Cyber attack: Why Iranian hackers targeting web-based DNA-sequencing apps?


A security researcher with NewSky Security revealed that the web-based DNA sequencer applications are currently under attack from a mysterious Iranian hacking group.

The researcher, Ankit Anubhav has said that the attacks started from June 12, are still going on and the anonymous group of cyber criminals are using a still-unpatched zero-day to take control over targeted devices.

Anubhav, who is the former employee of the cybersecurity firm McAfee, told ZDNet that this group operated from an Iran-based IP address. They are also scanning the internet for the web-based application, dnaLIMS, which is installed by the companies and research institutes to carry out the DNA sequencing operations.

As per the researcher, the Iran based un-identified hackers are exploiting CVE-2017-6526, which is a vulnerability in dnaLIMS and was discovered in dnaTools dnaLIMS 4-2015s13 but it is yet to be patched. Anubhav claimed that cybercriminals are currently using it to plant shells that allow them to control the underlying web server from remote locations.

While describing the process of how the hackers are successfully carrying out the process, the researcher stated that there are two ways.

As per him, the hackers maybe looking to withdraw hashes of DNA sequences from the application's database that can be sold on the dark web, while some hackers are looking for particular person's data. The second scenario is that the cyber attackers might be using the infected servers as part of a botnet, or using the shell to plant cryptocurrency miners on the vulnerable systems.

However, Anubhav said, "We cannot decide on the motive of these attacks just yet," but it is important to understand that the "DNA sequencer systems which hold this confidential information can get pwned."

If the DNA sequencing data is anonymized, the stolen information will become useless to the hackers, but if not, then a serious breach may occur.

A study conducted by researchers from the University of Washington showed that it is possible to encode malicious software into physical strands of DNA, so that when a gene sequencer examines it the resulting data converts into a program that corrupts gene-sequencing software and takes control over an underlying computer.

Tadayoshi Kohno, the University of Washington computer science professor who led the project stated that if an adversary has control over the data a computer is processing, it can take control over the system.

"That means when you're looking at the security of computational biology systems, you're not only thinking about the network connectivity and the USB drive and the user at the keyboard but also the information stored in the DNA they're sequencing," said Kohno.