Connect with us

Technology

Is blockchain a friend or foe in ransomware attacks?

Voice Of EU

Published

on

UCD assistant professor Dr Nima Afraz explores how blockchain technology could be used against cyberattacks as well as the potential danger it poses.

In light of the recent ransomware attack on Ireland’s Health Service Executive (HSE), I have examined the possible role blockchain technology can play in exacerbating but also preventing such attacks.

The race is now on between those who want to use blockchain for good and those who seek to use it to create further criminal harm.

Ransomware is an increasingly common type of cyberattack during which the victim’s computer is infiltrated and their data rendered inaccessible by encryption techniques. The victim is then forced to pay a ransom to gain access to their own data.

A ransomware attack consists of several steps:

1. Infection/breach: Hackers use an attack vector to deliver the infected software or the ‘payload’ to the victim’s device.

2. The malware spreads: The malware spreads within the victim’s network and quickly encrypts their files.

3. Negotiations begin: The attacker shows an alert on the victim’s screen or opens a communication channel with them and promises to unlock the encrypted data when the ransom is paid.

A ransomware victim’s computer screen with directions on how to pay the ransom.

A ransomware victim’s computer screen with directions on how to pay the ransom.

Ransomware supply chain

The more advanced these attacks become, the more specialisation each step requires. For instance, an advanced cryptographist capable of designing the most sophisticated multi-threaded encryption technique is not necessarily a skilled extortion-negotiator or an adept social engineer.

At the same time, a cybercrime gang will risk more danger by recruiting more people. Hence, a new concept has emerged to connect these cybercriminals without exposing them to more danger. The recent phenomenon is called ransomware-as-a-service (RaaS).

RaaS platforms are often equipped with a step-by-step process allowing the client (in this case, the attacker) to customise many aspects of the malicious software, including the attack vector, encryption method, the type of files targeted (images, PDF, or a specific file format), communication channel and messages.

A dark web marketplace ad claiming to sell a custom-made ransomware

A dark web marketplace ad claiming to sell a custom-made ransomware.

Cybercriminals’ struggle for trust

Unsurprisingly cybercriminals do not trust each other. The marketplaces on the dark web where such RaaS offerings are sold are full of reviews from opportunist novice criminals who heard about RaaS and thought they could get rich overnight, only to be scammed by other con artists.

Similarly, the victims also have good reasons not to trust the attackers, besides them being criminals. For one, according to Kaspersky, only a quarter of ransomware victims manage to fully recover their data after paying the ransom. This is simply because the attackers do not invest substantial time and money in developing the decryption tool.

Meanwhile, very often, even after receiving the ransom and exchanging the decryption keys, the greedy attackers threaten to leak the sensitive data acquired during the attack and continue blackmailing the victim.

Therefore, there is no guarantee that after paying the ransom, the victim will get all their data back.

This issue seldom goes out of the area of individual trust and becomes a public cry for legitimacy. The collective of dark web hackers has long enjoyed the Robin Hood status due to targeting big corporations and donating to charities or leaking classified data on the government and public figure corruption.

Support Silicon Republic

Like drug cartels’ popularity stunts during the pandemic, cybercriminals benefit from the ‘coolness factor’ to recruit more hackers and maintain a reputation in public opinion.

However, preventing a country’s cancer patients from accessing chemotherapy and articles such as this is not consistent with the Robin Hood stature they yearn for. This might be why the cybercriminals behind the recent ransomware attack against HSE suddenly decided to publish the decryption tool online and for free.

Where does the blockchain come in?

Although the earliest documented ransomware attack dates back to 1989, the emergence of bitcoin and other cryptocurrencies has resulted in a massive resurgence in ransomware attacks. This is mainly because these cryptocurrencies allow attackers to extort large sums of money while remaining anonymous and difficult to trace.

The bad news is blockchain technology might prove to be the missing link in the full automation of ransomware attacks. Cybercriminals have already made efforts in automating the process of customising and selling ransomware. However, the lack of trust between cybercriminals is still a barrier to the full automation of this process.

A smart contract-based RaaS supply chain could cultivate more worrying degrees of operation. For instance, the cybercriminals could agree on a smart contract where a ransomware developer would only get a commission fee and only if the ransomware is proven effective. Once an agreement is written in a smart contract format, it’s immutable and unstoppable by either party.

From human-operated to automated attacks

On the other hand, blockchain could be used by the attackers to gain the victim’s trust. Researchers have studied how blockchain-based semi-autonomous ransomware could take the scale of ransomware attacks to an entirely new level. Researchers are now studying new ransom payment paradigms enabled by blockchain technology, including the pay-per-decrypt method.

Pay-per-decrypt is designed to gain the victim’s trust by allowing them to pay separate ransom for each, or a subset of, encrypted files. This will remedy the lack of trust between a victim who, rather than a large lump sum payment with uncertainty, will pay small amounts in return for guaranteed decryption. Another advantage of pay-per-decrypt for the attacker is the additional payment options they can program into the smart contracts, such as dynamic pricing of the files.

It is not all bad news

Blockchain technology can also work as a preventative measure to disarm ransomware.

In many cases, the main problem for victims is that only one copy of their data was ever stored on the servers. If attackers target this single point of failure, it’s enough to cost a victim access to their data.

Suppose the victim was instead keeping distributed records of their data spread across multiple servers hosted by independent providers instead of a single centralised copy. In that case, they could have isolated the infected machine and recovered all the data from the other copies.

Blockchain is one of the main technologies that allow such a distributed record-keeping with multiple immutable copies of the data available on demand without relying on a central entity and, therefore, no single point of failure.

On top of that, other distributed file storage protocols such as InterPlanetary File System (IPFS) could be used in parallel to blockchain to store larger datasets.

In addition, our work on collaborative attack prevention also uses blockchain technology to incentivise network entities to share attack information with each other and potentially leading to better defence against ransomware.

By Dr Nima Afraz

Dr Nima Afraz is an assistant professor at University College Dublin and is associated with the Connect  SFI research centre in Trinity College Dublin.

Source link

Technology

Edwards Lifesciences is hiring at its ‘key’ Shannon and Limerick facilities

Voice Of EU

Published

on

The medtech company is hiring for a variety of roles at both its Limerick and Shannon sites, the latter of which is being transformed into a specialised manufacturing facility.

Medical devices giant Edwards Lifesciences began renovations to convert its existing Shannon facility into a specialised manufacturing centre at the end of July.

The expansion will allow the company to produce components that are an integral part of its transcatheter heart valves. The conversion is part of Edwards Lifesciences’ expansion plan that will see it hire for hundreds of new roles in the coming years.

“The expanded capability at our Shannon facility demonstrates that our operations in Ireland are a key enabler for Edwards to continue helping patients across the globe,” said Andrew Walls, general manager for the company’s manufacturing facilities in Ireland.

According to Walls, hiring is currently underway at the company’s Shannon and Limerick facilities for a variety of functions such as assembly and inspection roles, manufacturing and quality engineering, supply chain, warehouse operations and project management.

Why Ireland?

Headquartered in Irvine, California, Edwards Lifesciences established its operations in Shannon in 2018 and announced 600 new jobs for the mid-west region. This number was then doubled a year later when it revealed increased investment in Limerick.

When the Limerick plant was officially opened in October 2021, the medtech company added another 250 roles onto the previously announced 600, promising 850 new jobs by 2025.

“As the company grows and serves even more patients around the world, Edwards conducted a thorough review of its global valve manufacturing network to ensure we have the right facilities and talent to address our future needs,” Walls told SiliconRepublic.com

“We consider multiple factors when determining where we decide to manufacture – for example, a location that will allow us to produce close to where products are utilised, a location that offers advantages for our supply chain, excellent local talent pool for an engaged workforce, an interest in education and good academic infrastructure, and other characteristics that will be good for business and, ultimately, good for patients.

“Both our Shannon and Limerick sites are key enablers for Edwards Lifesciences to continue helping patients across the globe.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Meta’s new AI chatbot can’t stop bashing Facebook | Meta

Voice Of EU

Published

on

If you’re worried that artificial intelligence is getting too smart, talking to Meta’s AI chatbot might make you feel better.

Launched on Friday, BlenderBot is a prototype of Meta’s conversational AI, which, according to Facebook’s parent company, can converse on nearly any topic. On the demo website, members of the public are invited to chat with the tool and share feedback with developers. The results thus far, writers at Buzzfeed and Vice have pointed out, have been rather interesting.

Asked about Mark Zuckerberg, the bot told BuzzFeed’s Max Woolf that “he is a good businessman, but his business practices are not always ethical. It is funny that he has all this money and still wears the same clothes!”

The bot has also made clear that it’s not a Facebook user, telling Vice’s Janus Rose that it had deleted its account after learning about the company’s privacy scandals. “Since deleting Facebook my life has been much better,” it said.

The bot repeats material it finds on the internet, and it’s very transparent about this: you can click on its responses to learn where it picked up whatever claims it is making (though it is not always specific).

This means that along with uncomfortable truths about its parent company, BlenderBot has been spouting predictable falsehoods. In conversation with Jeff Horwitz of the Wall Street Journal, it insisted Donald Trump was still president and would continue to be “even after his second term ends in 2024”. (It added another dig at Meta, saying Facebook “has a lot of fake news on it these days”.) Users have also recorded it making antisemitic claims.

BlenderBot’s remarks were foreseeable based on the behavior of older chatbots such as Microsoft’s Tay, which Twitter users quickly taught to be a racist conspiracy theorist, forcing the company to apologize for its “wildly inappropriate and reprehensible words and images”. GPT-3, another AI system, has also delivered racist, misogynist and homophobic remarks. A South Korean startup’s chatbot, designed to resemble a 20-year-old college student, had to be suspended after it rattled off racial slurs and anti-LGBTQ+ remarks.

Given the cesspool that is the internet, Meta appears to have expected similar things from its own service. Before logging on, users must acknowledge that BlenderBot is “likely to make untrue or offensive statements”. As Vice notes, Meta researchers have described the AI tech behind the bot as having “a high propensity to generate toxic language and reinforce harmful stereotypes, even when provided with a relatively innocuous prompt”.

“Everyone who uses Blender Bot is required to acknowledge they understand it’s for research and entertainment purposes only, that it can make untrue or offensive statements, and that they agree to not intentionally trigger the bot to make offensive statements,” said a Meta spokesperson in a statement.

My own conversation with BlenderBot did not veer into that territory, but it did highlight another flaw in the service: its utter inanity.

The bot began by asking me what subject I liked in school. The bot is open about which “persona” it is using in the conversation; our discussion involved a persona it described as “I like to read. I went to college.” When I asked it tough questions, such as which colleges accepted AI bot students, it offered nonsensical replies (“in some ways, aren’t we all chatbots?” No) and offered further reading by saying, “Here’s the link”, without providing a link. It also kept steering the conversation back to chatbots.

It did, however, maintain its firm stance against its own creators. When I said I wasn’t a fan of Facebook’s ethics, it wholeheartedly agreed: “Me too! That is why I stopped using it and just stick with reading books instead.”



Source link

Continue Reading

Technology

Midwest universities unite to support US chip industry • The Register

Voice Of EU

Published

on

A dozen US midwestern research colleges and universities have signed up to a project intended to bolster the semiconductor and microelectronics industries with combined research and education to ensure work for their students in high-tech industries.

The “Midwest Regional Network to Address National Needs in Semiconductor and Microelectronics” consists of a dozen institutions, made up of eight from Ohio, two from Michigan, and two from Indiana. Their stated aim is to support the onshoring efforts of the US semiconductor industry by addressing the need for research and a skilled workforce.

According to Wright State University, the network was formed in response to Intel’s announcement that it planned to build two chip factories near Columbus, Ohio, and followed a two-day workshop in April hosted by the state.

Those plans, revealed in January, are to build at least two semiconductor manufacturing plants on a 1,000-acre site, with the potential to expand to 2,000 acres and eight fabs.

At the time, Intel CEO Pat Gelsinger said he expected it to become the largest silicon manufacturing location on the planet. Construction started on the site at the beginning of July.

However, the university network was also formed to help address the broader national effort to regain American leadership in semiconductors and microelectronics, or at least bring some of it back onshore and make the US less reliant on supplies of chips manufactured abroad.

Apart from Wright State University, the 12 institutions involved in the network are: Columbus State Community College, Lorain County Community College, Michigan State University, Ohio State University, Purdue University, Sinclair Community College, University of Cincinnati, University of Dayton, University of Michigan, and the University of Notre Dame, Indiana.

The president of each institution has signed a memorandum of understanding to form the network, and the expectation is that the group will expand to include more than these dozen initial members.

The intention is that the institutions taking part will be able to make use of each other’s existing research, learning programs, capabilities, and expertise in order to boost their collective ability to support the semiconductor and microelectronics industry ecosystems.

Challenges for the network include developing mechanisms to connect existing research, and training assets across the region, and developing a common information sharing platform to make it easier to identify opportunities for joint programming and research across the network.

University of Cincinnati chief innovation officer David J Adams called the announcement a game-changer. “This highly innovative approach illustrates that we’re all in this together when it comes to meeting industry workforce and research needs,” Adams wrote in a posting on the University of Cincinnati website.

The move follows the long-awaited passage of the $280 billion CHIPS and Science Act at the end of last month, of which $52 billion of the total spend is expected to go towards subsidizing the building of semiconductor plants such as Intel’s, and boosting research and development of chip technology. ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!