Tag Archives: cyber-attack

Sci Fi Like Devices Part Of Queen’s Park Security Update

Canadian director James Cameron projected into the future for 1986's Aliens radar motion tracker. Now this tech seems to be ready for Queen's Park.
1986 film- Aliens radar motion tracker. Now this tech is ready for Queen’s Park.

Eight years ago at Queen’s Park, the Cross-Border Institute (CBI), part of the University of Windsor, hosted an event to demonstrate advances in security, surveillance and fingerprinting technology. That technology had immediate application for border crossing screening, supply chain security and cybersecurity.

The CBI hosted the event as part of its mandate to support ongoing, practical research aimed at addressing numerous cross-border issues with the United States. The CBI works in collaboration with a number of University of Windsor departments, private sector partners and organizations and all levels of government, looking at making land border crossings work better.  The technologies demonstrated represented a number of research projects and initiatives currently being conducted at the University of Windsor as part of its strategic focus related to understanding borders. These projects and activities were also supported by the Department of Research and Innovation at the University of Windsor.

Queen’s Park staff and members had a first-hand opportunity to see the work of Dr. Roman Maev’s high-speed biometrics ultrasonic system for 3-D fingerprint imaging. This system allows reconstruction of fingerprint patterns from deeper layers of skin while embedding the internal parameters of these deeper layers as key features of the fingerprints. Also on display was Dr. Sazzadur Chowdhury’s 77GHz short range radar. At the time- the smallest and thinnest in the world and economical enough to be carried by an individual for mobile motion detection or used in multiples in such large surveillance application as airports. Cue the Aliens movie soundtrack.  Both Drs. Maev and Chowdhury are members of the University of Windsor Faculty.

The University of Windsor has developed an area of expertise in technologies that can detect threats and violations, provide positive identification and secure the transfer of data. The projects all have practical security applications and are at or approaching the commercialization stage. All of these projects have received support from the Federal Development Corporation for Southern Ontario (FedDev Ontario) Prosperity Initiative Project 802390, which is administered by the Cross-Border Institute at the University of Windsor.

Quick Facts: The Cross-Border Institute at the University of Windsor was founded in 2008 under the direction of Dr.  Bill Anderson.  The Centre approaches the study of border issues from a multi-disciplinary perspective that includes economic development, geography, engineering, management science and political science.  The CBI has focused on initiatives, events and research that address ongoing challenges at land crossings between Canada and the United States. The CBI, as part of the University of Windsor, looks at the impact of trends in cross-border transportation and the impact of policy decisions by governments on both sides of the border. Currently, the CBI is working to launch Canada’s first university level certificate program in border management, Managing Borders and International Trade.

Technology Quick Facts:
Short Range Radar for Surveillance ApplicationsUWindsor engineering professor Dr. Chowdhury has developed the world’s smallest and thinnest short-range radar unit. Because it is inexpensive to build and completely weatherproof it can be used effectively in a variety of applications for motion detection, ranging from individual units attached to a soldiers uniform to arrays of units for border and perimeter surveillance.

High Speed Biometrics Ultrasonic System for 3D Fingerprint Imaging – World-renowned UWindsor physicist Dr. Maev has taken a new approach to fingerprinting using acoustic microscopy technology. This device generates far more detailed information from fingerprint images below the skin level, making it more accurate than conventional technologies, yet it is fast and practical.

Real Time Location System for Security and Indoor LocationBased on the novel indoor positioning method developed by Dr. Majid Ahmadi and Dr. Rashid Rashidzadeh at the University of Windsor, this system will identify, locate and track people in indoor environments. Its positioning algorithm takes advantage of various sensors on smartphones to improve positioning accuracy.

Automated Vehicle IdentificationCameras that can read license plate information are increasingly common. University of Windsor computer scientists Dr. Imran Ahmad and Dr. Boubakeur Boufama have taken this technology several steps farther, allowing the shape and colour of a car to be extracted from video feeds and stored in a database. This technology will be tested in the University of Windsor’s new parking structure in the Spring of 2015.

Data Encryption Using Graphical Processing Units (GPUs)Data encryption is an increasingly important function that normally requires the use of expensive add-on cards known as crypto-accelerators. UWindsor researcher, Dr. Roberto Muscedere has developed algorithms that make it possible to achieve the same kind of encryption using much cheaper GPU units typically found in laptop computers and game consoles.

Secure vehicle-to-vehicle (v2v) communicationsAdvanced vehicular communications technology has enabled such life-saving features as collision warning, collision avoidance and emergency vehicle signaling. However these systems may be vulnerable to cyber-attacks that threaten the privacy and safety of drivers and passengers. University of Windsor faculty researchers Dr. Mitra Mirhassani, Dr. Kemel Tepe and Dr. Wu and their students are working to fill security gaps in V2V systems.

Control, Monitoring and Surveillance in Wireless SystemsLarge scale power and communications systems, manufacturing and process control plants, networked building energy systems and others are increasingly controlled by autonomous, sensor-rich, wireless systems. Given the consequence of failure in these systems and the danger of cyber-attacks upon them, UWindsor researchers Dr. Mehrdad Saif, Dr. Rashid Rashidzadeh, Dr. Alavi and Dr. Razavi-Far are developing methods to detect intruders and faults early.

Sensor fusion for concealed weapons detectionConventional images are good for revealing a person’s identity, while infrared images can spot concealed weapons. But what if you want to both identify a person and know if they are concealing a weapon? A University of Windsor engineer, Dr. Jonathan Wu, has found a way to fuse information from different sensors to produce a clear image not only of a suspect’s appearance but also of any concealed weapon they are carrying. For the Silo, Jarrod Barker. 
Learn More: www.uwindsor.ca/crossborder

Google and Microsoft products accumulated the most vulnerabilities in H1 2021

Cybercriminals are constantly attempting to exploit vulnerabilities that affect as many people as possible to maximize their profit opportunities. 

According to the recent Atlas VPN team findings, Google and Microsoft accumulated the most vulnerabilities in the first half of 2021. Although not all exposures can cause critical damage, hackers could exploit some of them for severe attacks. 

HSE cyber-attack: Irish health service still recovering months after hack -  BBC News

Google had 547 accumulated vulnerabilities throughout the first half of 2021. Exploiting Google products like Chrome is popular among cybercriminals. Next up, the second most exposures were found in Microsoft products — 432. State-sponsored threat actors from China abused Microsoft Exchange Server vulnerabilities to carry out ransomware attacks. 

Microsoft accuses China over email cyber-attacks - BBC News
Microsoft accuses China over e-mail cyber attacks. Image; BBC News

Oracle registered 316 total vulnerabilities in the first six months of 2021. Usually, the exploits are found in Oracle WebLogic Server, which functions as a platform for developing, deploying, and running enterprise Java-based applications. 

Networking hardware company Cisco accumulated 200 vulnerabilities. Lastly, the producer of software for the management of business processes SAP had 118 exploits in total. Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on Microsoft and Google vulnerabilities: “Exploiting vulnerabilities in Google or Microsoft products allow cybercriminals to probe millions of systems. While the tech giants are doing a fair job of keeping up with exploits and constantly updating their software, people and organizations need to follow suit and keep up with the updates to prevent further exploitation.”

Vulnerability tiers 

Exploits that can be turned into a severe attack get more attention from cybercriminals and companies themselves to fix the flaw as soon as possible. In the first half of 2021, there were 1,023 vulnerabilities found with a risk tier of 10.

One of the exploits that applied to such a tier is CVE-2021-22986, with a score of 9.8. National Vulnerability Database (NVD) issued risk tier 9 to 927 vulnerabilities. At this tier, exploit CVE-2021-28111 stood out with a score of 8.8. NVD recorded most vulnerabilities at a risk tier of 8 — 2,164. A notable exploit was CVE-2021-24092, with a score of 7.8. Finally, NVD recorded 501 vulnerabilities at risk tier 7. While second-most vulnerabilities — 1,765 — were found at tier 6. 

google-and-microsoft-accumulated-the-most-vulnerabilities-in-h1-2021

Current State of Cybersecurity Doesn’t Work

“You pay your money, as the saying goes, and you take your chances.” says Falkowitz, CEO of Area 1 Security. “More and more these days, it seems like this ‘policy’ is the rule rather than the exception, in everything from health care insurance to the commuter parking lot. Even though you’ve paid for the product or service, no one’s really responsible for some reason when you suffer damages while consuming whatever it is you bought. Or worse yet, you somehow find that whatever you bought doesn’t really do what you bought it for. And there’s an asterisk somewhere in the fine print to explain why. Unfortunately, nowhere is this more prevalent than in today’s cybersecurity industry.”

Despite the billions spent on cybersecurity we continue to suffer the most debilitating and expensive breaches imaginable, and some that cannot be imagined under any circumstances. Yet experts predict the worst is still to come. Cybercrime has moved from data theft and website defacement to a trajectory that includes data manipulation, data loss and eventually, if something is not done to change the economics of being a bad guy on the internet, threats to the stability of society itself.

“Cybersecurity companies seem to be content to collect their millions with the caveat that they can’t really offer protection in exchange,” continues Falkowitz. “Their customers likewise collect mountains of data on their customers and are appropriately contrite when that data is stolen or misused but the apology is not accompanied by compensation. Even the government can’t protect itself, or its citizens even if they’re attacked by another nation-state.”

Phishing

The excuses and the explanations are familiar: Cybersecurity is too complicated. Hackers are too clever. Attacks are unprecedented.

“Nonsense. Every bit of it.” says Falkowitz. “Cybersecurity is no more complicated than hundreds of other things we do routinely, from sending astronauts into space or open heart surgery. Hackers are human, just more persistent about how to fool the rest of us. And attacks are based on the same tried and true methods—phishing—they’ve been using for decades.”

Oren J. Falkowitz is the co-founder and CEO of Silicon Valley’s Area 1 Security. Oren held senior positions at the NSA and United States Cyber Command (USCYBERCOM) where he focused on Computer Network Operations & Big Data and is a predominant cybersecurity industry thought-leader committed to keeping high-level national security conversations relevant.  For the Silo, by Jennifer Vickery. 

Supplemental- What exactly is phishing?