer the case for a threat actor to need physical access. to a “dangerous” substance to produce or deliver it – instead, scientists could be tricked into producing synthetic toxins or viruses on their behalf through targeted cyberattacks.

See also: Human biohacking: an exciting prospect, but only for the rich?

The research, “Cyberbiosecurity: Remote DNA Injection Threat in Synthetic Biology”, was recently published in the academic journal Nature Biotechnology.

The attack documents how malware used to infiltrate a biologist’s computer could replace substrings in DNA sequencing. Specifically, the weaknesses in the Screening Framework Guide for Double-stranded Synthetic DNA Suppliers and Harmonized Screening Protocol v2.0 systems “allow you to bypass protocols using a generic obfuscation procedure.”

When DNA orders are placed to suppliers of synthetic genes, U.S. Department of Health and Human Services (HHS) guidance requires that screening protocols be in place for potentially harmful DNA scanning.

However, it was possible for the team to circumvent these protocols by obfuscation, in which 16 out of 50 obfuscated DNA samples were not detected for the “best match” DNA screening.

The software used to design and manage synthetic DNA projects may also be susceptible to human browser attacks which can be used to inject arbitrary strings of DNA into genetic orders, facilitating what the team calls an “end-to-end cyber attack.” to-end “.

CNET: Tesla Model X is vulnerable to Bluetooth hacking which makes theft a breeze, the report said

The synthetic genetic engineering pipeline offered by these systems can be tampered with in browser-based attacks. Remote hackers could use malicious browser plug-ins, for example, to “inject obfuscated pathogen DNA into an online order of synthetic genes.”

In one case demonstrating the possibilities of this attack, the team cited the residual Cas9 protein, using malware to transform this sequence into active pathogens. According to the team, the Cas9 protein, when using CRISPR protocols, can be exploited to “de-obfuscate harmful DNA within host cells.”

For an unwitting scientist working out the sequence, this could mean the accidental creation of hazardous substances, including synthetic viruses or toxic material.

TechRepublic: The 5 main business sectors targeted by ransomware

“To regulate the intentional and unintentional generation of hazardous substances, most suppliers of synthetic genes screen the orders of DNA, which is currently the most effective line of defense against such attacks,” commented Rami Puzis, head of BGU Complex. Networks Analysis Lab. “Unfortunately, the screening guidelines have not been adapted to reflect recent developments in synthetic biology and cyberwarfare.”

A potential chain of attacks is described below:

screenshot-2020-11-26-at-13-34-19.png

“This attack scenario underscores the need to strengthen the synthetic DNA supply chain with protections against cyber-biological threats,” Puzis added. “To address these threats, we propose an improved screening algorithm that takes into account in vivo gene editing.”

Previous and related coverage


Do you have a suggestion? Contact us securely via WhatsApp | Signal on +447 713 025 499 or in addition to the key base: charlie0


[ad_2]
Source link