Bogdan Botezatu is Bitdefender's Director of Threat Research, always up to date on the latest malware trends. We asked him a series of questions about malware and the growing threat to business and consumers.
TechRadar Pro (TRP): Bogdan, What's the most consistent myth about malware you've encountered as a security expert?
Bogdan Botezatu (BB): The most common myth about malware that we regularly observe is that computer users do not perceive themselves as likely targets. Some argue that their computers are not critical to their business, while others assume they do not use e-banking or other financial services that could immediately help attackers make money from the infection.
This is not the case as cyber ̵
Alternatively, hackers can install ransomware, take control of their data, and then wait for the user to discover that important files (such as images, tax return forms, or projects they've been working on) are missing.
Another interesting myth is that people think that they are safe just because they know what they are doing on the internet, and take the necessary precautions to avoid "bad neighborhoods".
Unfortunately, this too is wrong – only one unpatched vulnerability is needed for a cybercriminal to exploit. Exploit kits and malvertising have changed the way users become infected. Often, hackers set up their attacks so that no user interaction is required. No more clicking on harmful links in spam or opening attachments. It's enough for them to sneak a malicious ad on a high-profile website so that users are automatically compromised when they visit their website.
TRP: In which cases is AI or machine learning useful against malware attacks?
BB: It's hard to imagine how the cybersecurity industry can keep up with the evolving threat landscape without the help of machine learning technologies. At the same time, I think I have to say it again: cybersecurity is not a miracle weapon for malware, but a fairly important level of security. AI can not stop you from opening a Remote Desktop session for a scammer pretending to be a technical support specialist with your operating system manufacturer.
TRP: Would you consider privacy tools like VPNs to counter malware or accidentally help? you (false sense of security)?
BB: VPN solutions are more privacy tools than cybersecurity tools, and users should be aware of the differences. A VPN tool ensures that your data remains confidential when transmitted over the Internet, and that the service you "speak" with does not know your actual IP address. It also allows you to bypass geographic restrictions and censorship. When you visit a malicious website, the VPN solution does not magically make the malware disappear. For this you need an anti-malware solution. The good news is that the vast majority of security vendors are bundling a VPN solution with their anti-malware products.
TRP: What's the hardest malware case you ever worked on?
BB: This is a difficult question. Each family of malware has its own peculiarities that present an additional challenge in analyzing samples or creating detections for those samples. To get the answer right, I would say that there are examples like Stuxnet, which are extremely complicated not only because of the number of lines of code, but also in the way they interact with the outside world , There are some examples that exploit "wormable" vulnerabilities – things that allow them to spread extremely aggressively from one computer to another within a short period of time. Last but not least, there are malware developers who target certain anti-malware solutions and publish updates several times a day to outsmart analysts and circumvent their mitigation limitations.
TRP: How do you see the development of the malware threat in the next few years?
BB: Cybercrime is a billion dollar market with a diverse ecosystem that has become an important part of our lives since the advent of the Internet. If there were about 47 million known malware samples in 2010, by 2019 it would have exceeded 943 million. On average, Bitdefender processes about 350,000 new malware every day. However, malware not only increases, but also gets more complex and reaches more platforms. Vulnerabilities exploited by Stare-sponsored actors in cyber warfare eventually appear in the "food chain" and become powerful tools for commercial cybercriminals. This happened with the exploits Eternal Blue and Eternal Romance, which were allegedly distributed by the NSA. They were quickly picked up by ransomware operators and integrated with WannaCry ransomware.
Second, hackers focus heavily on smart things: these devices, most of which can be hijacked right out of the box, are ubiquitously smart homes in modern times. As we rely more and more on IoT devices for physical security and well-being (smart locks and medical implants, just to name a few), cybercriminals are likely to focus on compromising devices to do real harm to users.
] TRP: Malware thrives either because of humans or because of software vulnerabilities. If you could change things with a wand overnight, what would you change? (Get everyone familiar with malware? Get a universal code reader to check for vulnerabilities in a popular database?)
BB: Use the magic wand to completely remove cybercrime. Aside from jokes, I think I would use the wand to make people realize how important their data and privacy really are. They will then take all necessary steps to better protect their online presence and minimize the risk of compromise.
- With a global network of 500 million machines, Bitdefender has the world's largest security deployment infrastructure. Every day, Bitdefender conducts 11 billion security queries, detecting, anticipating, and taking action to neutralize even the latest threats around the world in just 3 seconds.