ISSUE 91

25 February 2019

Article of the Month   Around the World




The growing digitization is generating more and more need for cybersecurity. Compromising with cybersecurity may result in the release of confidential information which may be a threat to an individual or nation. The threat may be to an individual, group of individuals, an organization, or an authority.

Computers play an important role in our daily lives and its usage has grown manifolds today. With ever increasing demand of security regulations all over the world and large number of services provided using the internet in day to day life, the assurance of security associated with such services has become a crucial issue. Biometrics is a key to the future of data/cyber security.

The term cybersecurity refers to the security of computer systems, their hardware, or electronic data. And, a threat to the security of this is referred to as a cybersecurity threat. Many hackers and miscreants misuse the technology to do crimes and the crime which is related to these cyber systems is known as cybercrime. There has been a considerable growth in the cyber-crimes in the world and this needs to be stopped to protect the privacy of an individual.

In the terms of computer security, biometrics refers to authentication techniques that rely on measurable physiological and individual characteristics that can be automatically verified. A biometric system is a system for the automated recognition of individuals based on their behavioral and biological characteristics. A biometric system is called either a verification system or an identification system depending on the application where it is used.

Cyber security is a major issue in today�s digital world with cyber-crime is increasing day by day. The losses and distress caused by cyber-attacks are prompting the pioneers in the field of information security to look for reliable and robust security measures. The growing use of online banking, e-commerce has led to the use of biometric technology to secure these transactions. Biometrics provides a strong defense against cyber security attacks. Biometrics is considered as a safeguard against cyber-crime. Now a day, banks encourage the use of fingerprint to authenticate transactions. Applications are available in the markets which are used to unlock computer or phones using facial recognition, fingerprint recognition or iris recognition.


Physical Biometrics

� Fingerprint � Analyzing fingertip patterns
� Facial recognition/face location � Measuring facial characteristics
� Hand geometry � Measuring the shape of the hand
� Iris scan � Analyzing features of colored ring of the eye
� Retinal scan � Analyzing blood vessels in the eye
� DNA � Analyzing genetic makeup
� Ear print � This method is based on geometric distances, force field transformation

Behavioral Biometrics

� Speaker /voice recognition � Analyzing vocal behavior
� Signature/handwriting � Analyzing signature dynamics
� Keystroke/patterning � Measuring the time spacing of typed words

Biometrics is a rapidly evolving technology that is being used in forensics, such as criminal identification and prison security, and that has the potential to be used in large range of civilian application areas. Biometrics can be used to prevent unauthorized access to ATMs, cellular phones, smart cards, desktop PCs, workstations and computer networks. It can be used during transactions conducted by telephone and internet (electronic commerce and electronic banking).

A large majority of data breaches result from weak authentication protocols � cybercriminals can obtain the credentials of users and gain access to an organizations� most valuable assets within their IT infrastructure. In fact, some reports suggest that four fifths of hacking related breaches involved the leveraging of either compromised or weak passwords. Like any security solution, biometric technology offers no guarantees when defending against a data breach, they are inevitably fallible � however, the goal here is to reduce the possible risk. Biometrics measure similarity, not identity. So, a match represents a probability of correct recognition. Likewise, a non-match represents a probability, rather than a definitive conclusion.

The first and foremost thing is to be strict on cybersecurity laws and give proper punishment to those who violate the law. It is not impossible to deal with cybersecurity threats of biometric systems. These are created by man and therefore can be prevented by man. Advanced technology must be used to protect a confidential information. Also, it is important to make individuals aware of such threats and suggest them precautions while using any confidential or personal information. This way cybersecurity threats can be reduced to a lot extent and the purpose of technology advancements in all fields will be fulfilled.



Pabasara Ranasinghe

is an undergraduate of the Sri Lanka Institute of information technology who is currently following Bachelor of Information Technology specializing in Cyber Security, currently, she is working as an Intern - Information Security Engineer at Sri Lanka CERT|CC


















1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru
  The Pentagon Thinks AI Could Help Troops Telepathically Control Machines


"...The Defense Advanced Research Projects Agency recently began recruiting teams to research how AI tools could augment and enhance �next-generation neurotechnology.� Through the program, officials ultimately aim to build AI into neural interfaces, a technology that lets people control, feel and interact with remote machines as though they were a part of their own body...."


Eight Cryptojacking Apps Booted From Microsoft Store


"...Microsoft booted eight malicious apps from its official desktop and mobile app store after researchers found the programs surreptitiously mined for Monero cryptocurrency....."


Is the Revolution of 3D-Printed Building Getting Closer?



'..There�s a soft buzzing sound coming from a tent that stands next to a hotel in a village in the Netherlands. Inside, an arm attached to a large orange-and-black printer on tracks applies concrete to a disc, like frosting on a cake. This is followed by a second layer. A man operates the laptop that�s connected to the printer....'

Xiaomi electric scooter vulnerability allows remote hacks



'...The Xiaomi M365, a popular electric scooter used by several ride-share companies such as BIRD as well as for personal ownership, is vulnerable to remote hacking due to improper password validation..'

WARNING � New Phishing Attack That Even Most Vigilant Users Could Fall For


'....Well, if you, like most Internet users, are also relying on above basic security practices to spot if that "Facebook.com" or "Google.com" you have been served with is fake or not, you may still fall victim to a newly discovered creative phishing attack and end up in giving away your passwords to hackers.......'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in January 2019


  Statistics - Sri Lanka CERT|CC

First clipper malware discovered on Google Play

'...For security reasons, addresses of online cryptocurrency wallets are composed of long strings of characters. Instead of typing them, users tend to copy and paste the addresses using the clipboard. A type of malware, known as a �clipper�, takes advantage of this. It intercepts the content of the clipboard and replaces it surreptitiously with what the attacker wants to subvert. In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address quietly switched to one belonging to the attacker..'

Critical WordPress Plugin Flaw Allows Complete Website Takeover

"...A critical vulnerability in popular WordPress plugin Simple Social Buttons enables non-admin users to modify WordPress installation options � and ultimately take over websites.

Simple Social Buttons enables users to add social-media sharing buttons to various locations of their websites. The plugin has more than 40,000 active installations, according to WordPress Plugin repository..."
Detecting Trojan attacks against deep neural networks

�...A group of researchers with CSIRO�s Data61, the digital innovation arm of Australia�s national science agency, have been working on a system for run time detection of trojan attacks on deep neural network models.....�
The Army Wants Virtual Health Tech That Works Under Any Conditions

."..A new office within the Army, the Virtual Health Research Task Area, has been charged with looking at how virtual health capabilities are advancing and how those technologies can be deployed on the battlefield.."

Notice Board

Training and Awareness Programmes - February  2019

Date Event Venue
21/02/2019 Launch of 13 years of certified Education Programme Temple Trees
25/02/2019 National Launch of the Global Education Monitoring Report - 2019 Sri Lanka Institute of Development Administration (SLIDA)
26/02/2019 Meeting with instructors of Zonal &Provincial ICT Centers in Western Province Ministry of Education

Brought to you by: