Interview: Senior Malware Researcher at ESET unpacks popular cyber threats

Robert Lipovsky unpacks popular cyber threats
Robert Lipovsky, Senior Malware Researcher at ESET
Robert Lipovsky, Senior Malware Researcher, ESET
Robert Lipovsky, Senior Malware Researcher, ESET

Cybercrime remains a looming threat in the ICT sector and doesn’t show any signs of slowing down. Cybercriminals continue to find new and sophisticated ways to override security protocols for malicious purposes.

In 2017, we saw the rise of ransomware as it swept through both large and small-scale businesses, wherein 2018 there was greater interest in the theft of intellectual property and attacks on governmental institutions by APTs.

IT News Africa had the chance to sit down with Robert Lipovsky, Senior Malware Researcher at ESET, to chat about the biggest cybersecurity issues out there right now and also to touch on how cyber threats have evolved over the years.

In your opinion, what is currently the biggest malware related issue?

It depends on for whom. If we look at enterprises and governments, high-value targets, it’s definitely cyber espionage and even cyber sabotage as we’ve been witnessing for the past few years. There are attacks, whether that’s for corporate competitive advantage or whether it’s at the nation-state level. So these things are a reality and we have been seeing things like intellectual property being stolen and siphoned off from companies and being sent into foreign countries and we have seen governmental institutions targeted by APTs, advanced persistent threats, and we see that all the time, targeted attacks which are carried out by professional groups. That’s what we can say for certain and allegedly, or highly likely, by other governments of other nations.

So those are the threats and it’s not just government institutions, but whole critical infrastructures of various countries. We were behind the research in the discoveries of the first cyber attack that caused blackouts in history that happened in Ukraine. The first one and then the second one a year later. These are really big issues that the whole world is facing because Ukraine has been a test bit for such an attack, but the tools, the arsenal that’s being developed is made in a way so that it can be deployed anywhere else. These are the threats for those types of users.

If we’re talking about regular users, you know, regular people, then they should mostly be concerned about cybercrime. Banking trojans, as we call them. Basically, any malware that steals, whether it’s your online banking credentials or your passwords. We do see that a lot and we dedicate special effort to monitoring those most active botnets and malware families. We even provide a feed of this, an early warning for banks so they can take proactive measures to defend from these things.

And also ransomware obviously. That has been one of the main topics for the last couple of years. 2017 was labeled as the year of ransomware and that is due to the number of ransomware families that there were at the peak of the ransomware activity. Our detection engineers were seeing a new ransomware family every single day, so there really was a lot. All of the cybercriminals wanted to jump on the bandwagon because it was profitable and easy to do. There was even “ransomware as a service”. So, somebody with bad intentions just needs to be a programmer and you could hire that person on underground forums and just deploy it and make money.

That was mostly the situation last year. Obviously, ransomware is still an issue and it’s not going away anytime soon, but it has been on the decline since then and instead the attackers, or the cybercriminals, have been focusing on cryptocurrencies and making money by using cryptocurrencies in various ways, whether its stealing wallets from users’ infected computers or malicious crypto mining, crypto jacking as it’s called. Obviously, crypto mining is legitimate if you’re doing it willingly but if it’s somebody else mining or using your hard-earned resources, that’s something else.

What responsibility does an end-user have in terms of protecting their personal data?

They have to realise the value that their personal data has. That is something which a lot of people underestimate by saying “I have nothing valuable. I have nothing interesting for criminals. Why would they attack me?” But everyone does online banking, everyone has information that they want to keep private and that is something that attackers obviously are after, whether for monetary reasons or for any other reason that you can imagine it might be used against those people. That is something people need to realise when it comes to individuals.

I would split personal devices into two areas: one is the technical and one is the non-technical, the human side. On the technical side, use security software on all platforms that you’re using. Desktops are understandable, but you also need to protect your mobile devices. Also, have backup solutions in place.

Shifting towards the behavioural aspect, you can have technical solutions but if you’re not making good decisions and engaging in safe practices, then you’re opening yourself up to become vulnerable to attackers. It is true what they say, that in many attacks the human is quite often the weakest link in the chain. So educate yourself to the extent of knowing what to do, whether it’s basic password policies and using password managers or two-factor authentication. It’s really simple stuff that’s talked about a lot, it’s not new, backup your stuff, but a lot of people still neglect that. The measures are not complicated, people just need to take the time and implement them.

With 10 years of experience in the cyber security sphere, how has cybercrime evolved over the years?

It has always been a cat and mouse game, so while we work as defenders, the attackers are trying to circumvent the defenses. Attacks are getting more sophisticated in this high-level sort of sense, not necessarily in a technical sense. I mean, when I started, rootkits were really abundant, while now the window has mostly shifted. Rootkits were the technically most sophisticated pieces of malware and we’ve seen attackers shift their focus into areas where they have the best return on their investment.

To use an analogy instead of using extreme resources to break someone’s password, you can use social engineering and ask them for their password and a lot of people will give it to you if the phishing or social engineering is good. The sophistication is quite often not on the technical side, but the attackers are really trying to make the best return on their investment and it’s been working. It’s not off course to say that we do see technically advanced attacks too, but the majority of things exploit the vulnerabilities in humans.

By Daniëlle Kruger
Follow Daniëlle Kruger on Twitter
Follow IT News Africa on Twitter