Cyber Talk Radio: Malware Hunting
Malware Hunting - Week 3 of Cyber Talk Radio
This past Saturday, October 8th, the third episode of Cyber Talk Radio hit the airwaves on 1200 WOAI and iHeartRadio streaming. Show archives are available on the Cyber Talk Radio website or directly on the Cyber Talk Radio YouTube Channel.
Chris Gerritz joined us to discuss malware hunting which is a complicated topic he made approachable. Once an attacker is in your network, they become a persistent threat. It isn’t always a break-in, rob you and leave. They want to move in and dig in their hooks. When they’re good at it the security community calls it an Advanced Persistent Threat (APT).
Advanced Persistent Threat
Wikipedia does an excellent job with a concise, yet detailed, definition for us:
An advanced persistent threat is a set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity. An APT usually targets organizations and/or nations for business or political motives. APT processes require a high degree of covertness over a long period of time. The “advanced” process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The “persistent” process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The “threat” process indicates human involvement in orchestrating the attack.
What is malware?
Chris goes over worms, viruses and the history of malware. In the early days, it was about theoretical research and now criminals have a specific intent to use malware to steal. Curious about the difference between a trojan and a worm? If so, you can stream from the YouTube link below. He then closes with a clear definition, “Malware is software that uses your computing resources to do anything you don’t want it to do.”
Top attack vector
The top threat is still e-mail based attacks with malware attachments or evil web links. A common example is a fake tracking email with a link to track your package.
What is the motivation?
Chris and I go into a current example, the 2016 Presidential Election, and why hackers would want to target campaigns directly, aides or volunteers to manipulate results. Even if a person with motivation and intent does not have the skill themselves, the dark web contains ‘hacker dating sites’ to match up people with intent and people with skills for a price. A Google search at the time of this blog post shows me 249,000 results for ‘election hacking’.
Average time to discover a sophisticated attacker is 205 days
This is a scary number. If it takes 205 days to discover an attacker and your backup retention period is 90 or 180 days, then every version of your backups will have hooks the attacker has put into your systems to maintain their access.
Details of a persistent threat
After the bottom of the hour break we go deep into how attackers really stay inside your systems and what you can do to find out if you’re compromised and how to clean them out.
Recent Episodes – Available to stream from our YouTube channel
- September 24th, 2016: Machine learning security with Charlie Rentschler
- October 1st, 2016: Social Media Security with Matt Wilbanks, CEO of HelpSocial
- October 8th, 2016: Malware Hunting with Chris Gerritz, CEO of Infocyte
Upcoming Episodes – Saturday nights from 11:00 p.m. to Midnight
- October 15th, 2016: Internet of Things (IoT) Security & National Cyber Security Awareness Month with John Engates, CTO of Rackspace
- October 29th, 2016: Healthcare Data Privacy & HIPAA Security with David Schulz, Executive Director of Cyber Risk Associates
- November 5th, 2016: Authentication security with Paul Querna, CTO of ScaleFT
- November 12th, 2016: Application security with John Dickson and Dan Cornell, Principals of Denim Group
Have an idea for a Topic or want to be a Guest?
Contact Cyber Talk Radio via our Request a Topic form.
About Cyber Talk Radio
Cyber Talk Radio is a 1200 WOAI radio show that airs every Saturday at 11:00 p.m. The weekly show hosted by Bret Piatt, CEO at Jungle Disk, will feature guest speakers to discuss cloud computing, cybersecurity and Internet trends facing businesses in industries such as healthcare, financial services, legal and real estate. As a major Cyber City in the U.S. and home to over 80 information security companies, San Antonio is an ideal city to host Cyber Talk Radio and educate local businesses and listeners. To learn more about Cyber Talk Radio, request a topic or submit to be a guest speaker, visit http://www.cybertalkradio.com/.