Cyber-attacks can cause significant loss of business intelligence and intellectual property, damage to brand reputation and loss of money. The incidence and evolving technical complexity of malware is increasing, and the upsurge of Cybercrime as a Service means less skilled cyber-criminals can buy malware bundles to launch sophisticated attacks and shift into cyberwarfare. It is not just the reputational damage and the material cost that is impacted by cybercrime. There is an impact on public safety and the quality of life to the public when services such as the NHS are not available. Recently, a new ransomware variant called Ekans has been discovered targeting critical infrastructure. For these systems, which include power generation, water treatment, and hospitals, loss of productivity associated with a ransomware attack can have a devastating impact. Better malware detection means better protection for end-users. Cyber Security is one of the UK government's strategic priorities, and they have stated that addressing this challenge would have stopped attacks such as WannaCry, following a government report that estimated the ransomware virus caused approximately £19m of lost output and £73m in IT costs to the NHS. Experts have warned that 900 people a year may be dying because of weak NHS computer systems. RAPTOR seeks to bolster and enhance these systems' current malicious program practices. The difficulty in identifying and attributing malware poses a significant global risk. Harnessing Artificial Intelligence and Machine Learning, RAPTOR will explore how we can improve both current and future protection from persistent malware and advanced persistent threat (APT) attacks, to create a system that continuously improves detection rates as it is exposed to more data and malware. This innovation focuses on APT models, the most challenging area of detection and attribution. The ability to use Machine Learning models and algorithms to discern patterns and perform feature extraction relevant to the origin of the malware code is a significant advancement in the development of robust analytical and informative models. RAPTOR will positively disrupt the malware analysis market, by extending the abilities of systems that are already in place thus protecting against the growing threat of persistent cybercrime to businesses, governments, and citizens and supporting research institutions to better understand how persistent malware behaves. This will position the UK as leaders in malware analysis and research, bolstering our global reputation in the field of cybersecurity.

Whether it be to communicate with our family and friends, pay our bills, or order goods and services online, we all use software; increasingly this is via smartphones and tablets. As consumers, we trust that this technology is secure, tested and safe for us to use, but this isn't always the case. Security testing isn't mandatory, so it's up to developers to decide how, or indeed if they want to do it. Digital Interruption are not just experts in security, we're also developers. We want to make security testing easier for developers, so we take the tools we use in penetration and security testing and develop them for software engineering teams. Instead of a complex manual tool used for security testing, we've developed software tooling, REX, that allows companies to integrate the security test into their development pipelines. Our tools are not archaic command-line tools that require a deep understanding of the platform to set up and use, but instead they are tools that have APIs in order to manage scanning and develop of test cases. We've created a web application frontend that allows anyone to easily perform a security test at all points in the development process, simply by dragging and dropping the application into REX. We've also developed a Jenkins plugin that can be set up to perform a security scan every time an Android application is built. Using the plugin, Jenkins can automatically fail the build, informing the developer that a security issue is present. As the scans are automated, it means that software developers have the benefit of having the scans run every time the software is built, rather than a more traditional approach to security which is having scans run every 6 months to a year. This gives greater feedback, better visibility and catches issues that may be reintroduced, enabling continuous detection and remediation, and resulting in safer software. Additional Information: Following feedback from users we have increased the scope of our original project to include REX branding and a dedicated REX website, to advertise REX and facilitate purchase of the licence. The website will also educate users and potential customers on REX functionality and uses as well as relevant security best practice through documentation, guides and FAQs. Video walk-throughs will be available on how to use and integrate REX. As part of a revised marketing and engagement strategy we will create a schedule of security focused content for the website, tailored to developers and software testers to support them in embedding security into their products. The website will also facilitate the announcements of new REX features, such as new integrations, the bespoke test cases feature testing that we have also added in to the scope, and the iOS engine that we will be scoping as part of the project extension.