Corporations, small businesses, nonprofits and customers — in other words, nearly everyone — beware! Computer hackers launched more than 137.4 million new malware programs in 2018, the equivalent of more than 261 per minute, according to one estimate.
On a typical day, a large corporation may receive tens of thousands of security alerts warning about possible malware — too many to fix. Traditionally, security systems look for malware by watching for known malicious files and blocking them. However, these systems fall short with threats known as zero-day malware, which exploit a security vulnerability on the same day it becomes known to the public or the vendor who created the software.
“Nearly every technology in cybersecurity today is about stopping attacks that are already in progress,” says Paulo Shakarian, CEO and co-founder of CYR3CON™, an Arizona State University cybersecurity spinout. “Even in large companies — with tens of thousands of employees and computer systems — malware can spread through a system in 90 seconds or less. With threats like that, prevention is really the best option.”
Enter CYR3CON, which recently filed its first patent for software that uses artificial intelligence, machine learning and data mining — along with knowledge of the workings of online hacker communities such as those on the dark web — to predict where hackers are likely to strike next.
CYR3CON collaborated with ASU to form a Practice Lab™, a unique partnership that pairs organizations with teams of highly skilled students to help them solve pressing problems. Companies can access a customized talent pool for creating innovative solutions, while the students gain invaluable hands-on experience.
Students working with CYR3CON accelerated the development of its at-risk system identification software and recent patent application. The new software will be commercialized as part of CYR3CON’s suite of products that guides users in making informed decisions about how to prevent cyberattacks.
“A major challenge in cybersecurity is the constant need to stay ahead of potential malicious actors. A preventive approach helps address precisely this challenge, allowing the defenders to focus on systemically designing for security, instead of playing whack-a-mole,” says Nadya Bliss, executive director of the Global Security Initiative, ASU’s hub for interdisciplinary security research. GSI supported some of the early stage research that was pivotal to the launch of CYR3CON.
A new kind of battleground
The seeds of the idea for CYR3CON’s preventive approach to cybersecurity were planted on the battlefields of Iraq, where Shakarian served two combat tours as an officer in the U.S. Army.
“I started out as an analyst in the Army, focused on terrorists and insurgents and predicting what they would do. I researched what people wrote about terrorists or insurgents and results from various forms of intelligence. My experience was nontechnical, totally operational, but it gave me a good framework for thinking about how to counter threats,” says Shakarian, now an assistant professor of computer science and engineering in ASU’s Ira A. Fulton Schools of Engineering.
“Earlier in my career, I was applying this to the problem of how to deal with terrorists, insurgents and criminals. As things evolved, it became apparent that cybersecurity much needed this technology. When I formed a group at ASU, CySIS (Cyber-Socio Intelligent Systems Laboratory), we focused on cybersecurity. Over time, we discovered some of this technology is commercially viable, so we created CYR3CON,” he adds.
Whispers of WannaCry
After incorporating in 2016, CYR3CON received national media coverage in The Economist, CNN, Slate and CBS for its predictive intelligence prior to the WannaCry attacks in May 2017.
One of the largest cyberattacks to date, WannaCry paralyzed computers and business operations in more than 150 countries. It forced Great Britain’s public health system to turn away patients and froze computers at government agencies in Russia and FedEx in the United States. A ransomware worm encrypted files, making them impossible to access, and demanded a ransom payment in bitcoin to decrypt them. In just a few hours, the ransomware caused billions of dollars in damages.
CYR3CON found evidence of hackers discussing the WannaCry attacks before they happened on dark web forums in several languages, including English, Russian and Arabic.
CYR3CON makes it possible to predict what software hackers will target — a key problem in large enterprises. This is accomplished by advanced machine learning algorithms powered by data collected from a platform that scours nearly 1,000 hacker websites. It sifts through thousands of hackers’ posts and discussions on dark web sites to accurately predict what cybersecurity system weaknesses they will target next.
This ingenious approach has won numerous awards, such as the TechConnect Defense Innovation Award at the Defense Innovation Technology Acceleration Challenges Summit, a meeting of leaders in defense and security industries and officials in government agencies and the U.S. military. It was also a finalist in tech startup and business competitions held by the Arizona Technology Council and PricewaterhouseCoopers.
Students creating solutions
As part of the CYR3CON Practice Lab, computer science graduate students Kazuaki Kashihara and Anant Sharma have discovered a fascinating application for their technical expertise.
“I can apply what I have learned to the real world's issues at CYR3CON through the lab and fill the working experience in my resume while I am pursuing my degree,” Kashihara says. “I also can extend my professional network through this lab experience since I meet other researchers inside and outside of CYR3CON.”
“Machine learning is quickly spreading its roots in the field of cybersecurity,” Sharma says. “I was quite excited to work with a different kind of data set and apply the algorithms in order to detect and classify cyberthreats. Being a startup, I was also excited by the opportunity to learn, grow and develop new skills.”
Practice Labs played a key role for CYR3CON in accelerating software development and commercialization, Shakarian says.
Cyberattacks take a heavy toll on the U.S. economy, with losses totaling from $57 billion to $109 billion in a single year, according to a 2018 report by the U.S. Council of Economic Advisers. With losses like these, it’s clearly time to reboot the nation’s cybersecurity systems with a new approach.
Shakarian believes today’s data security threat levels call for a “next-generation cyber threat intelligence company.”
“CYR3CON was really the first company to be doing predictive cyber,” he says. “We want to become the standard for predictive cyber, for both our own products and working with other companies.”