Bogdan Botezatu is Director of Threat Research at Bitdefender and as such is a man sensitive to malware trends. We asked him a series of questions about malware and the growing threat it poses to businesses and consumers.
The Comparison Pro (TRP): Bogdan, what is the most persistent myth about malware that you have encountered as a security professional?
Bogdan Botezatu (BB): The most prevalent myth about malware, which we see emerging regularly, is that computer users don't see themselves as potential targets. Some argue that their computers are not critical to their business, while others think that they are not using online banking or other financial services that could immediately help attackers to monetize the infection.
This is not the case because cybercriminals take a "systematic approach" to infect conventional and professional devices: the more targets they have, the more likely they are to monetize some of these victims. Computers can be used for all sorts of illegal activities, such as spamming, porting DDoS attacks, collecting identification data, hosting phishing pages, stealing information, or using a proxy to help. cybercriminals to hide their online activities.
Alternatively, hackers can simply install the ransomware software, take control of your data, and then wait for the user to notice that they are missing important files (images, tax return forms, or projects to work on).
Another interesting myth is that people think they are safe just because they know what they are doing on the Internet and take the necessary precautions to avoid "bad neighborhoods".
Unfortunately, this one is wrong too: a cybercriminal can only exploit an uncorrected vulnerability. Malicious advertisements and operational kits have changed the way users are infected, and hackers often create their attacks so that they do not require user interaction. No need to click malicious links in spam or open attachments. They only need to insert a malicious ad on a reputable website so that users are automatically compromised if they visit the corresponding website.
TRP: In which cases is AI or machine learning of little use against malware attacks?
BB: It's hard to imagine how the cybersecurity industry could cope with the ever-changing threat landscape without the help of machine learning technologies. At the same time, I think I have to say again: Cybersecurity is not a silver bullet for malware, but an important enough layer of security. Artificial intelligence won't stop you from opening a remote desktop session for a scammer claiming to be a tech support specialist for your OS vendor.
TRP: Would you consider privacy tools like Virtual Private Networks (VPNs) to fight malware or help them inadvertently (false sense of security)?
BB: VPN solutions are privacy tools rather than cybersecurity tools and users need to be aware of the differences. A VPN tool ensures that your data remains confidential as it travels over the Internet and that the service you are 'communicating with' does not know your real IP address. It also helps you bypass geo-restrictions and censorship. If you end up visiting a malicious website, the VPN solution will not magically remove the malware. For that, you need an antimalware solution. The good news is that the vast majority of security solution providers offer a VPN solution with their antimalware products.
TRP: What is the hardest malware case you've ever worked on?
BB: This is difficult. Each family of malware has its peculiarities that make it difficult to analyze samples or create detections for these samples. But to keep the answer accurate, I would say that there are examples like Stuxnet, which are not only extremely complicated due to the number of lines of code, but also the complexity of their interactions with the outside world. Some examples exploit "vermifuge" vulnerabilities, elements that allow them to spread from one computer to another in a very aggressive way for a short period of time. Finally, there are malware writers who target specific antimalware solutions and release updates several times a day to frustrate analysts and neutralize their mitigation.
TRP: How do you see the evolution of the malware threat in the coming years?
BB: Cybercrime is a multi-billion dollar market with a diverse ecosystem, constantly expanding since the Internet has become an important part of our lives. If in 2010 there were around 47 million known malware samples, in 2019 there are more than 943 million. On average, Bitdefender processes around 350,000 new malware every day. But malware is not only increasing in number, it is also becoming more complex and targeting more platforms. The vulnerabilities used by gaze-sponsored actors in cyber warfare eventually disappear down the "food chain" and become powerful tools for commercial cyber criminals. This is what happened to the feats Eternal Blue and Eternal Romance, supposedly revealed by the NSA. They were quickly recovered by ransomware operators and embedded in the WannaCry ransomware.
Second, hackers focus on smart things: These devices, most of which are vulnerable to factory hijacking, have become ubiquitous in the modern smart home. As we increasingly rely on IoT devices for physical security and wellness - smart locks and medical implants, to name just a few - cybercriminals will likely focus on compromising devices to cause real harm to users.
TRP: Malware is being developed either by humans or by software vulnerabilities. If you could change things overnight with a magic wand, what would you change? (educate all humans about malware - get a universal code reader to map vulnerabilities to known databases?)
BB: Why not use the magic wand to completely eliminate cybercrime? Joking aside, I think I would use the wand to make people understand the importance of their data and their privacy. They will then take all necessary steps to better protect their online presence and minimize the risk of compromise.
- With a global network of 500 million machines, Bitdefender has the largest security provisioning infrastructure in the world. With 11 billion security requests per day, Bitdefender detects, anticipates, and takes action to neutralize even the latest dangers around the world in as little as 3 seconds.