Q&A with Bitdefender’s chief hacker

Image credit: Bitdefender

Bogdan Botezatu is Director of Threat Research at Bitdefender, and as such, a person with his finger on the pulse when it comes to the latest malware trends. We asked him a range of questions about the biggest threats out there, the dangers of smart home gadgets, and much more…

TechRadar Pro (TRP): Bogdan, can you tell us more about yourself, your role within Bitdefender and why you chose security as a career?

Bogdan Botezatu (BB): Hey there. My name is Bogdan, but most people call me Bob! I’m a Director of Threat Research at Bitdefender and I’ve spent more than 11 years doing, well, threat research: looking into existing malware, trying to spot trends and attempting to predict what the next big things in malware development will be.

I’ve been one of the few fortunate people who were born into a home with a personal computer in the early 80s. I spent most of my life trying to discover technology, how to interact with the computer and – at some point – how to manipulate it to achieve my end goals.

I naturally understood that systems are subject to subversion and manipulation – a thing that I experienced first-hand in my previous roles in system administration and devops. I chose security as a career because it’s one of the most challenging territories in information technology. It’s a high-stakes, extremely unbalanced game with unknown opponents where one mistake can cost a fortune. It’s a very exciting and very rewarding job.

TRP: AI is playing an increasingly bigger role in security, helping companies like yours and others close the increasing gap between supply and demand in security professionals. Do you envision a time when humans will no longer be needed in security?

BB: Machine learning is an extremely strong tool in fighting threats, but it is not a silver bullet to end all challenges. These machine learning models are developed, perfected and constantly trained by human engineers. If artificial intelligence will ever take over the security industry, it’s not going to happen anytime soon. On the contrary, the consolidation of businesses and their increased dependence on the internet has thrown the world into a massive crisis when it comes to skills. The World Economic Forum lists the cybersecurity skills shortage as one of the most important challenges organizations face to date. By 2020, companies will have 1.5 million unfilled jobs in cybersecurity.

TRP: What are the biggest security and privacy threats to small businesses that Bitdefender has identified, and why are they so dangerous?

BB: There’s a joke going around in the cybersecurity industry that says that the biggest threat to companies sits between the chair and the keyboard. The human factor is still one of the greatest risks to companies as people are subject to social engineering or deception. Whether we’re talking about employees who fall for phishing schemes or disgruntled staff acting against companies, the biggest threats come from the inside.

Another important threat to companies is the ever-expanding perimeter and the diversity of modern IT infrastructures. Companies don’t have physical boundaries to confine them to some brick-and-mortar premises where security controls can be put in between their network and the “outside world”. Their attack surface spans across data centers on multiple continents.

This infrastructure is a mix and match of legacy systems, software-defined infrastructure and a wide range of cloud services, which introduce management complexity and security challenges. Any unpatched vulnerability in these vendor stacks can open the door to skilled cybercriminals who can lay their hands on siloes of customer data collected along the years.

I mentioned that cybersecurity is a high-stakes, extremely unbalanced game – the good guys have to defend the fort at all times, but it only takes one lucky shot for the attackers to carry out their goals.

Last, but not least, modern malware attacks are becoming more and more pervasive. Ransomware is just one of the many threats aimed at the business world, but it is one of the most devastating in terms of impact. Healthcare, transportation and critical infrastructure are some of the most targeted verticals, and data encrypted by malware can bring them to a standstill.

TRP: Bitdefender is primarily a software company, and yet, you launched a piece of hardware: the Box. What was the thought process behind such a product?

BB: Bitdefender Box was a product born out of a huge necessity – we saw the IoT industry gaining significant traction, as millions and millions of smart, yet vulnerable devices were connected to the internet. By design, these devices have minimal computational and storage resources which makes it impossible for a cybersecurity vendor to develop a local agent.

The only viable approach was to protect these devices from outside and a network-level security appliance was the best way to do it. The Bitdefender Box was the first product of its kind and we spent a lot of effort not only shaping it to what it is now, but also to educate the public about why Internet of Things security should not be an afterthought.

TRP: Bitdefender hails from Romania what were the conditions/factors that allowed the company to thrive in a country not usually associated with cutting-edge technology.

BB: In several aspects, Eastern Europe is home to several top-tier cybersecurity companies, and this is likely the result of the socio-economic context after the fall of the Soviet Union. Romania is a country that has invested consistently in education, particularly in exact sciences. Maths, engineering and information security were – and still are – core of the educational curriculum in Romania.

The fall of the Soviet Union has brought the Eastern European economy to a standstill. Factories were closing, most people were losing their jobs, and the general perceived blame for these inequities and pain was pinned on the “capitalist” western world.

At that point, several malware creation groups in the former Soviet Bloc (particularly Bulgaria and Russia) started creating malware to “fight” the capitalist world in an early stage of digital hacktivism. Most of this malware was spreading to Romania as well due to the geographic proximity. It was at the time when the internet was years away from interconnecting a significant amount of people, and most of the malware was inadvertently propagated through removable media like floppy disks.

Bitdefender was born as a reaction to the malware invasion and has grown into a full business because of that.

At this point, we are one of the few cybersecurity solutions that constantly top independent benchmarks in the industry. We provide protection for more than 500 million customers all over the world and license our technologies to almost 40% of competing products.

Romania has become one of the largest players in the IT sector and has the highest number of technology workers per capita on the continent. More than 9,000 specialist IT workers graduate Romanian universities every year, adding to the existing pool of talent. About 90% of these workers are fluent in English.

TRP: What security-related stories (hacks, discoveries, hijacks) have caught your eyes over the past 12 months?

BB: We have been extremely busy with ransomware, one of the hottest threats at the moment. Our threat research teams have worked together with law enforcement agencies such as Europol, Interpol, and the FBI (to name just a few) to help customers get rid of a very pestering family of ransomware known as GandCrab.

This family alone holds 50% of the ransomware market share and is estimated to have infected at least one million computers around the world. Our decryptors – which were the result of more than nine months of continuous work – have helped home and business users decrypt precious data and save more than $44 million in unpaid ransoms.

TRP: What are the big trends/shifts in security that you foresee over the next 24 months? Do you still believe, as you wrote in 2008, that "it's difficult to predict and develop the security solution for tomorrow and it's increasingly easy for attackers to predict where and how to strike next."

BB: Cybersecurity evolves at a very rapid pace and it is indeed extremely difficult to predict. As the Internet of Things becomes more and more deeply fused with the consumer, cybercriminal groups will increasingly target this segment. An important subcategory that will be targeted is medical wearables (wireless insulin dispensers, pacemakers and so on).

Another big trend that we are monitoring is mobile attacks. As fintech services gain traction, the more attention mobile platforms will get from cybercrooks.

TRP: A worryingly high number of "smart" devices seem to fail to take even the most basic security precautions, making them insecure by design. If we were to buy a connected security camera, what should we be looking for from a security perspective?

BB: As a rule, we advise customers to buy IoT devices manufactured by vendors with a reputation behind them. A $5 smart switch is definitely appealing, but you’re getting only what you paid for and nothing more.

Most of the time, production costs are kept to a minimum because the vendor saves big by outsourcing firmware to a third-party, and by skipping the security testing and rushing a product through R&D. Price is a big indicator of quality, but it’s not the only factor to take into account. Also look at the history of firmware releases – a vendor that patches often is a vendor that takes security extremely seriously.

TRP: Given the absurdly high number of ways someone's persona can be stolen or a system compromised, is it fair to say that antivirus solutions are past their prime; that they need to be retired?

BB: No, not at all. On the contrary. A cybersecurity solution provides layered defenses that are proven to work in more than 99% of infections. Their purpose is to raise the cost of an attack and make it too expensive for the vast majority of cybercriminals.

Without a security solution, a computer is wide open to attacks – anyone, from script kiddies to important commercial threat actors, would be able to compromise a device and the stored data. Behavioral protection technologies, machine learning models and advanced heuristics are extremely effective against known and unknown threats.

  • With a worldwide network of 500 million machines, Bitdefender has the largest security delivery infrastructure on the globe. Performing 11 billion security queries per day, Bitdefender detects, anticipates and takes action to neutralize even the newest dangers anywhere in the world in as little as 3 seconds.