Cybercrime now affects many companies or institutions with increasingly sophisticated viral attacks. In this highly secure Loria lab, researchers examine all suspicious movements signaling malware activity. Thanks to the “Defense against Malware” research program, their mission is to detect computer attacks before they are triggered.
This will also interest you
[EN VIDÉO] What is a cyber attack? With the development of the Internet and the cloud, cyberattacks are becoming more and more frequent…
Detect the computer attack even before it materializes: near Nancy, in eastern France, researchers are analyzing how cybercriminals operate in a unique research program in Europe. In the basement of the Lorraine Laboratory for Research in Computer Science and its Applications (Loria), in Villers-lès-Nancy, there is a “highly secure” research room: its windows could withstand seven blows from an ax.
Inside the “high security laboratory” (LHS), computer screens with which researchers listen to the “background noise” of the data, in partnership with the National Institute of Information and Communications Technology from Tokyo. Concretely, movements are spotted on IP addresses “ which should not be used “, which may foreshadow a future attack. And with their “honeypot” technique, academics are already luring attackers into traps on a daily basis, to then analyze their hacking methods.
France has two high security laboratories, the other is in Rennes, in the west of the country. Gone are the days when antiviruses made it possible to protect your data against the basic hacker who launched his attacks. at the bottom of a garage », underlines Jean-Yves Marion, former director of Loria. They are now more organized. In recent years, the threat has multiplied according to him, making “ essential university mobilization (…) in constant contact with the world of business and public authorities ».
Increasingly sophisticated attacks targeting businesses
Since Loria’s creation in 2010, researchers have collected more than 35 million pieces of malware. If it allows them to analyze and test them, “ It is insufficient », insists Mr. Marion. Now, a new research program launched in June, the “ DefMal » — for Defense against malicious programs — comes to register “ in an acceleration strategy announced by the President of the Republic », underlines Lorraine University of Excellence.
Presented as unique in Europe, an “unprecedented” budget of 5 million euros over six years was allocated to it. “ Above all, it will make it possible to hire doctoral students and engineers », according to Jean-Yves Marion. The issue today is “ to detect this malware before it attacks ».
An attack begins with the exfiltration of data which is then encrypted. Some can last for months, the researchers insist: the exfiltration is done in small pieces, so as not to cause alarm. And a sign of the professionalization of cybercriminals, the attacks are increasingly sophisticated, underlines Régis Lhoste, president of the company Cyber-Detect, which was created as a continuation of the work of Loria: malicious programs are “ today designed specifically to attack your business », tailor-made, while using some structures already seen in the past.
Companies and institutions overwhelmed by attacks
Its young growth works with many companies or institutions, offering them its expertise to anticipate attacks or understand them, via analyzes of computer viruses similar to those used in medical research. Abdelkader Lahmadi, teacher-researcher at Loria and co-founder with other researchers of the young Cybi company, explains that large companies “ are submerged » by the reports of vulnerability flaws which are multiplying.
The solution developed by the researchers and now marketed, based on artificial intelligence, makes it possible to “ reveal attack paths » which could be used: this could, for example, start with the hacking of a surveillance camera in a parking lot, and then damage the entire production unit of an industrialist.
With DefMal, academics will go further, seeking to determine how cybercriminal organizations operate: how do they recruit and communicate? How do they launder money? This analysis requires work “ together » with lawyers and economists, according to Jean-Yves Marion. Loria researchers also work with the police or gendarmerie on certain investigations.
rewrite this content and keep HTML tags