Cyberattack Can Dupe Scientists Into Creating Viruses
Cyberattack Can Dupe Scientists Into Creating Viruses
November 30, 2020
Homeland & Cyber Security, Robotics & High-Tech
ZDNet — A new form of cyberattack has been developed which highlights the potential future ramifications of digital assaults against the biological research sector.
Recently, BGU researchers described how “unwitting” biologists and scientists could become victims of cyberattacks designed to take biological warfare to another level.
At a time where scientists worldwide are pushing ahead with the development of potential vaccines to combat the COVID-19 pandemic, the BGU research team says that it is no longer the case that a threat actor needs physical access to a “dangerous” substance to produce or deliver it — instead, scientists could be duped into producing toxins or synthetic viruses on their behalf through targeted cyberattacks.
The research has been published in the academic journal Nature Biotechnology.
The attack documents how malware, used to infiltrate a biologist’s computer, could replace sub-strings in DNA sequencing.
When DNA orders are made to synthetic gene providers, U.S. Department of Health and Human Services (HHS) guidance requires screening protocols to be in place to scan for potentially harmful DNA.
However, it was possible for the team to circumvent these protocols through obfuscation, in which 16 out of 50 obfuscated DNA samples were not detected against ‘best match’ DNA screening.
Remote hackers could use malicious browser plugins, for example, to “inject obfuscated pathogenic DNA into an online order of synthetic genes.”
For an unwitting scientist processing the sequence, this could mean the accidental creation of dangerous substances, including synthetic viruses or toxic material.
“To regulate both intentional and unintentional generation of dangerous substances, most synthetic gene providers screen DNA orders which is currently the most effective line of defense against such attacks,” comments Dr. Rami Puzis, head of the Complex Networks Analysis Lab at BGU’s Department of Software and Information Systems Engineering.
“Unfortunately, the screening guidelines have not been adapted to reflect recent developments in synthetic biology and cyberwarfare,” notes Dr. Puzis.
A potential attack chain is outlined below:
“This attack scenario underscores the need to harden the synthetic DNA supply chain with protections against cyber-biological threats,” adds Dr. Puzis. “To address these threats, we propose an improved screening algorithm that takes into account in vivo gene editing.”