The issue of cybersecurity has been the primary focus of many sectors within the past decade, and justifiably so.
As advances are being made in the information technology sector, cybercriminals are also developing new, sophisticated methods of launching a cyber attack.
This high-profile issue has recently taken center stage after the revelations of CIA hacking and cyber-espionage techniques by WikiLeaks, who has brought to light the vulnerabilities of internet-connected devices.
It may come as good news for the cybersecurity community that a researcher at Ben-Gurion University (BGU) of the Negev has come up with a unique technique that may provide absolute protection from a cyber attack orchestrated through internet images and video.
The University made this announcement through a press release this month.
The BGU press release indicated that a cyber attack launched through internet videos and images should be more concerning to internet users than even vulnerable IoT devices.
According to the Chair of Department of Communication Systems Engineering at BGU, Professor Ofer Hadar, the threat posed by internet media is a lot greater than most people realize.
Image downloads, video downloads, and video streaming make up half of all internet traffic today.
This fraction of all web traffic is expected to increase to 67% by 2020.
As documented by 2016 Cisco Visual Networking Index research report, internet video alone will account for more than 80 % of total global internet traffic by 2020.
As such, cyber attacks are increasingly being focused on downloaded and shared images and video.
The Professor noted that cybercriminals prefer internet images and video due to their ability to bypass the conventional data transfer systems that are employed by well-secured systems.
Videos and images also provide considerable space where malicious code can be planted by a hacker.
The new technique developed at BGU seeks to tackle this developing cyber threat.
Professor Ofer Hadar has termed it The Coucou Project.
In the Coucou Project, Hadar has developed a multiple vector series of algorithms that can prevent the infiltration and extraction of information through images and video.
Through the implementation of his technique, a criminal will not be able to employ the said internet mediums to launch a cyber attack.
Hadar stated that the methodology is based on steganography in the compressed domain.
Steganography refers to the art of hiding data including files, videos, or images within other files.
Digital steganography is carried out by adding secret bits or replacing secret bits in files with data.
This is the same method used by criminals to launch a cyber attack.
They often add malicious code to images and video.
This method is appealing to skilled criminals since it is not widely employed and is a cyber threat that is very difficult to counter.
The idea behind Professor Hadar’s technique is the removal of the malicious code through the manipulation of the files’ contents.
This is carried out while ensuring that the quality of the data and runtime are not affected in any way.
The Professor asserted that preliminary experimental results indicate that a strategy combining the new techniques exhibited 100% cyber attack protection.
The Cyber Security Research Center at BGU has provided significant funding to The CouCou Project.
The Center is the brainchild of a partnership between the Israeli National Cyber Bureau and BGU that aims to see the project into conclusion.
BaseCamp Innovation Center has shown commercial interest in developing the new platform.
The Coucou Project is based on the assumption of two cyber attack scenarios.
The first scenario involves an internet user uploading a video or image to a social network whereby the malicious code allows access by embedding the classified information into the content.
The attacker can then download the infected content and retrieve the classified data.
The second scenario involves the cyber attacker uploading infected content to the server/social network, where the malicious code extracts and executes the shellcode.
There are several key ways that this technique can be applied in the cybersecurity realm, especially for antivirus and firewall firms.
It is important to note that for the technique to be successful outside the theoretical sense, certain conditions have to be met.
The technique has to be verified by other researchers, must not introduce new cybersecurity vulnerabilities, and has to be adopted and implemented by vendors.