On 1 April the St. Pölten UAS began its work in the framework of the Josef Ressel Centre detecting targeted attacks (TARGET). Here, IT security with targeted attacks against corporations are researched.
Mostly, malware focusses on mass distribution in the interconnected information industry. However, some software is aimed at only a few corporations. A famous example is the computer worm Stuxnet. It was found in Iranian nuclear plants in 2010. Who created or initiated the worm is unknown. The spy software “Regin” which was also discovered in Vienna in autumn 2014 is a further example of a targeted attack. In this case, the target was the Atomic Energy Agency. Such software may also be used for industrial spying.
Federal Ministry of Science, Research and Economy supports cooperation of corporations and Universities of Applied Sciences
“We want to find out which traces targeted IT attacks on corporations in the network leave behind and how these can be detected. In the future, unknown security leaks are to be discovered this way”, says Sebastian Schrittwieser, UAS lecturer at the Department of Informatics and Security of the St. Pölten UAS and head of the Ressel Centre.
The new Josef Ressel Centre for unified threat intelligence of targeted attacks (TARGET) researches methods detecting such attacks. It is the first Josef Ressel Centre in Lower Austria and it is financed by the Federal Ministry of Science, Research and Economy and by at the research participating corporations IKARUS Security Software GmbH and SEC Consult Unternehmensberatung GmbH. Therefore, 1.3 million Euros are provided in the next five years.
New methods against malware
Common antivirus programmes assess dangers by the appearance of the threat. So-called signatures, parts of the codes of the harmful programmes, are searched for and reveal intruders. However, therefore the danger must already be known. Yet, targeted attacks are mostly only detected after having caused some damage.
That is why the centre makes use of new methods exposing malware on the basis of their behaviour: Here and there a file is created, a programme is started or an outward connection is built up – activities of which each can also be carried out by harmless programmes. It’s about thousands of commands, which are neutral when appearing separately, but are suspicious when colluding.
Conjoint research of corporations and UAS
In Josef Ressel Centres application-oriented high-level research is carried out, based on the cooperation of excellent researchers and innovative corporations. The best international practice example to encourage such a cooperation is the Christian Doppler Research Association. Josef Ressel Centres are co-financed by the Federal Ministry of Science, Research and Economy and participating corporations.
From basic research to internationally successful products
“Due to the cooperation in the Josef Ressel Centre we are capable of covering the entire innovation chain from research, academic education to the actual product. For us, cooperations are essential“, explains Clemens Foisner, managing partner of SEC Consult Unternehmensberatung GmbH.
"For us as software enterprise, it is of high value to attractively create our new technologies in cooperation with the researchers of the Josef Ressel Centre. As a follow-up we could develop an internationally competitive product", says Jürgen Eckel, head of the Development Department at IKARUS Security Software.