Update: The ECS (Engineering and Computer Science) Center for Cyber Security will host its second “Firewallside Chat” from 10-11 a.m. Friday, March 25, focusing on using “penetration testing” to beat hackers who are at work breaching systems around the world. CSUF alumnus Reza Nikoopour ’15 (B.S. computer science) of Cigital Inc. is the featured speaker. The free event is open to the public and will be held in the Cypress Multipurpose Room of the Cobb Residence Halls. To RSVP visit online.
Cal State Fullerton’s Mikhail Gofman, assistant professor of computer science and director of the ECS Center for Cyber Security, discusses the issue of computer security and the vulnerability of hackers using malware to take control of computer systems — crippling businesses and accessing sensitive data.
These threats target companies, such as the recent attack on a Los Angeles hospital, and government institutions around the world, and steal sensitive and private data and sabotage critical infrastructure, such as power plants, said Gofman, an expert in Web security, virtualization and cloud security, and biometric authentication.
Why is ransomware a growing problem?
Ransomware, like many varieties of malware today, is distributed by the pay-per-install networks (PPIs), which are black markets specializing in malware distribution for profit. Back in the old days, hacker enthusiasts spread malware to get a feeling of accomplishment for having successfully infected the system. Today, the majority of malware spreading is done for profit.
How are systems breached?
The attackers develop malware, such as ransomware, trojans, fake antiviruses and worms that are designed to help them achieve monetary gain. Attackers then hand their creations to PPI networks, which for a fee, plant the attackers’ malware in many systems. Everybody wins, except the victims, and the attacker’s malware extracts money from the infected systems and users, and PPIs make money from the attackers who pay them for their distribution services.
Many of the vulnerabilities that allow attackers to successfully plant malware, such as ransomware, are not new. They are a result of insecure system implementations and configurations, most of which are avoidable. For example, a company not forcing all email attachments to be scanned for infections prior to opening them.
What can be done to prevent ransomware?
First and foremost, company employees must be trained to make security-conscious decisions. One employee opening an infected attachment can result in the ransomware spreading throughout the company network.
Employees should not: open attachments in unsolicited/suspicious emails, insert personal USB drives to their work computers, connect personal computers or phones to their work computer through Bluetooth, or visit shady sites from work computers. Companies should also ensure that their network is firewalled, in order to prevent infections from entering the network, force email attachments and USB sticks to be scanned for infections, and when it comes specifically to ransomware, maintain redundant backups of all important data. On the broader scale, law enforcement needs to crack down on the people who develop ransomware. It’s important that we pursue not just the creation, but also the creators.
What is the center doing in the fight against cyberthreats?
Our strongest weapons in the fight against malware are education and research. We must prepare a generation of security experts and security-conscious users, as well as research solutions to the new problems that arise. Through the center, we’ve revised courses in computer security and cryptography, and created courses in network security and cloud computing. We’re working to develop more courses, including a course in malware analysis.
Through faculty-student collaboration, the center also has produced a number of publications, including three publications presented at conferences in Italy and Spain last year. An article in the Communications of the Association of Computing Machinery is due out in in April. Through faculty-student research, we are working with industry to help research solutions for their security problems and to address pressing issues in cyber security.