Biblio

In the digital age, drug makers have never been more exposed to cyber threats, from a wide range of actors pursuing very different motivations. These threats can have unpredictable consequences for the reliability and integrity of the pharmaceutical supply chain. Cyber threats do not have to target drug makers directly; a recent wargame by the Atlantic Council highlighted how malware affecting one entity can degrade equipment and systems functions using the same software. The NotPetya ransomware campaign in mid-2017 was not specifically interested in affecting the pharmaceutical industry, but nevertheless disrupted Merck’s HPV vaccine production line. Merck lost 310 million dollars in revenue subsequent quarter, as a result of lost productivity and a halt in production for almost a week.

Cyber risk is continually evolving, meaning insurers should understand emerging risks in order to keep pace with their clients' exposures. Lloyd’s, CyberCube and Guy Carpenter have conducted an analysis detailing three scenarios which represent the most plausible routes by which a cyber attack against industrial control systems (ICS) could generate major insured losses. All three scenarios have historical precedents. The report describes how more severe events could unfold. This report considers four key industries dependent upon ICS (Manufacturing, Shipping, Energy and Transportation) and assesses precedents and the potential impact on each. The potential for physical perils represents a major turning point for the broader cyber (re)insurance ecosystem. This risk has previously been considered unlikely to materially impact the market, with cyber perils traditionally emerging in the form of non-physical losses. However, crossing the divide between information technology (IT) and operational technology (OT), along with increases in automation and the sophistication of threat actors, means it is paramount that (re)insurers carefully consider how major losses may occur and the potential impacts.

Another risk posed by the limited number of available vendors is the threat of supply chain attacks. According to researchers at CrowdStrike on June 27, 2017 the destructive malware known as NotPetya was deployed using a legitimate software package employed by organizations operating in Ukraine. The attack used an update mechanism built into the software to provide updates and distribute them to the vendor’s customers. This same mechanism had been used a month earlier to deploy other ransomware attacks. Supply chain attacks exploit a trust relationship between software or hardware vendors and their customers. These attacks can be widespread targeting the entire trusted vendor’s customer base and are growing in frequency as well as sophistication.

The NIST Cyber Supply Chain Risk Management (C-SCRM) program helps organizations to manage the increasing risk of cyber supply chain compromise, whether intentional or unintentional. The factors that allow for low-cost, interoperability, rapid innovation, a variety of product features, and other benefits also increase the risk of a compromise to the cyber supply chain, which may result in risks to the end user. Managing cyber supply chain risks require ensuring the integrity, security, quality and resilience of the supply chain and its products and services. Cyber supply chain risks may include insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software and hardware, as well as poor manufacturing and development practices in the cyber supply chain.

In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. It is common for hackers to try to capitalize on horrible events that occur to perform phishing attacks.

According to a report released by Menlo Security, the padlock in a browser's URL bar gives users a false sense of security as cloud hosting services are being used by attackers to host malware droppers. The use of this tactic allows attackers to hide the origin of their attacks and further evade detection. The exploitation of trust is a major component of such attacks.

With the proliferation of Android-based devices, malicious apps have increasingly found their way to user devices. Many solutions for Android malware detection rely on machine learning; although effective, these are vulnerable to attacks from adversaries who wish to subvert these algorithms and allow malicious apps to evade detection. In this work, we present a statistical analysis of the impact of adversarial evasion attacks on various linear and non-linear classifiers, using a recently proposed Android malware classifier as a case study. We systematically explore the complete space of possible attacks varying in the adversary's knowledge about the classifier; our results show that it is possible to subvert linear classifiers (Support Vector Machines and Logistic Regression) by perturbing only a few features of malicious apps, with more knowledgeable adversaries degrading the classifier's detection rate from 100% to 0% and a completely blind adversary able to lower it to 12%. We show non-linear classifiers (Random Forest and Neural Network) to be more resilient to these attacks. We conclude our study with recommendations for designing classifiers to be more robust to the attacks presented in our work.

Since malware has caused serious damages and evolving threats to computer and Internet users, its detection is of great interest to both anti-malware industry and researchers. In recent years, machine learning-based systems have been successfully deployed in malware detection, in which different kinds of classifiers are built based on the training samples using different feature representations. Unfortunately, as classifiers become more widely deployed, the incentive for defeating them increases. In this paper, we explore the adversarial machine learning in malware detection. In particular, on the basis of a learning-based classifier with the input of Windows Application Programming Interface (API) calls extracted from the Portable Executable (PE) files, we present an effective evasion attack model (named EvnAttack) by considering different contributions of the features to the classification problem. To be resilient against the evasion attack, we further propose a secure-learning paradigm for malware detection (named SecDefender), which not only adopts classifier retraining technique but also introduces the security regularization term which considers the evasion cost of feature manipulations by attackers to enhance the system security. Comprehensive experimental results on the real sample collections from Comodo Cloud Security Center demonstrate the effectiveness of our proposed methods.