You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ESET ADVERTORIAL<br />
THE ESET<br />
EXPERT<br />
We sat down with Nick FitzGerald, Senior Research<br />
Fellow at ESET to discuss the current threat landscape<br />
What are the latest trends in the type of<br />
threats and vulnerabilities ESET works<br />
to prevent? Is there a particular type of<br />
malware in fashion right now?<br />
Well, right when you asked, everybody<br />
was, and still is, talking about the<br />
WannaCryptor (aka WannaCry)<br />
ransomware worm. The reason<br />
WannaCryptor has received so much<br />
attention is that it combines one of the<br />
most common current forms of malware<br />
– ransomware – with fast-spreading<br />
network worm functionality. The worm<br />
also depended on an element of luck for its<br />
success. It used the so-called EternalBlue<br />
exploit from the recent Shadow Brokers<br />
leak of what are reputedly NSA hacking<br />
tools. EternalBlue exploits a vulnerability<br />
in a very old part of the Windows<br />
networking code that was present in<br />
all versions of Windows from at least<br />
Windows XP, and maybe even earlier.<br />
Despite all this though, I don’t think<br />
that WannaCryptor is the beginning<br />
of a trend. The worm functionality of<br />
WannaCryptor has seriously jarred quite<br />
a number of people out of what may<br />
have been an element of complacency.<br />
I strongly suspect that many network<br />
firewalls and other security perimeters<br />
and controls will have been checked a<br />
little more thoroughly than usual over<br />
the last few days.<br />
How does ESET stay on top of the<br />
constant malware and virus threats<br />
that seem to constantly be popping up?<br />
It may be rather anti-climactic, but the<br />
answer is that it’s ‘mostly done through<br />
automation’. The huge volume of samples<br />
of new malware and other “suspect”<br />
activity our products see<br />
and log is constantly being<br />
mined for interesting<br />
patterns and new developments. Of<br />
course, there are human researchers<br />
overseeing all this, as often their<br />
experience means they see things better<br />
or sooner than the automated systems.<br />
Further, human researchers oversee the<br />
testing and validation of new detection<br />
patterns and other technologies we<br />
deploy, either through the cloud or<br />
directly to the endpoint security<br />
software.<br />
What’s a typical malware analysis<br />
look like? How does ESET counter<br />
increasingly ambitious hackers?<br />
The new, possibly more challenging and<br />
interesting material tends to stick out like<br />
the proverbial “sore thumb”. Usually what<br />
follows is nothing like typical. Sometimes<br />
it takes thinking outside the square, such<br />
as how researchers thought to look for<br />
what turned out to be early IoT malware<br />
and such.<br />
Do you have a favourite piece of<br />
malware? Something nasty, but you<br />
kinda admire the ingenuity of it?<br />
Not that I’ll identify publicly! Seriously<br />
though, you do occasionally come<br />
across something whose elegance,<br />
or whose key ideas are so simple yet<br />
had not been thought of or tried before,<br />
gives you pause to admire the ingenuity<br />
or skill that resulted in this piece of<br />
malice being built. Mostly though, you<br />
just groan at the unending ordinariness<br />
of it all, or even have to laugh at the abject<br />
stupidity and you are left scratching<br />
your head wondering how many more<br />
errors and bugs would have been needed<br />
to render the code entirely useless, as<br />
opposed to its current state of nearuselessness.<br />
When ESET detects a vulnerability,<br />
what is the typical time frame from<br />
when the issue is detected and a<br />
response is released to customers?<br />
In the case that we become aware of<br />
vulnerabilities in our own products, we<br />
work as quickly as possible to remediate<br />
and release updates to fix the issue. As<br />
the complexity of vulnerabilities can vary<br />
greatly, it is very difficult to put a likely<br />
or typical timeframe on preparing and<br />
shipping such remediations, but in the<br />
few such cases since I have worked for<br />
ESET, our responses have been measured<br />
in days rather than weeks or longer<br />
timeframes. Further, it is often the case<br />
that we could ship detection updates<br />
to detect and block attempts to exploit<br />
such vulnerabilities, thus protecting our<br />
customers until we can ship a full repair.<br />
In the case that we become aware of<br />
vulnerabilities in the products of others,<br />
we work to responsibly disclose the<br />
vulnerability to the affected vendor<br />
and assist them in remediating the<br />
vulnerability if they wish to work with<br />
us. Again, it is likely that we could ship<br />
detection updates for exploitation<br />
attempts to help protect our customers<br />
until the affected can ship an update to<br />
fix the issue.<br />
WHAT ABOUT THE WANNACRY MALWARE SCARE?<br />
Ransomware is an insidious piece of<br />
software that finds its way on to your<br />
computer the same way as malware<br />
(i.e: downloading a dodgy program via<br />
an email link, banner ad or app that<br />
misrepresents itself), but instead of<br />
turning your computer into a hacker’s<br />
slave, every single file is encrypted.<br />
If you want your files unencrypted,<br />
you have to use Bitcoin (a relatively<br />
anonymous payment method) to pay the<br />
ransom and have your data released.<br />
Luckily, ESET Internet Security<br />
includes Ransomware Shield. When<br />
Ransomware Shield<br />
is enabled, all executed applications<br />
are monitored and evaluated using<br />
behavioural and reputation based<br />
heuristics. When behaviour that<br />
resembles ransomware is identified,<br />
such as trying to encrypt data<br />
unexpectedly, the process is blocked and<br />
you are notified of what’s going on. It’s<br />
not a total replacement for a solid backup<br />
of your important data, but another<br />
line of defence to ensure your normal<br />
activities are not disrupted.<br />
www.pcandtechauthority.com.au <strong>July</strong> <strong>2017</strong> 37