Can AI stop hackers using coronavirus?

The World Health Organization reported a doubling of cyberattacks last month, including an attempt to mimic its internal email system to get passwords of staffers. Security firm Barracuda Networks also noticed a huge global spike in email phishing related to coronavirus, preying on people’s fears and curiosity.

PricewaterhouseCoopers found waves of phishing campaigns targeting 50 leading Indian companies which were setting up VPN (virtual private networks) and other infrastructure to help people work from home. Thousands of coronavirus-themed websites are popping up daily, many of which are malicious.

The bigger worry is that breaches may not become evident for months or years. Hackers can use the coronavirus situation to burrow in and lie dormant with their malware. Then they can keep siphoning off data or money until the breach is detected.

PRACTITIONER’S VIEW

“It’s a good time for them to get in,” says Sriram Govindan, co-founder of Bengaluru-based cybersecurity startup Anlyz. “They start figuring out sensitive data and collecting it from the day they get in.”

Govindan was a security analyst with cloud data storage company Netapp before launching Anlyz in 2017. Netapp was also the first testbed for its product after Anlyz joined the U.S multinational’s accelerator programme in Bengaluru. Last December, it went live with a managed security service provider in Bengaluru which has deployed the product for its enterprise customers.

At Netapp that Govindan noticed operational problems enterprises faced handling cybersecurity. “You have analysts leaving within a year. Or when a senior analyst leaves, the rest don’t know what they’re doing,” he says. “You may have a playbook or process, but some common sense is required for cybersecurity analysis.”

Anlyz tries to bridge that gap with AI. Its product can look over an analyst’s shoulder, so to speak, and suggest actions based on earlier patterns, contextual analysis and self-learning. “It helps junior analysts make decisions straightaway instead of bumping them up to a senior analyst. So, the senior analyst focus on bigger issues instead of spending time on commodity stuff or guiding the junior guys,” says Govindan.

There are many cybersecurity products that enterprises can buy off the shelf. What Anlyz has tried to do differently is to build a product suite keeping the practitioner’s work environment in mind. This comes from Govindan’s long experience of working in this field.

“Several young startups—unlike major incumbents saddled with legacy constraints—are building cybersecurity products with AI/ML capabilities. What sets Anlyz apart is that Sriram has codified his insights from over 22 years of operational experience as a security analyst into the platform. The mix of such codified domain knowledge and advanced technology attracted me to Anlyz,” says Venkat Raju, who is an angel investor and mentor for the startup. Anlyz raised seed funding from the Indian Angel Network last year.

Before Netapp, Govindan was a security consultant for Wipro in Vancouver after a stint with a telecom company in Bahrain. His hands-on work with networks started as a freelancer in Bengaluru in 1993 when he dropped out of formal education after the 10th standard. This spanned the whole gamut from administering security on servers to developing intranet and internet services for companies from the early days of the web.

“I used to go to all the big companies in Bengaluru, actually lay the cables, and put the Ethernet or Arcnet cards into the systems. I would do all that physical work and also configure everything,” recalls Govindan. “I was usually the only guy available who knew how to configure network operating systems like Novell Netware for these companies.”

After working abroad, Govindan returned to Bengaluru in 2010 as an incident response analyst for Netapp where his role included reverse engineering of malware. He used to go for walks in a park in HSR Layout with his cousin Parkavi Ramasamy, who was running a fashion venture. It was on one of these walks three years ago that they decided to co-found Anlyz. “Our products were built ground up,” says Ramasamy. “That means we understand the complexities of information security from a data as well as a business perspective.”

Having an eye for art, colour, and texture, it was a natural progression for Ramasamy to start a fashion boutique. “That journey was an eye-opener and made me understand that I love working in a business setup where I’m constantly creating and thinking and daring to dream.”

TACKLING PHISHING

Ramasamy takes care of business development for Anlyz, leaving Govindan free to innovate with the tech around cybersecurity. Apart from the products Anlyz had developed, he’s working on a tool called Phishbox to control phishing which is the most common way for intruding into an organization. Spam filters and phishing alerts are already a part of software products we use, including email. What’s harder to stop is targeted phishing, says Govindan. Take for example a mail from a CEO to a CFO asking for payments to be made to vendors. The CFO forwards it to an accountant. “I worked on a case like this with an enterprise that actually lost a lot of money,” says Govindan.

This is where AI comes in handy to spot anomalies, such as where the email originated or sentiment analysis of the email’s contents to signal possible phishing. Phishbox is in an alpha stage and so is EmailSandbox which can be installed in places like schools for users to drag and drop any email for analysis.

Govindan does a lot of “reverse phishing” in his spare time. He has a US number on which he once received a voicemail saying his social security number was blacklisted and there would be an arrest warrant if he didn’t act immediately. “I usually give a call back, asking them what’s the best way out. It’s good learning for us because we’re trying to understand the creative ways in which these guys are trying to defraud you.”

Phishing is a form of social engineering and the coronavirus situation has opened up new avenues for manipulating overwrought people into divulging confidential information. “It can end up with your digital life being compromised. You could let out a lot of things about yourself, your banking and UPI IDs as well as your organization’s source code, patent papers and all kinds of stuff.”

―Livemint