Through DSbD’s Technology Access Programme, Digital Catapult – the UK authority on advanced digital technology – awarded ten companies the opportunity to trial and experiment with potentially game-changing prototype cybersecurity technology. Developed by researchers from the University of Cambridge, in collaboration with Arm, the technology is believed to block two thirds of cyberattacks, once implemented.
CHERI, a redesigned version of a computer’s central processing unit, is key to making systems less vulnerable and has been launched as a prototype system on the chip and demonstrator board known as Morello. For six months, the selected companies will have access to these CHERI-enabled Morello prototype boards, to use as they wish within their own businesses. In addition to technical guides and support, the companies will also receive £15,000 to support their experimentation period. Companies selected include: DataCore Software UK, Ioetec, Inventia UK, RealVNC, Riskoa, and SensorIT.
As Professor John Goodacre, Challenge Director, Digital Security by Design, UK Research and Innovation, attests: “Digital Security by Design will radically update the foundation of the insecure digital computing infrastructure by creating a new, more secure hardware and software ecosystem. The breadth of companies taking part in this technology access programme is a key step in building a security-first mindset amongst industry.”
The project could not have come at a better time, when persistent threat actors remain active with innovative attack strategies. Indeed, just yesterday researchers from BlackBerry Threat Research & Intelligence team, along with Intezer security researcher Joakim Kennedy, discovered a new Linux malware, dubbed Symbiote. As its name eludes, the malware operates in a parasitic matter. In other words, it is unique in that it does not run as a standalone executable file. Rather, it infects other running processes in order to harvest credentials and wreak havoc through remote access capabilities. Worse still, it has the ability to conceal itself, making detection difficult.
In general, malware tends to be delivered through two key attack vectors: social engineering and software vulnerabilities. If we can limit successful infiltration through vulnerabilities, we will fare much better in the fight against cybercrime.