CyObs, the cyber-radar to prevent hacks managed by an Argentine company in Switzerland and already used by countries in Europe and Africa

During 2023, the cyber attacks has grown exponentially. Telemetry from several companies recording incidents, from antivirus and firewall to research groups, is consistent with an increase in incidents: governments, companies and high-profile individuals have been involved in some type of hacking, with the ransomware as global threat in the lead. For this reason, the counterattack that hackers can carry out on the defense side is essential to improve a situation that, for many, is critical.

In particular, public and government organizations represent a common target in different parts of the world: for example, according to data from Emsisoft, at least 95 public organizations have been attacked in the United States over the past year. In Europe, cases like the hacking of the British Library in London have filled local media headlines and vaulted the fence into the niche of cybersecurity sites.

And in Argentina, 2023 was the year in which private institutions such as Grupo Albanesi, La Segunda and Farmalink (pharmacy discount system) suffered cyber attacks, but also public bodies such as PAMI, the National Securities Commission and even the University of Buenos Aires. have been victims of ransomware, a type of malware that hijacks data in exchange for a ransom.

Sheila Berta, an Argentine hacker, is the director of research, innovation and development in cybersecurity at Dreamlab Technologies, a company based in Switzerland. After giving a speech in 2019 at a conference called SwissCyberSecurityDays, where he talked about how cars could be hacked remotely, he met the founders of this company and from there they started working together on a problem that led to the development of CyObs, an online radar to monitor hacker threats and have a clearer understanding of what is known as the threat landscape.

The researcher regularly participates in conferences. Late last year he exposed AFIP’s dangerous security practice at Ekoparty, Latin America’s largest hacker conference, held annually in Buenos Aires.

In this case, Berta said, in conversation with Clariondetails about CyObs.

─CyObs (Cyber ​​Observatory) is a high-precision, high-speed cyber radar, developed in Switzerland, to detect large-scale cybersecurity risks and vulnerabilities. For example, you can track the digital footprint of an entire country and detect vulnerable devices to a new threat within minutes. We are working to make it a true internet observatory, offering broad visibility of cyberspace in general.

─Personally, it was a big challenge in my professional career to successfully plan and implement it with my team of developers and data engineers. In 2019 I traveled to Switzerland and a problem arose: countries have no visibility of what is in their cyberspace, and much less than he risks. In the physical world, national borders are clear; In the virtual world this is not even evident. It was necessary design a solution this would provide broad visibility of each country’s cyberspace and allow risks to be quickly identified to work on resolving them. After approximately three years of work, the ITU (United Nations Telecommunications Agency) based in Geneva, Switzerland, and other relevant bodies have recognized our solution as a necessary and valuable tool.

─We collaborate with the authorities responsible for cybersecurity in various countries, as well as with CERT officers (computer emergency response teams). We are also currently helping LDCs (Least Developed Countries) in Africa through the United Nations initiative called “Cyber4Good”. As for the private sector, although CyObs is designed for national cybersecurity strategies, it is also very useful for monitoring large infrastructures in general, with tens of thousands or millions of devices connected to the Internet or in extensive internal networks. These are the situations where security tools are generally used they stop being so practical due to the sheer volume of resources and information.

─We found the proactivity of one of the African countries we are helping very interesting. Based on the information provided by the radar, they committed to contacting each organization exposed to a critical risk one by one, with the aim of addressing the situation and solving the problem. Another interesting case occurred a few months ago in one of the European countries monitored by CyObs: an organization of great importance on a global level. accidentally exposed more than 300,000 devices to the Internet. CyObs detected the anomaly and the organization was contacted to resolve the issue. They were not aware of the incident, so they were grateful for the report and resolved the situation very quickly.

The attack surface

─CyObs infrastructure is as complex as the problems it addresses. We work on algorithms to optimize analyzes and achieve scalability, precision and speed. In the same way that Google indexes every website on the Internet, we index every device connected to the network; but this is only the first step. To have complete and accurate visibility of cyberspace, it is necessary to relate a lot of information. For this reason we have a large datalake that integrates various sources of information of different types, which we know how to interrelate correctly.

─Of course, it is worth clarifying that the radar never overshoots legal limits in your analyses. Within the scope of the law we have managed to detect many risks and vulnerabilities in a non-intrusive way. Organizations that use it on their infrastructure can perform deeper analysis while maintaining the same accuracy and speed.

─In principle, make it visible and provide the information necessary to address its solution. Then there are other features available if you want to use them, such as exporting collected data, generating reports and statistics, and even sending custom alerts to radar operators. The alert system is very useful, as it allows you to be notified of anomalies, critical vulnerabilities or any changes detected, even in the more specific properties of the information collected. Everything is customizable, depending on the operator’s needs.

The threat landscape and Argentina on the map

─The biggest threat is “falling behind” in terms of cybersecurity, i.e. not taking it seriously. There are tens of thousands of cyberattacks and various threats, including groups of state-sponsored malicious actors. Therefore, I would dare to say that for some years a sort of cyber war has been underway between multiple nations which, like any war, mainly affects the civilian population. We could talk about it exposed critical infrastructuresRansomware attacks, data stolen and exposed on the Internet… But not implementing a national cybersecurity strategy, not being aware and not taking measures to protect yourself is, in my opinion, the worst threat to a country.

─CyObs is used as part of the national cybersecurity strategy of several countries, mainly in Europe and Africa. Argentina could also apply it in the same way, that is, by incorporating it as a fundamental tool to strengthen national cybersecurity and use it to monitor the country’s cyberspace, alerting those in danger. Some countries we work with urge at-risk organizations to address issues as quickly as possible, especially if they involve critical infrastructure such as hospitals, nuclear power plants, fuel stations, transportation systems, among others. Having visibility into our cyberspace and the ability to spot risks before malicious actors do means being one step ahead and preventing numerous attacks that, in one way or another, end up affecting the entire society.

─Society has migrated to digital much faster than it was prepared to face the risks this entails. Cybersecurity has always been relegated, until some catastrophe strikes. Whenever data is digitized or migrated to a digital infrastructure, other issues are given priority, generally having the system available as quickly as possible, and as a result, security is sacrificed. This is a pattern that has been repeated and maintained since the beginning, which is why we see more and more organizations hit by cyber attacks. Anyway, I think awareness has increased in recent years of society at large on the importance of cybersecurity. In the future, new technologies will continue to emerge and, with them, Vulnerabilities and cyber attacks will persist. We must prioritize cybersecurity and prepare as best we can to protect and defend digital infrastructure.