SIMARGL is a European research project financed by the European Commission through the Grant Agreement 833042. It aims to provide innovative new advanced solutions to fight complex malwares effectively, including information-hiding-capable threats such as stegomalwares.
Stegomalwares are a combination of information-hiding techniques like steganography, with a more common malware propagation method, used to distribute a malicious payload to attacked users. Based on recent reports, the use of this kind of attack to commit cyber-attacks or crimes is rapidly growing – and at the same time, there is still a lack of effective and universal countermeasures.
The SIMARGL project has decided to utilise well-proven existing products – and further strengthen them with innovative capabilities. During the project, SIMARGL partners will integrate them into a validated toolkit, offered to CERTs and Law Enforcement Agencies (LEA) to help improve their cyber security capabilities.
One of the existing solutions used in SIMARGL is Airbus Orion Malware, which is an advanced file analysis system relying on different
detection and analytics approaches:
- Static analysis in order to detect malicious code hidden in the file content
- Dynamic behaviour analysis of the suspicious file in a sandbox
Thanks to SIMARGL, this solution has been significantly improved to integrate detection of malicious files based on machine learning algorithms, script-based malware static de-obfuscation and counter-techniques of malware evasion on sandboxes. As a result, its detection capabilities have been increased and the solution has been updated to face new emerging threats.
To further strengthen the LEA’s cyber security capabilities, the SIMARGL project is also developing a syllabus and pilot training for a series of modular training courses, including: cyber-attacks management, advances assurance and protection.
A first step, performed at the end of 2019, has been to invite EUROPOL, especially the European Cybercrime Centre (EC3) unit, as well as selected LEAs to participate in a targeted analysis of cyber skills gaps.
In order to develop training that plugs these gaps, 85 LEA members have been interviewed resulting in the definition of the following training plan:
|Course Title||Instructor||Approximate date|
|Introduction to Cyber Threats||Stichting CUIng Foundation (NL)||Nov 20|
|Cyber Threats – Case Studies and Exercises||Stichting CUIng Foundation (NL)||Oct 21|
|Introduction to Cyber Attack Management||FernUniversität in Hagen (DE)||Oct 21|
|Introduction to Malware Analysis (3 Sessions)||Airbus CyberSecurity (FR)||Nov 21|
|Cyber Attack Simulation and Case Studies (3 Sessions)||Airbus CyberSecurity (FR)||Nov 21|
|Information Sharing, Analysis and CTI||Stichting CUIng Foundation (NL)||Dec 21|
|Stegomalware||FernUniversität in Hagen (DE)||Dec 21|
|Hidden Networks||Consiglio Nazionale Delle Ricerche (IT)||Jan 21|
|SIMARGL Toolkit||Romanian Educational Network (RO)||Feb 21|
Airbus is leading the following two training sessions:
- A practical introduction to Malware Analysis using Airbus Orion Malware
- A session on Cyber Attack Simulation and Cases Studies, which will rely on Airbus CyberRange
These two training sessions will enable LEA to improve their cyber security knowledge while manipulating existing solutions already deployed by Airbus customers.
If you are interested in learning more, please contact your Key Account Manager.