Tag Archives: Interview

Eddy Willems Interview: Smart Security and the “Internet of Trouble”

For this week’s guest article, Luis Corrons, director of PandaLabs, spoke with Eddy Willems, Security Evangelist at G Data Software AG, about security in the age of the Internet of Things.

Luis Corrons: Over the course of your more than two decades in the world of computer security, you’ve achieved such milestones as being the cofounder of EICAR, working with security forces and major security agencies, writing the entry on viruses in the encyclopedia Encarta, publishing a book, among other things. What dreams do you still have left to accomplish?

Eddy Willems: My main goal from the beginning has always been to help make the (digital) world a safer and better place. That job is not finished yet. To be able to reach a wide public, from beginners to more experienced internet users, I wrote my book ‘Cybergevaar’ (Dutch for Cyberdanger) originally in my native language. After that it has been translated into German. But for it to have a maximum effect, I really want it to be published in the most widely spoken languages in the world like English, Spanish or even Chinese. That really is a dream I still want to accomplish. It would be nice if we could make the world a little bit safer and at the same time make life a little bit harder for cyber criminals with the help of this book.

Another ambition that fits into my dream of making the world a safer place, is to get rid of bad tests and increase the quality of tests of security products. Correct tests are very important for the users but also for the vendors who create the products. Correct tests will finally lead to improved and better security products and by that finally to a safer world. That’s the reason why I am also involved in AMTSO (Anti Malware Testing Standards Organization). There is still a lot to do in that area.

LC: Since the beginning of 2010 you’ve been working as a Security Evangelist for the security company G Data Software AG. How would you define your position and what are your responsibilities?

EW: In my position as Security Evangelist at G DATA, I’m forming the link between technical complexity and the average Joe. I am responsible for a clear communication to the security community, press, law enforcement, distributors, resellers and end users. This means, amongst other things that I am responsible for organizing trainings about malware and security, speaking at conferences and consulting associations and companies. Another huge chunk of my work is giving interviews to the press. The public I reach with my efforts is very diverse: it ranges from 12 year olds to 92 year olds, from first time computer users to IT security law makers.

LC: Data that’s been collected over the years leads us to conclude that 18% of companies have suffered malware infections from social networks. What measures can be taken to avoid this? Are social networks really one of the main entry points for malware in companies?

Eddy Willems

EW: Social networks are only one vector of many infections mechanisms we see these days. Of course we can’t deny that social networks are still responsible for even some recent infections: end of November a Locky Ransomware variant was widely spread via Facebook Messenger. But still Facebook, Google, LinkedIn and others have some good protective measures in place to stop a lot of malware already. Surfing the web and spammed phishing or malware mails are still the main entry points for malware in companies. Delayed program and OS updating and patching and overly used administration rights on normal user computers inside companies are key to most security related problems.

LC: What do you believe to be the greatest security problem facing businesses on the Internet? Viruses, data theft, spam…?

The weak link is always an unaware or undertrained employee. The human factor, as I like to call it.

EW: The biggest security threat to businesses are targeted phishing mails to specific employees in the company. A professional, (in his native language) well-written created phishing mail in which the user is encouraged to open the mail and attachment or to click on a specific link, has been seen in a lot of big APT cases as the main entry point to the whole company. These days even a security expert can be tricked into opening such a mail.

Another great threat is data breaches. Most of those are unintentional mistakes made by employees. A lack of awareness and a lack of understanding of technologies and its inherent risks are at the base of this.

Both of these risks boil down to the same thing: the weak link is always an unaware or undertrained employee. The human factor, as I like to call it.

LC: Criminals are always looking to attack the greatest amount of victims possible, be it through the creation of new malware for Android terminals or through older versions that may be more exposed. Do cybercriminals see infecting old devices the same way as infecting new devices? Which is more lucrative?

EW: Android has become the number 2 OS platform for malware after MS Windows. Our latest G DATA report saw an enormous increase in Android related malware in 2016. G DATA saw a new Android malware strain every 9 seconds. That says enough about the importance of the platform. Current analyses by G DATA experts show that drive-by infections are now being used by attackers to infect Android smartphones and tablets as well. Security holes in the Android operating system therefore pose an even more serious threat. The long periods until an update for Android reaches users‘ devices in particular can aggravate the problem further. One of the bigger issues is that lots of old Android devices will not receive any updates anymore, bringing the older devices down to the same level of (no) security as Windows XP machines. Cybercriminals will look to the old and new Android OS in the future. Malware for the old Android versions will be more for the masses, but malware for the new versions Android versions needs to be more cleverly created and are more lucrative if used for targeted attacks on business or governmental targets.

LC: In this age of technological revolution through which we are now living, new services are invented without giving a second thought to the possibility that it may be put to some ill-intentioned use, and are therefore left under-protected. Has the Internet of Things become the main challenge with regard to cybersecurity? Does the use of this technology conflict with user privacy?

EW: I wrote about the Internet of Things already a couple of years ago at the G DATA blog where I predicted that this platform would become one of the main challenges of cybersecurity. In my opinion IoT stands more or less for the Internet of Trouble. Security by design is dearly needed, but we’ve seen the opposite unfortunately in a lot of cases.

Besides Smart grids and Smart factories, Smart cities, Smart cars and Smart everything else, we will also need Smart security.

IoT is seriously affecting our privacy unfortunately. The amount of data IoT devices are creating is staggering and that data is being reused (or should we say misused). You’ve undoubtedly agreed to terms of service at some point, but have you ever actually read through that entire document or EULA? For example, an insurance company might gather information from you about your driving habits through a connected car when calculating your insurance rate. The same could happen for health insurance thanks to fitness trackers. Sometimes the vendor states in the EULA that he isn’t responsible for data leakage. It brings up the question if this is not conflicting with the new GDPR (General Data Protection Regulation).

I am convinced the Internet of Things will bring about much that is good. I can already hardly live without it. It is already making our lives easier. But IoT is much bigger than we think.  It’s also built into our cities and infrastructure. We now have the opportunity of bringing fundamental security features into the infrastructure for new technologies when they are still in the development stage. And we need to seize this opportunity. That is ‘smart’ in my opinion. Besides Smart grids and Smart factories, Smart cities, Smart cars and Smart everything else, we will also need Smart security. I only hope the world has enough security engineers to help and create that Smart security.

LC: New trends such as the fingerprint and other biometric techniques used with security in mind are being implemented, especially in the business world. What’s your opinion about the use of these methods? For you, what would the perfect password look like?

EW: Simple, the perfect password is the password I can forget. In an ideal world, I don’t need to authenticate myself with other tools anymore except part(s) of my body. It’s unbelievable how long it takes to implement this in a good way. The theory is there for ages and we have the technology now, it’s only not perfect enough which makes it costly to implement in all our devices. After that comes the privacy issues related to it, which possibly will postpone the implementation again.

We also need to think about the downside of biometric techniques. If my fingerprint or iris gets copied somehow, I don’t have the option of resetting or changing it. So we will always need to have a combination of authentication factors.

LC: Your book Cybergevaar pitches itself as a sort of information manual on IT security for the general public, offering various tips and advice. What were some of the greatest challenges in outlining a book aimed at every kind of Internet user? What piece of advice on display is most important for you?

EW: One of the big challenges in writing the book was leaving out most of the technical details and still remaining on a level that everyone, including experts and non-technical people, wants to read. I tried to keep a good level by including lots of examples, personal anecdotes, expert opinions and a fictional short story. Keeping all your programs and OS up-to-date and using common sense with everything you do when using your computer and the internet is the best advice you can give to everybody! The real problem most of the time is, as I mentioned before, the human factor.

LC: There’s been some talk of a “new reality”, the omnipresent Internet in every aspect of our lives. From your perspective, is this phenomenon truly necessary?

EW: IoT is just the beginning of it. I think we are very near to that ‘new reality’ even if you don’t like it. Our society will be pushed to it automatically, think about Industry 4.0 and Smart cities. In the future you will only be allowed to buy a car with only these specific Smart features in it or you will not be allowed to drive in specific cities. A smart cooking pan that automatically tracks calories and records your delicious recipes as you cook in real time will only work with your new internet connected Smart cooking platform. The omnipresent internet is maybe not really necessary but you’ll be pushed to it anyway! The only way to escape it will be maybe a vacation island specifically created for it.

We also need to think about the downside of biometric techniques. If my fingerprint or iris gets copied somehow, I don’t have the option of resetting or changing it.

LC: What have been for you the worst security violations that have marked a before-and-after in the world of cybersecurity? Do you have any predictions for the near future?

EW: The Elk Cloner virus and the Brain virus back in the eighties … everything else is just an evolution of it. We probably wouldn’t have this interview if nothing had happened 30 years ago or … maybe it was only a matter of time? Stuxnet was built to sabotage Iran’s Nuclear program. Regin demonstrates even more the power of a multi-purpose data collection tool. Both built by state agencies showing that malware is much more than just a money digging tool for cybercriminals. And of course the Snowden revelations as it showed us how problematic mass-surveillance is and will be and how it reflects back to our privacy which is slowly fading away.

Malware will always be there as long as computers -in whatever shape or form they may be around, be it a watch, a refrigerator or a tablet- exist and that will stay for a long time I think. Cybercrime and ‘regular’ crime will be more and more combined (eg. modern bank robberies). Malware will influence much more our behavior (eg. buying, voting, etc) and ideas resulting in money or intelligence loss. Smart devices will be massively misused (again) in DDoS and Ransomware attacks (eg. SmartTv’s). And this is only short-term thinking.

The only way forward for the security industry, OS makers, application vendors and IoT designers, is to work even closer together to be able to handle all new kind of attacks and security related issues and malware. We are already doing that to some extent, but we should invest much more in it.

 

The post Eddy Willems Interview: Smart Security and the “Internet of Trouble” appeared first on Panda Security Mediacenter.

“Android-specific ransomware and mobile banking Trojans are issued around the world”- Paul Chung

chung

If there is something that stands out from my +17 years in the security field, it is the bright people I’ve met from all over the globe, that protect users from the cyber-attacks threatening us every day. In this new section, I am going to interview people from different parts of the world, who will tell us about their experiences and perspectives in the security environment.

For my first interview, I’d like to present you to Paul Chung. Paul is from South Korea and his Korean name is 정택준. He works at AhnLab as a Security Evangelist in the Next Tech & Strategy Division.

 

1.- How did you get involved in security?

Actually, I was trying to get out of the computer science field when I was at school. I was confused at the time and I decided to join the Navy for a change. I was assigned CERT in Central Computing Center, where I managed network and security systems. I’ve been fascinated with security since then.

2.- Tell us a bit about your career at AhnLab.

When I was in the Navy, I learned about the network threats, but I was always curious about the file based threats. That is why I joined ASEC (AhnLab Security Emergency Response Center) at AhnLab. I’ve worked as a malware researcher for eight years and now I’m working on preparing our company for the future. I am learning about new technologies which we could adopt and what kind of new infrastructure we need.

3.- South Korea is the country with the highest Internet speed in the world, and among other things it is known for its gamer community. Do you have specific threats targeting gamers in your country?

Korea has a multi-billion dollar game industry, which is fifth in the world, and over 80% of them are online games. Because of the geological location and ‘Korean Wave’ in Asia, a lot of Korean games are distributed to nearby countries. I think that this is tempting for attackers. Not only to target Korean gamers, but everyone has who played that particular game. That is why we see a lot of online game hacks related malwares. Most of the malwares tries to steal the gamer’s credentials and some of the ransomware encrypts game related files and demands money to decrypt it.

Smishing, or SMS phishing, attacks are very popular in Korea.

4.- South Korea is also the country in the world with the highest smartphone ownership. Are there cyber-crime gangs specifically targeting South Korean smartphone users, or do you get the same kind of threats as the rest of the world?

According to one of the researchers (Pew Research Center) in 2015, 88% of Korea’s population owns a smartphone. From my point of view, android-specific ransomware and mobile banking Trojans are issued around the world. In Korea, Smishing (SMS phishing) attacks are very popular and mobile banking Trojans are on the rise.

5.- As a highly developed and technological country, South Korea has already suffered cyberattacks coming from other nations. Some countries have been already created commands that focus on cyber-defense of critical assets for the country, such as the United States Cyber Command. Are there similar initiatives in South Korea?

We do have an Armed Forces Cyber Command which is subordinate to the Ministry of Defense. Also, we have a National Cyber Security Center which is run by National Intelligence Service. Both of them grown large to defend cyber-attacks from the Strategy Cyber Command which is made by Kim Jung-un from the North.

But when it comes to security, one or two organization is not enough. As a security company we also work with our government to defend such an attack.

6.- Currently, what is the most desirable sector for cyber-delinquents? How do you think security in this sector has evolved?

I think what they are most interested in is money. So a lot of malware you see these days are related to ransomware or online banking. I think they are also interested in SCADA and ICS systems. We will see more of these attacks too.

A lot of industries are preparing for the attacks which we have seen already. But there are more to come. I think we need to cooperate with each other more than ever. Not just security companies but also with the government and other related industries. There is a lot of data out there, which we are missing. If we could gather meaningful data and share it, I think we will have a good chance to secure the net.

7.- What do you foresee in the next 5 years? What threats will we have to face? How is the security industry going to be like in the next decade?

This is a hard question for me. Because, who knows what will happen in the future? Though, I might have few things to forecast.

Threats aimed at IoT devices and connected cars will be the trend in the future.

I think we will see more threats on IoT devices and Connected Cars. IoT devices are very vulnerable when it comes to security, like everybody knows. Also, cars are evolving fast. From the Gartner report, in 2020, 250 million cars will be connected to the network. And from BI Intelligence, the market will grow into a 123 billion dollar industry by that time.

As the environment changes, threats will change too. As a security company, we need to carefully look at where the changes are being made and research how we could defend it. But it won’t be done by one man or a company, we all need to work together to figure it out.

Now that we understand how important cybersecurity is for our everyday lives, don’t hesitate any longer!  Boost your business with advanced cybersecurity solutions that allow you to manage, control and protect your business’s entire IT park.

The post “Android-specific ransomware and mobile banking Trojans are issued around the world”- Paul Chung appeared first on Panda Security Mediacenter.