CSE opens up to crack down on malware

 

By Laura Bohnert

Canada’s electronic spy agency is lifting the veil of secrecy to help Canadians stave off malware.

The Communications Security Establishment (CSE) began during WWII as a military signals corp., and since then has operated via a primary mission to provide the Federal Government with Signals Intelligence that is considered vital to Canada’s National Security.

Commonly known as Canada’s electronic spy agency, CSE is well-known for its secrecy, but now the agency has stated that it will be taking an “unprecedented step.” It will be releasing one of its cyber defence tools to the public.

Why has the CSE decided to take on a more public role now? Because, as CSE notes, we are currently living in a widening range of digital threats—threats that affect Canadians and Canadian businesses alike—and releasing this cyber defense tool to the public can help individuals, companies, and organizations better defend their networks against malicious threats—and that means overall better security for the country.

The program, called Assemblyline, was started in 2010 as an innovative, open-source malware analysis tool that allows many of the tools current malware researchers already use to operate on one platform. It can be scaled to handle various sizes of networks—even large networks. It is currently being used to protect Canadian government infrastructure.

“It’s a tool that helps our analysts know what to look at because it’s overwhelming for the number of people we have to be able to protect things,” head of CSE’s IT security efforts Scott Jones quoted.

CSE has described Assemblyline as a “conveyor belt”: each file enters, is automatically combed through by a series of smaller applications, and is given a score that lets analysts separate old, familiar threats from new attacks.

John O’Brien leads development of Assemblyline. He describes that “[there are] only so many ways you can hide malware within a Word document, so by looking for the hallmark of that type of an attack, that can give us an indication that there’s something in here that’s just off.”

The release of Assemblyline is monumental because it marks CSE’s first engagement with the public, but it also creates a monumental opportunity for organizations like banks to significantly increase security—and decrease the chance of being successfully targeted in a cyber attack.

How necessary is this breakthrough? Very. In 2016, more than 18 million new malware samples were captured—that’s an average of 200,000 per day, and those are just the ones that were detected. More than 4,000 ransomware attacks occur every day, a figure that has increased 300 per cent over the previous year.

With cyber attacks becoming all the more common, Assemblyline’s accessibility comes as more than just a breakthrough; it’s a relief.