Story image

Exclusive: The white hat hackers making sure your internet stays safe

Recently IT Brief had the opportunity to sit down with Vitaly Kamluk, the Director of Kaspersky’s GReAT team. We discussed the current state of cyber security as well as the future of the internet.

To start off with can you tell me a bit more about GReAT & what it is you do? 

Well, GReAT is a team that Eugene decided to create when he anticipated that big changes were coming, this was 2008, a time before APT attacks were a thing. No one knew about targeted attacks but Eugene felt that something was coming from the nation states we probably detected it but we just didn't know where it lies and what it really does.

So he had this idea to start a team called GReAT focusing on the most sophisticated threats and that was quite interesting to me because I like harder tasks, that’s how I got involved with the team. 

Our goal is to secure the internet, help solve global problems and apprehend sophisticated threats which are hard to analyse and require close attention.

Let's talk a bit about targeted attacks, what sets them apart from regular Cyber attacks? Why are they so dangerous? 

Well they're harder to to discover and that's on purpose, when we dealt with cyber criminals before 2010 we were used to the idea that criminals and attackers will try to spread malware as wide as possible, so every infection they could monetise and convert into money, however, with targeted attacks that isn’t the case. 

With targeted attacks, criminals didn’t hit too many targets instead launched precise attacks on purpose because they want to stay below the radar.

The initial objective was also different for them when you infect many computers you can monetise, so the purpose was money, however, the targeted attacks started in order to get intelligence information.

It originated from nation states and a lot of attacks still come from these states, they don't steal to gain financial profit, they do it to gain information and a strategic advantage over victims like geopolitical intelligence or military plans.

So when it comes to discovering these threats how do you go about it?

Well, we’re looking for anomalies, something that stands out, something that helps you pick up the first trace. Once the first trace is discovered we try to pull the strings that are attached, there are technologies that help you do this, and then of course mistakes made by the attackers,  sometimes their algorithms can be can be wrong and this is what we can leverage.

Basically, we are looking for ways to exploit their mistakes which helps us to discover more and more files related to the incident. In the end, we share all this knowledge with either the general public, our subscribers or customers that want to consume this type of information. Sometimes we find that sharing the information with the general public gives criminals time to fix their mistakes or disappear. 

When we talk about the future of the internet what are some of the most concerning trends you see? 

Well, we’ll probably become blind to certain offensive threats. So something that was coined as a cyber war, in my opinion, has an invisible nature. Cyber espionage is just one part of it. It's just reconnaissance its part of any military action, you do the reconnaissance and then you strike. However, in the cyber domain, you don’t strike in an attributable manner, yet you can cause havoc and that’s what's so concerning to me. 

Without neutral vendors that can report threats like these they would become a massive concern I think. Just think about it, if a business is aligned with a local government it isn’t in their best interest to report a global cyber attack launched by that government. 

How would you approach addressing these concerns?

Well, we keep doing what we do right now. It’s all about transparency, we aim to show that we have nothing to hide, we are open for any inspection, we also made it clear that as researchers we wouldn't be willing to work for a company that helps any offensive operations. Even if those offensive actions are being launched by a local government we remain neutral. 

We still help law enforcement, of course, we still have ongoing respect for them. We also continue our conversations and work with governments around the world but we also understand they have their own agendas. We know they have their own plans and objectives, we respect them, but if they're caught by us in the middle of an operation it means they weren’t professional enough. 

An example of this was when we published the names of some of the Russian hackers that meddled in the US elections. 

We play by the rules and don’t actively hunt secrets but if we catch you then we have an obligation to let the victims know. 

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.