BIO HACKING VILLAGE - Exploiting Immune Defenses - Can Malware Learn from Biological Viruses?

Video thumbnail (Frame 0) Video thumbnail (Frame 664) Video thumbnail (Frame 1829) Video thumbnail (Frame 2437) Video thumbnail (Frame 4216) Video thumbnail (Frame 6829) Video thumbnail (Frame 8565) Video thumbnail (Frame 9147) Video thumbnail (Frame 11295) Video thumbnail (Frame 11856) Video thumbnail (Frame 12693) Video thumbnail (Frame 13695) Video thumbnail (Frame 16133) Video thumbnail (Frame 20726) Video thumbnail (Frame 24102) Video thumbnail (Frame 26412) Video thumbnail (Frame 30858) Video thumbnail (Frame 32829)
Video in TIB AV-Portal: BIO HACKING VILLAGE - Exploiting Immune Defenses - Can Malware Learn from Biological Viruses?

Formal Metadata

BIO HACKING VILLAGE - Exploiting Immune Defenses - Can Malware Learn from Biological Viruses?
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Biological viruses have existed and evolved for millions of years, maliciously exploiting host cells for survival. How have they done this, and what can we learn from it? Extremely advanced mechanisms for privilege escalation, persistence, and defence evasion have been used by biological viruses long before malware was first written. This talk will provide an understanding of what mechanisms are used by biological viruses to exploit immune defences, persist, and survive in the arms race with the immune system. Surprising differences between malware and virus actions will be shown, and some mechanisms which are used by viruses, but have not been adopted, or even attempted by malware, will be revealed. No biological background is needed, only an open mind.
Computer virus Mathematics Goodness of fit Infinite conjugacy class property Bit
Cybersex Aliasing Computer virus Computer virus Computer font Mereology Proper map Degree (graph theory) Digital photography Malware Kognitionswissenschaft Kognitionswissenschaft Energy level Information security
Computer virus Cellular automaton Uniqueness quantification Cartesian coordinate system Protein Protein Medical imaging Arithmetic mean Spherical cap Order (biology) Self-organization Physical law Right angle Data structure
Computer virus Functional (mathematics) Dependent and independent variables Code Multiplication sign Execution unit Heat transfer Generic programming Protein Centralizer and normalizer Latent heat Mechanism design Semiconductor memory Data structure Physical system Dependent and independent variables Computer virus Information Cellular automaton Generic programming Bit Mechanism design Type theory Process (computing) Order (biology) Self-organization
Computer virus Covering space Point (geometry) Statistics Key (cryptography) Information Exploit (computer security) Mereology Evolute Malware Causality Different (Kate Ryan album) Natural number Finite difference Authorization Video game Cycle (graph theory) Escape character
Computer virus Ferry Corsten Cellular automaton Videoconferencing
Medical imaging Cellular automaton Image resolution Videoconferencing Moving average Video game Cycle (graph theory)
Computer virus Point (geometry) Slide rule Atomic nucleus Injektivität Dependent and independent variables Code Ferry Corsten Connectivity (graph theory) Video game Cellular automaton Similarity (geometry) Mereology Chain Malware Mechanism design Membrane keyboard Natural number Circle Injektivität Dependent and independent variables Cycle (graph theory) Cellular automaton Code Bit Mereology Evolute Mechanism design Membrane keyboard Time evolution Order (biology) Video game Gastropod shell Cycle (graph theory)
Computer virus Wechselseitige Information Multiplication sign Nuclear space 1 (number) Bit rate Mereology Mechanism design Malware Mathematics Bit rate Process (computing) Error message Physical system Polymorphism (materials science) Nuclear space Point (geometry) Mereology Statistics Sequence Flow separation Mechanism design Type theory Malware Computer cluster Order (biology) Self-organization Quicksort Cycle (graph theory) Task (computing) Internationalization and localization Point (geometry) Atomic nucleus Functional (mathematics) Statistics Cellular automaton Division (mathematics) Protein 2 (number) Number Sequence Causality Phishing Atomic nucleus Cellular automaton Evolute Exploit (computer security) Protein Residual (numerical analysis) Envelope (mathematics) Video game Local ring
Computer virus System call Run time (program lifecycle phase) Code Multiplication sign Nuclear space Combinational logic Mereology Neuroinformatik Mechanism design Malware Bit rate Different (Kate Ryan album) Semiconductor memory Encryption Pairwise comparison Physical system Covering space Computer virus Nuclear space Flow separation Sequence Mechanism design Type theory Process (computing) Malware Vector space Chain Modul <Datentyp> Quicksort Physical system Internationalization and localization Server (computing) Atomic nucleus Cellular automaton Password Inversion (music) Sequence Read-only memory Dependent and independent variables Focus (optics) Server (computing) Cellular automaton Uniqueness quantification Code Similarity (geometry) Inclusion map Software Video game Local ring
Computer virus Functional (mathematics) Computer virus Code Similarity (geometry) Protein Coprocessor Neuroinformatik Malware Mechanism design Malware Different (Kate Ryan album) Order (biology) System programming Game theory
without further ado I like I talked it was his own introduction but thanks guys for coming on the Sunday morning I don't know hopefully you're not us how always I am all yours hey guys good morning can can everyone hear me okay cool so I'll start my name is guy and I mean I'm here to talk to you about present my talk explaining exploiting immune defenses can malware learn from biological viruses so I'll start a bit
introducing myself my name is guy proper and I see the font here is kind of funny but never mind it's I had people ask me that throughout the conference actually my real name is not an alias and I find it funny but none of you guys do probably and I've been a researcher for the past two years at a cyber security company called deep instinct and before that I did my bachelor's degree in biology and cognitive science and the Hebrew University of Jerusalem and right now I live in Tel Aviv which is a cool city and that's why the photos there actually before I start out of interest how many of you guys have a biological background a degree or okay cool right cool okay the agenda for today I'll
start with some general background basically general biological background that's necessary for the second part of the talk in which I'll talk about how viruses exploit immune defenses and in the third part I'll conclude and compare well-known virus virus and a well known malware HIV one in dooku to to see if they're similar in any way so I'll start with
the background what are biological virus is basically biological viruses are structures that contain genetic material it can be DNA or RNA which is surrounded by a protective structure called the caps that it's a protein protein structure what's unique about viruses is that they are defined as nonliving meaning they cannot reproduce on their own in order to reproduce they must abuse the application machinery of another living cell I'll talk more about that later so basically in order to do that what they have to do is infect another cell enter it and then abuse the machinery that that cell uses for its own replication in order to reproduce themselves and continue spreading what you can see on on the left is a virus that attacks bacteria it's called a phage and the picture there has the DNA which is surrounded by you see the protective structure that I talked about called the capsid and on the right is an actual electron microscope image it's a real image of these phages around the bacterial cell preparing to enter it one
more thing that's important to know about viruses is that they are very diverse viruses attack pretty much every every known organism there are viruses that attack bacteria animals of course and also plants the last bit of basic
background I want to talk about is something called the central dogma of biology this is a very basic idea in molecular molecular biology and it talks about the transfer of information in biology so basically all information in the cell is stored in in molecules called DNA they contain the genetic code and these molecules the code contains all the instructions that the cell will perform during its lifetime one important note is that all living organisms have these small basic units called cells which make up their their bodies and each of these cells contains DNA this DNA is then transcribed into an intermediary molecule called RNA which also stores the information and then that RNA is translated into proteins and proteins are three-dimensional structures and they actually perform the day-to-day functions of the cell so when you breathe or eat or whatever else the proteins are what performs the functions in your body and the instructions for these proteins are contained in the DNA and when the viruses abused the replicated machinery of the cell basically what they do is they do this process but they cannot they don't have the machinery that is needed to transcribe and translate so they abuse the proteins that the cell has in order to do that I also want to talk a bit
about defense mechanisms against viruses so since viruses attack all other types of organisms that we know of these organisms can also defend themselves from viral attacks and this is a really big topic and I'm not going to detail here but all I want to say is that these defenses there are two types of Defense's generic and targeted by generic defenses I mean defenses that protect the organism from any kind of attack it could be from viruses bacteria even from like physical harm and then there are targeted defenses which protect the organism either against a specific type of threat so protect against all viruses or even more targeted than that can protect against specific types of viruses an example for that is our adaptive immune system which learns throughout our lifetime to recognize specific threats and so if we were attacked by a specific type of virus for the first time it might not necessarily recognize it but this system has memory and it will recognize a second attack and respond much faster and much more effectively and now I want
to move on to the second part of the talk I'll give a brief overview of what we're going to cover so I want to start with some key differences between viruses and malware which I think are important for the next next points and then I'll cover briefly the life cycle of viruses and then methods of privilege escalation persistence and defense evasion and viruses okay so two key
differences between malware and viruses are intent and evolution what I mean by intent is that when someone writes a piece of malware they have they have a specific cause for that could be stealing money or stealing information or whatever else they want to do while viruses were not formed they were formed by nature you could you could put it that way but they weren't formed with a specific intent they weren't formed for example to cause a disease their only real purpose even though there's no not really a purpose in evolutionary biology is to reproduce and survive so they don't all the damage that because to achieve that purpose is not it's not intentional it's just like a statistical byproduct of of evolution so the second difference is is evolution when now well now we're evolved it's due to the the author of that malware wanting to either achieve new goals or to escape escape defences even if there's a mutation engine in the malware which is a random or semi random that was also put intentionally there by the author it wasn't it wasn't formed by chance while in biology evolution is is statistical and everything happens by chance and if it succeeds and it just keeps going and replicating now I want
to show you okay I wasn't supposed to start yet never mind I want to show you a video of a viral infection this is a
phage attacking a bacterial cell so it
attaches itself to the cell and is preparing to inject its DNA once the DNA
is injected the virus abuses the replicated machinery of that cell and lots of new viruses are formed eventually they will want to exit the
cell and they will kill the cell when
when exiting it and then they will infect all the cells nearby while the bacterial population tries to defend itself one important note this is not not a real video it's just like and question I I think this is close to what happens and relax because electron microscope images are close to this but I don't think anyone has a video of an actual viral infection to this resolution okay the life cycle of
viruses is I guess the same or similar to the life cycle of malware it starts with creation of the virus the viruses were created at some point by Nature the vendor is infection where the virus attaches itself to a cell that it wishes to infect and abuse once the virus manages to infect the cell it executes its code which can do a bunch of things but again the only the only real purpose of that code is to cause the virus to replicate and spread and that leads to both host response because the host wants to continue living and to evolution of both the virus on the host as they continue to combat each other
and now we'll go into a bit more detail about privilege escalation and persistence and defense evasion and viruses I have I'm not going to cover like in a lot of detail the similarities to to malware but I have the examples and the slides so in order to replicate inside the cell the virus has to enter it in two parts the first part is entering the cell itself you can see a picture of an animal cell that there it has this wall around it called a membrane and well the big yellow circle inside is the nucleus and this is what contains the actual replicated machinery of the cell I call this privilege escalation because not everything can enter the cell because its entry and exit is mediated by by a bunch of components in the cell and I'll have a bit of a spoiler in the second part the virus has to enter the nucleus which is even harder because again not not everything into the nucleus it's highly monitored so in order to to replicate the virus has to escalate privileges twice in order to first enter the cell and then to the nucleus so how does it do that in viruses that attack bacteria as you saw before there's code injection the DNA or RNA of the virus is injected directly into the cell and then it's run and an animal viruses the viruses fuse to the cell membrane this wall around the cell or they abuse a bunch of sell entry mechanisms they're basically trick the cell into letting the men like it lets in other nutrients and stuff like that
the second part as I said before is entering the nucleus if the viruses do that through a bunch of mechanisms but I wanted to cover two main ones here I called the first one phishing because I thought it was very similar to the phishing that we know from from malware it works by exposing something called nuclear localization sequence it's a sequence that is attached to proteins that basically tells the cell to take this protein and everything else that is attached into it into the nucleus so many viruses use this mechanism for example hiv-1 and in that way they they achieve privilege escalation by tricking the cell to talk to basically tell tell the cell let me into the nucleus and now let me replicate and the second the second mechanism is physical exploits which can be either entry during cell division because when the cells divide the wall around the nucleus sort of it becomes looser and so viruses can abuse that to enter the nucleus during that time and also some viruses are so small that they can they don't have to abuse anything really they can just enter intact through the wall around the nucleus and the gap there are bigger than them so these are 2 ways viruses active privilege escalation to enter the nucleus now I'll talk about persistence the two main mechanisms I want to cover here are latency and something called major proteins latency is also similar to what we know from malware when viruses are latent they produce their proteins slowly or they don't produce them at all some viruses have a life cycle which contains a very active virulent stage which causes disease and then a latent stage which during which the viruses you know they incorporate themselves into the DNA or RNA of the host and they wait for some signal in order to let themselves back out and when they're back out they continue the regular violent cycle of abusing the host machinery and then killing the host it's assumed that between five and eight percent of the human genome contains viral sequences of viruses that entered the genome at some point during evolution and due to mutations or whatever else became inactive and we have this residue in our DNA the second mechanism native proteins basically means that the virus can either steal or borrow or encode by itself proteins which are used natively by the cell for various functions which mediates cell death mostly so for example HIV has a protein called CD 5 9 which protects the cell from being killed by the immune system so HIV produces this protein and puts it in the cell and in that way HIV can survive inside the cell and continue to persist and replicate and the soul won't be killed the next I want to cover
now defense evasion and this next mechanism mutations I think it's the main defense mechanism used by viruses and I think it's like the thing that makes them unique it's also the most researched evasion mechanism in viruses the thing that is unique about viruses is that their rate of mutation is very very fast and if they attack in large enough numbers then they always have you know a statistical chance of several viruses having the right mutation and being able to multiply and continue attacking the cells while evading defenses against these cells such as the immune system I want to cover shortly how mutation happens so what you have is you have your original DNA sequence there on the top that's contained inside the virus and when the virus enters the cell and starts to replicate then the cell machinery it has a sort of rate of error which changes between cell types and virus types so during replication this machinery can enter a few you can look at it as errors that you can look at it as changes however however you want so this machinery enters a few changes in the sequence which are mutations as you can see there was the original sequence and there was a point mutation that changed the base T to C and then some of these mutations can be successful and cause viruses to evade the immune system however many mutations are not successful and viruses or any or any other organism because all organisms have have some rate of mutation if your mutation is unsuccessful I can either be sick and not reproduce or it can just die and in many experiments done on this we've seen that depending on the type of virus and depending on the experiment the success rate of mutations and viruses is anything from one to a hundred to one in a million viruses succeeding after a mutation but because viruses have such a quick mutation rate and intact attack in such large numbers that it's very very hard to it's very hard to protect protect against that two other
methods of defense evasion are obfuscation and packing this is very similar I think to packing an obfuscation and malware because in viruses the code is is inside the virus the RNA or DEA and it's only exposed basically at runtime when it's either injected into the cell or fused and then enters it so the cell and other defense mechanisms of the body can't access this code either to read it or to destroy it until it enters the cell and then it's just a race because the the process is very very quick and also viruses have a bunch of very very sophisticated anti immune mechanisms which I'm just going to talk shortly about because they could they could have a whole talk from the cells basically viruses can mimic modify or repress immune messengers the whole immune response is made up of a very long chain of reactions so sorry if a virus is able to modify part of that chain then it can redirect the reaction to attack a different pathogen or to not do anything at all and viruses can also actively repress immune system cells that attack them cause them not to be produced or to just sit back and not do anything I think this is similar to some anti AV mechanisms but in my opinion these mechanisms are more daring I guess and more sophisticated because they have a bunch of ways in which to attack the immune system and make it stop working against them I want to conclude by
comparing well-known malware and a well known virus that's HIV and Dooku - so HIV is an RNA virus it's the virus that causes AIDS and the thing that it does that that harms people is there's a gradual failure of the immune system and Dooku is a sophisticated phallus malware which was uncovered in that 2015 when it was used to spy on many targets so both of these the virus and the malware they have methods of privilege escalation persistence and defense evasion I'll cover each one of them for privilege escalation both use phishing hiv-1 enters the cell through of a nuclear localization sequence I covered earlier so it has it has this sequence that tells the machinery of the cell take me into the nucleus and I'll reproduce there and Dooku too as far as I know the initial attack vector is assumed to be fishing I'm guessing it was I don't think it was cover uncovered 100% persistence mechanism so hiv-1 as I said before it attacks cells of the immune system these cells have a particularly long life span and it attacks different types of immune system cells including memory cells and these memory cells since they have to remember which pathogens attack the body they have a very very long lifespan so we can sit in inside these cells and persist and Dooku persisted through the main servers in the network which had a long uptime and from there it sends its implants to all the other computers in the network so and it could stay it could stay up for a long time and also both had a bunch of defensive Asian mechanisms which I'm not gonna cover each one of them but I'll focus on mutations HIV one has a very very high mutation rate actually the mutation rate is so high that the only successful medication against HIV so far is a cocktail of several medications together because when each one of these is used separately the virus can mutate against it and make it ineffective but because a several several different medications are used at once and each one of them attacks a different part of the virus then the chances of success of the virus mutating against all three and attacking them are very low and thankfully it hasn't happened so far and do co2 also had a sort of mutation mechanism it had for each new target a unique combination of encryption and packing which was randomly chosen but it was limited because it was hard coded by the attackers so even if there were I don't know 30 Packers and 30 encryption mechanisms that's limited while HIV one could have its mutation at random anywhere in its code it risked not being successful but through that it had much higher chances of success at evading the system okay to conclude while I was
preparing this talk I found that there were many similarities between viruses and malware and that it sort of surprised me but I think that might be due to the fact that both malware and viruses they have the same specific problem they try to infect the host and abuse it a difference though between viruses and malware is that viruses have been evolving and combating their hosts for millions or even hundreds of millions of years while malware doesn't have such a long history so we might be able to learn from that and I think there are many things that we can learn but two examples that that I thought of here are either implementing a mutation mechanism in malware that has a more it's more statistical and meaning the mutations are more random and can be anywhere in the code so that's something that might be learned from viruses and the second thing is like the virus borrows or encodes host proteins for its own functions if malware could infect the computer and then start taking code off processors also maybe at random in order to see if it can if it can succeed in any way that's also something that might be learned from virus thank you everyone for listening I hope
you find this picture funny I did thanks