While cyber-attacks have generally disrupted almost every sector of the world, researchers have found how cyberattacks can meddle with biological processes. They have observed how cyberbiohacking attacks can target scientists involved in DNA synthesis procedures to develop malicious DNA. Eventually, such hacking attempts may lead to the development of toxins and viruses.
Cyberbiohacking Attacks Targeting DNA Synthesis Procedures
According to a recent article published in the academic journal Nature Biotechnology, cyberbiohacking attacks can exploit DNA synthesis procedures leading to devastating results. Such attacks can target DNA scientists to develop dangerous DNA sequences such as toxins, or even viruses.
A team of researchers from the Ben-Gurion University of the Negev, Israel, has shared this theory. In fact, they could even achieve the expected results during their study.
As revealed, the scientists have found out the cybercriminals can intrude the systems at biological labs and can perform malicious activities disrupting DNA synthesis techniques.
In simple words, DNA scientists frequently place orders to commercial DNA synthesizers for different experiments.
Although, there are numerous regulations in place that detect and control these orders for any suspicious requests. However, the checks are mostly automated, thus, the possibilities of oversight always exist. Ironically, these critical facilities often lack adequate cybersecurity measures to contain malicious exploitation of these gaps.
That’s what the researchers demonstrated. An adversary, via man-in-the-browser attacks could meddle with the DNA sequences requested in an order without the victim scientists knowing. The altered request would include obfuscated sequences that would go undetected during screening. Hence, the order would proceed and the commercial synthesizer would deliver it to the scientists.
Then, in the subsequent DNA sequencing, the scientist would use malicious DNA, eventually ending up with dangerous protein(s).
The following figure illustrates a possible attack scenario.
Source: Nature.com
Possible Mitigations
According to the researchers, cyberbiohacking threats are real. As they mentioned in their paper,
This threat is real. We conducted a proof of concept: an obfuscated DNA encoding a toxic peptide was not detected by software implementing the screening guidelines. The respective order was moved to production. Details are withheld, but IGSC was notified about the threat and potential mitigation methods. The order was canceled for biosecurity reasons following our disclosure.
Nonetheless, it’s possible to mitigate this threat by strengthening the present security measures. As possible strategies, the researchers have recommended the synthesizers to apply cybersecurity checks on all orders to check their legitimacy and detect any intrusions.
Moreover, they also advise reducing the current 200-bp screening window to the “shortest homology-directed repair template required for deobfuscation”.
Besides, they also suggest revisiting fulfilled orders, sharing information among the synthesizers (privately), and enhancing security legislation.