By Bret Piatt
Oct 11, 2016
Listen to the replay: Malware Hunting with Chris Gerritz, CEO of Infocyte
This past Saturday, October 8th, the third episode of Cyber Talk Radio hit the airwaves on 1200 WOAI and iHeartRadio streaming. Show archives are available on the Cyber Talk Radio website or directly on the Cyber Talk Radio YouTube Channel.
Chris Gerritz joined us to discuss malware hunting which is a complicated topic he made approachable. Once an attacker is in your network, they become a persistent threat. It isn’t always a break-in, rob you and leave. They want to move in and dig in their hooks. When they’re good at it the security community calls it an Advanced Persistent Threat (APT).
Wikipedia does an excellent job with a concise, yet detailed, definition for us:
An advanced persistent threat is a set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity. An APT usually targets organizations and/or nations for business or political motives. APT processes require a high degree of covertness over a long period of time. The “advanced” process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The “persistent” process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The “threat” process indicates human involvement in orchestrating the attack.
Chris goes over worms, viruses and the history of malware. In the early days, it was about theoretical research and now criminals have a specific intent to use malware to steal. Curious about the difference between a trojan and a worm? If so, you can stream from the YouTube link below. He then closes with a clear definition, “Malware is software that uses your computing resources to do anything you don’t want it to do.”
The top threat is still e-mail based attacks with malware attachments or evil web links. A common example is a fake tracking email with a link to track your package.
Chris and I go into a current example, the 2016 Presidential Election, and why hackers would want to target campaigns directly, aides or volunteers to manipulate results. Even if a person with motivation and intent does not have the skill themselves, the dark web contains ‘hacker dating sites’ to match up people with intent and people with skills for a price. A Google search at the time of this blog post shows me 249,000 results for ‘election hacking’.
This is a scary number. If it takes 205 days to discover an attacker and your backup retention period is 90 or 180 days, then every version of your backups will have hooks the attacker has put into your systems to maintain their access.
After the bottom of the hour break we go deep into how attackers really stay inside your systems and what you can do to find out if you’re compromised and how to clean them out.
Contact Cyber Talk Radio via our Request a Topic form.
Cyber Talk Radio is a 1200 WOAI radio show that airs every Saturday at 11:00 p.m. The weekly show hosted by Bret Piatt, CEO at Jungle Disk, will feature guest speakers to discuss cloud computing, cybersecurity and Internet trends facing businesses in industries such as healthcare, financial services, legal and real estate. As a major Cyber City in the U.S. and home to over 80 information security companies, San Antonio is an ideal city to host Cyber Talk Radio and educate local businesses and listeners. To learn more about Cyber Talk Radio, request a topic or submit to be a guest speaker, visit http://www.cybertalkradio.com/.