Tag Archive for: FIU

FIU study: Ransomware can hide in the websites you upload files to

/in


FIU cybersecurity researchers warn websites that request access to your files might be able to bypass antivirus software and carry out major ransomware attacks.

Free photo editors, tax document assistants and other online apps that ask for permission to access your media can encrypt files and effectively take control of them, an FIU College of Engineering and Computing study shows. These attackers could then demand ransom in exchange for the files’ safe return.

The researchers say that the hack works on all three major PC operating systems: Windows, Linux and Mac OS. Some cloud services such as Apple Cloud, Box, Google Drive, OneDrive and Dropbox are also susceptible, as well as external drives.

Just two things are needed for a malicious website to conduct the attack.

  1. A person needs to say, ‘yes’ to a pop-up that asks them to share their files, such as ‘Allow this website to access your photos?’
  2. Someone must click, ‘yes,’ on a second pop-up, which is the attack. The pop-up will be disguised as a benign message, such as an advertisement or a request like, ‘May we close the rest of your tabs for you?’

Clicking ‘yes’ on these two pop-ups is all too easy, says Selcuk Uluagac, principal investigator of the research and Knight Foundation School of Computing and Information Sciences professor.

“Antivirus software systems allow these attacks because it is normal for them to give browsers access to files,” Uluagac said. “They don’t detect that anything is wrong.”

The research was conducted in collaboration with Google senior research scientist Güliz Seray Tuncay and published in the proceedings of the 32nd USENIX Security Symposium, which is a top-tier cybersecurity conference according to Google Scholar.

“Everybody knows not to download a suspicious file. Now we are finding that it can be just as dangerous to upload a file,” said Harun Oz, a Ph.D. student on the research team.

These hacks are possible due to the increasing power of web browsers, researchers say.

“Browsers have become much more powerful over time,” said Abbas Acar, a postdoctoral researcher on the…

Source…

Digital attacks fuel the need for network security experts | FIU News

/in


Cyberattacks are surging in all categories of the digital sphere and are likely to become more frequent and damaging, says Alexander Perez-Pons, associate professor in the Department of Electrical and Computer Engineering.

With high profile attacks on network management company SolarWinds; the Colonial Pipeline; meat processing company JBS; and software firm Kaseya the urgency for professionals who can counteract, contain and even prevent network breaches has moved to the forefront, highlighting the great need for graduates with an M.S. in Computer Engineering, which focuses on network security and takes just 10 months to complete.

Security needs

“If you look at the horizon, there will be what looks like an explosion in IoT devices—more devices everywhere recording, monitoring, gathering information,” says Perez-Pons. “These devices make our lives easier, but how can security now not be a major factor?”

When looking at the past 30-plus years of devices and programming, Perez-Pons points out that decades ago, the main push was the functionality and capability of a product. Security for devices was not a main component.

“Consumers assume that companies are doing their due diligence to protect their data with security measures,” cautions Perez-Pons, who admits he does whatever possible to keep his exposure limited.

One common security measure that is taken to limit data exposure is using two-factor identification. Information is a commodity that can be traded even when there are security measures in place—there are privacy concerns today that question how much control you have over your data, he explains. There’s always a possibility that somebody may try to gain access to your devices and this is why two-factor identification is a good thing because it protects the network.

“Minimizing your digital ‘surface’ or exposure is a good way of thinking,” says Perez-Pons, and it starts with cybersecurity that considers network security. “So, if the networks are safe, good communication can take place and anything that is suspicious or could have malicious intent can be identified and stopped before it goes further.”

National need

This was the case in the Kaseya breach….

Source…

Cyberstalkers can hack into HDMI ports – FIU researchers are studying a way to detect these attacks | FIU News

/in


 

In this day and age, there’s a feeling that hackers lurk around every corner waiting to take advantage of innocent people — through the internet, your credit card, even your smart home devices. A team of FIU researchers are studying how to prevent individuals and businesses from an unsuspected vulnerability — HDMI ports.

“In the past, people didn’t know about or pay attention to the security of these devices,” said FIU Professor Selcuk Uluagac, director of the College of Engineering and Computing’s Cyber-Physical Systems Security Lab (CSL). “Anything is on the table when it comes to hacking.”

The CSL studies the intersection of the cybersecurity and privacy fields. Cyber-physical systems involve any computing device that can interact with the physical world – such as an Amazon Echo, a drone, or an Apple Watch. The goal of CSL is to find ways to make the digital infrastructure we use and interact with every day more secure against malicious activities.

The team at the CSL designed a patented solution, called HDMI-Watch, which can track HDMI hacks in real-time. It utilizes advanced machine learning algorithms, where the system learns about the typical HDMI commands that a device receives and transmits and will be able to detect abnormal ones. If the system detects abnormal commands, it will alert the user. This can make consumers aware of the attacks so that they can be stopped or prevented.

HDMI, or “High-Definition Multimedia Interface,” is a piece of common auxiliary equipment that is used to transmit audio and video. When an HDMI cord connects two or more devices – a laptop to a monitor screen, for example – that signal is thereby connected to all other networks. The monitor screen is then connected to a power outlet and to the laptop, which shares a Wi-Fi network with a smart TV, an Amazon Echo, a smartphone, an Xbox, a smart outlet which is controlled by a smartphone, and so on.

“HDMI is everywhere. What we found is that there are some configurations that are very vulnerable,” said Luis Puche, the lead author on the study who is earning a Ph.D. in the security of the Internet of Things in enterprise settings (E-IoT).

The study was published in a…

Source…

Team of Panther engineers creates break-through technology to detect illegal Bitcoin mining on everyday users’ computers | FIU News

/in


Cryptocurrencies may be the way of the future. At least, that’s what many are betting on.

Entrepreneurs and companies are buying, selling and investing funds in cryptocurrencies like Bitcoin. Some retailers are accepting payments in cryptocurrency already. And, most recently, Miami Mayor Francis Suarez proposed that the city begin using Bitcoin for some of its financial transactions, including for employee salaries.

The popularity of cryptocurrencies is attracting a number of people – including hackers. Hackers are currently finding low-cost ways to “mine” Bitcoin and other cryptocurrency illegally by tapping into everyday people’s computers and using those machines’ resources without their consent. The result? Hackers make millions mining cryptocurrency using other people’s computers. Meanwhile, the victims often find their computers slow down and become impossible to use without realizing what’s going on.

This form of hacking – called “cryptojacking” – is happening across the world at astonishing rates. Miners have not only hacked into regular folks’ computers, but they’ve also hacked into major businesses, retailers and governmental agencies to use their servers and machines.

Faraz Naseem ’18, MS ’20 is working to find a solution. Naseem works at FIU’s Cyber-Physical Systems Security Lab, part of the College of Engineering and Computing. Under the supervision of the lab’s director Selcuk Uluagac, Naseem, postdoctoral researcher Ahmet Aris, researcher and lab member Leonardo Babun ’15, MS ’19, PhD ’20 and current electrical and computer engineering master’s student Ege Tekiner, created a novel software to address the problem.

The team created a first-of-its-kind software that detects cryptojacking happening in real-time with an accuracy rate of nearly 99 percent.

“We are one of the first in the world to identify cryptojacking,” says Uluagac, who is also an eminent scholar-chaired associate professor in the Department of Electrical and Computer Engineering and Knight Foundation School of Computing and Information Sciences. “As Bitcoin technology becomes more prevalent, we will need these types of protections. Miami is already in the…

Source…