Bogdan Botezatu is Director of Threat Research at Bitdefender, and as such, a person with his finger on the pulse when it comes to the latest malware trends. We asked him a range of questions about malware and the growing threat it poses to businesses and consumers.
TechRadar Pro (TRP): Bogdan, What is the most persistent myth about malware that you have encountered as a security professional?
Bogdan Botezatu (BB): The most frequent myth about malware that we see emerging on a regular basis is that computer users don’t perceive themselves as likely targets. Some would argue that their computers are not critical to their business, while others would reckon that they are not using e-banking or other financial services that might immediately help attackers monetize on the infection.
This is not the case, as cyber-criminals take a “shotgun approach” to infecting consumer and business devices: the more targets they compromise, the more likely for them to monetize on a part of these victims. Computers can be used for all sorts of illegal activity like sending spam, carrying DDoS attacks, credentials harvesting, hosting phishing pages, stolen information or acting as a proxy to help cyber-criminals conceal their online activity.
Alternatively, hackers can just plant ransomware, seize control of their data and then wait for the user to notice that they are missing important files (such as pictures, tax return forms or projects they were working on).
Another interesting myth is that people think they are safe just because they know what they are doing on the Internet and take the necessary precautions to avoid “bad neighborhoods”.
Unfortunately, this one is also wrong – it only takes one unpatched vulnerability for a cyber-criminal to exploit. Exploit kits and malvertising have changed the way users get infected and often hackers craft their attacks in such a way that they do not require user interaction. No more clicking malicious links in spam or opening attachments. It is enough for them to sneak a malicious ad on a high reputation website to have users automatically compromised as they visit the respective web page.
TRP: What are the instances where AI or machine learning are of little use against malware attacks?
BB: It’s hard to imagine how the cyber-security industry would be able to keep up with the ever-evolving threat landscape without the help of machine learning technologies. At the same time, I feel that I need to state this again: cyber-security is not a silver bullet to malware but a rather important security layer. AI won’t be able to prevent you from opening a remote desktop session for a scammer pretending to be a tech support specialist with your operating system vendor.
TRP: Would you consider privacy tools like VPNs to help against malware or unwittingly assist them (false sense of security)?
BB: VPN solutions are privacy tools rather than cyber-security tools and users should be aware of the differences. A VPN tool ensures that your data stays private as it travels across the Internet and that the service you are “talking to”, does not know your actual IP address. It also helps you circumvent geographic restrictions and censorship. If you end up visiting a malicious website, the VPN solution will not magically make the malware disappear. For that you need an anti-malware solution. The good thing is that the vast majority of security vendors bundle a VPN solution along with their anti-malware products.
TRP: What is the most difficult malware case you have ever worked on?
BB: This is a hard one. Each family of malware has its particularities that adds extra challenge when analyzing samples or creating detections for these samples. But to keep the answer to the point I’d say that there are samples like Stuxnet, which are not only extremely complicated because of their number of lines of code – they are also extremely complex in the way they interact with the outside world. There are some samples that leverage “wormable” vulnerabilities – stuff that allows them to propagate from one computer to another extremely aggressively in a short period of time. Last, but not least, there are malware creators that target specific antimalware solutions and would issue updates several times a day to outsmart analysts and defeat their mitigations.
TRP: How do you see the malware threat evolving over the next few years?
BB: Cyber-crime is a multi-billion dollar market with a diverse ecosystem that has been expanding ever since the Internet became an important part of our lives. If back in 2010, there were about 47 million known malware samples, in 2019 there are more than 943 million ones. On average, Bitdefender processes about 350,000 new pieces of malware every day. But malware is not just increasing in sheer numbers, it also becomes more complex and reaching out to more platforms. Vulnerabilities used by stare-sponsored actors in cyber-warfare leak out eventually down the “food chain” and become powerful tools for commercial cyber-criminals. This is what happened with the Eternal Blue and Eternal Romance exploits, allegedly leaked out by the NSA. They were rapidly picked up by ransomware operators and built into the WannaCry ransomware.
Secondly, hackers have a strong focus on smart things: these devices – most of which are vulnerable to hijacking straight out of factory – have become ubiquitous in the modern smart home. As we rely more and more on IoT devices for physical security and well-being (smart locks and medical implants, to only mention a few), cyber-criminals will probably focus their efforts in compromising devices to cause real harm to users.
TRP: Malware thrives either because of humans or because of software vulnerabilities. If you could change things overnight with a magic wand, what would you change? (make all humans educated about malware? get a universal code reader to match vulnerabilities against a known database?)
BB: Why not use the magic wand to completely remove cybercrime? Joking aside, I think that I’d use the wand to make people realize how important their data and their privacy really are. They will then take all necessary steps to better safeguard their online presence and minimize risks of compromise.
- With a worldwide network of 500 million machines, Bitdefender has the largest security delivery infrastructure on the globe. Performing 11 billion security queries per day, Bitdefender detects, anticipates and takes action to neutralize even the newest dangers anywhere in the world in as little as 3 seconds.
