Many of us may have had experiences with an attempted cyberattack. Emails appearing to be from a friend or popular retailer could actually be criminals hoping to steal your social security number, email address, credit card numbers or intellectual property. When they happen to a company, these attacks can cost millions of dollars.
Through malware—short for “malicious software”, these criminals have been responsible for data breaches across the country, leaving companies scrambling to shore up their cybersecurity defenses and prevent future attacks. The Department of Homeland Security Science and Technology Directorate (S&T) Cyber Security Division (CSD) has made it a top priority to develop tools to prevent these malware attacks before they can do harm.
“Our aim is to work with our private sector partners to protect the nation’s critical infrastructure systems and commercial marketplace,” said S&T Cyber Security Division Director Douglas Maughan. “Showcasing and, most importantly, transitioning these technologies into the commercial market will be impactful to all organizations engaged in securing cyberspace and protecting various organizations such as government, public utilities and healthcare.”
One of these technologies developed is the Federated Malware Analysis System (FMAS), a CSD-funded technology aimed at countering the strengths of a malware attacker. Many malware analysis solutions “cluster” malware behaviors into “families” so it is easier. The FMAS tools are used to detect malware based on how they respond in an environment.
Additionally, CSD is working with several malware detection technologies through its Transition to Practice (TTP) program, which identifies government-funded technologies being developed in the lab that have the potential to improve the nation’s cybersecurity posture. In 2015, S&T introduced two technologies – that join three of TTP’s existing technologies in addressing malware. CSD will introduce one of these solutions at the TTP Technology Demonstration Day for Investors, Integrators, and IT Companies – West in Santa Clara, Calif., on June 9.
“We are looking forward to taking these technologies on the road because we know these solutions can impact the cyber landscape that the Department is working to protect,” said S&T Cyber Security Division Transition to Practice Program Manager Michael Pozmantier. “These events allow us to develop partnerships with the cyber-operations and business community—ultimately helping to accelerate transition.”
The two technologies, AMICO and ZeroPoint, both featured in this year’s TTP guide, aim to send malware alerts in real time, classify malware for future attacks and inspect data to identify what the malware aims to do, and stop it before it does harm.
CodeDNA approaches malware detection using bioinformatics in order to learn the unique attributes of malicious code and find other instances where the code is used. Hyperion, a recently commercialized technology to R&K Cyber Solutions LLC, mathematically calculates the behavior of software allowing companies to thoroughly test and validate their software. MLSTONES also uses bioformatics and quickly categorizes data and compares attributes of the data to determine if it poses a threat.
The 2015 TTP guide gives a full listing and description of these technologies. If you have an interest in these or other emerging technologies, read this year’s Transition to Practice Guide or email: ST.TTP@hq.dhs.gov. To learn more about CSD’s research and development projects, visit www.dhs.gov/cyber-research.