Hackers could trick scientists into making deadly toxins

A new cyber attack could unleash a synthetic virus pandemic

A female scientist looking through a microscope in a laboratory

According to Ben-Gurion University of the Negev cyber security researchers, hackers could trick unwitting biologists into generating dangerous toxins in their labs.

Criminals generally must have physical contact with a dangerous substance to produce and deliver it. However, a new paper just published in Nature Biotechnology claims it’s now possible for malware to easily replace a short substring of the DNA on a bioengineer’s computer so they unintentionally create a toxin-producing sequence.

Rami Puzis, head of the BGU Complex Networks Analysis Lab, a member of the Department of Software and Information Systems Engineering and Cyber@BGU, said to regulate the intentional and unintentional generation of dangerous substances, most synthetic gene providers screen DNA orders. This is currently the most effective defense against such attacks.

“However, outside the state, bioterrorists can buy dangerous DNA, from companies that do not screen the orders,” Puzis said. “Unfortunately, the screening guidelines have not been adapted to reflect recent developments in synthetic biology and cyberwarfare.”

Researchers found that a weakness in the US Department of Health and Human Services (HHS) guidance for DNA providers allows screening protocols circumvention using a generic obfuscation procedure that makes it difficult for the screening software to detect the toxin-producing DNA.

“Using this technique, our experiments revealed that that 16 out of 50 obfuscated DNA samples were not detected when screened according to the ‘best-match’ HHS guidelines,” Puzis said.

The researchers also found that accessibility and automation of the synthetic gene engineering workflow, combined with insufficient cyber security controls, allowed malware to interfere with biological processes within the victim’s lab, making it possible to write an exploit into a DNA molecule.

Researchers said that this DNA injection attack demonstrated a significant new threat of malicious code altering biological processes. 

“Although simpler attacks that may harm biological experiments exist, we’ve chosen to demonstrate a scenario that makes use of multiple weaknesses at three levels of the bioengineering workflow: software, biosecurity screening, and biological protocols,” said researchers. This scenario highlights the opportunities for applying cyber security know-how in new contexts such as biosecurity and gene coding, they added.

Puzis said that the attack scenario underscores the need to harden the synthetic DNA supply chain with protections against cyber biological threats.

“To address these threats, we propose an improved screening algorithm that takes into account in vivo gene editing. We hope this paper sets the stage for robust, adversary resilient DNA sequence screening and cybersecurity-hardened synthetic gene production services when biosecurity screening will be enforced by local regulations worldwide,” Puzis added.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021
Alibaba ECS instances targeted in new cryptojacking campaign
cryptocurrencies

Alibaba ECS instances targeted in new cryptojacking campaign

16 Nov 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022