Story image

Exclusive: The white hat hackers making sure your internet stays safe

Recently IT Brief had the opportunity to sit down with Vitaly Kamluk, the Director of Kaspersky’s GReAT team. We discussed the current state of cyber security as well as the future of the internet.

To start off with can you tell me a bit more about GReAT & what it is you do? 

Well, GReAT is a team that Eugene decided to create when he anticipated that big changes were coming, this was 2008, a time before APT attacks were a thing. No one knew about targeted attacks but Eugene felt that something was coming from the nation states we probably detected it but we just didn't know where it lies and what it really does.

So he had this idea to start a team called GReAT focusing on the most sophisticated threats and that was quite interesting to me because I like harder tasks, that’s how I got involved with the team. 

Our goal is to secure the internet, help solve global problems and apprehend sophisticated threats which are hard to analyse and require close attention.

Let's talk a bit about targeted attacks, what sets them apart from regular Cyber attacks? Why are they so dangerous? 

Well they're harder to to discover and that's on purpose, when we dealt with cyber criminals before 2010 we were used to the idea that criminals and attackers will try to spread malware as wide as possible, so every infection they could monetise and convert into money, however, with targeted attacks that isn’t the case. 

With targeted attacks, criminals didn’t hit too many targets instead launched precise attacks on purpose because they want to stay below the radar.

The initial objective was also different for them when you infect many computers you can monetise, so the purpose was money, however, the targeted attacks started in order to get intelligence information.

It originated from nation states and a lot of attacks still come from these states, they don't steal to gain financial profit, they do it to gain information and a strategic advantage over victims like geopolitical intelligence or military plans.

So when it comes to discovering these threats how do you go about it?

Well, we’re looking for anomalies, something that stands out, something that helps you pick up the first trace. Once the first trace is discovered we try to pull the strings that are attached, there are technologies that help you do this, and then of course mistakes made by the attackers,  sometimes their algorithms can be can be wrong and this is what we can leverage.

Basically, we are looking for ways to exploit their mistakes which helps us to discover more and more files related to the incident. In the end, we share all this knowledge with either the general public, our subscribers or customers that want to consume this type of information. Sometimes we find that sharing the information with the general public gives criminals time to fix their mistakes or disappear. 

When we talk about the future of the internet what are some of the most concerning trends you see? 

Well, we’ll probably become blind to certain offensive threats. So something that was coined as a cyber war, in my opinion, has an invisible nature. Cyber espionage is just one part of it. It's just reconnaissance its part of any military action, you do the reconnaissance and then you strike. However, in the cyber domain, you don’t strike in an attributable manner, yet you can cause havoc and that’s what's so concerning to me. 

Without neutral vendors that can report threats like these they would become a massive concern I think. Just think about it, if a business is aligned with a local government it isn’t in their best interest to report a global cyber attack launched by that government. 

How would you approach addressing these concerns?

Well, we keep doing what we do right now. It’s all about transparency, we aim to show that we have nothing to hide, we are open for any inspection, we also made it clear that as researchers we wouldn't be willing to work for a company that helps any offensive operations. Even if those offensive actions are being launched by a local government we remain neutral. 

We still help law enforcement, of course, we still have ongoing respect for them. We also continue our conversations and work with governments around the world but we also understand they have their own agendas. We know they have their own plans and objectives, we respect them, but if they're caught by us in the middle of an operation it means they weren’t professional enough. 

An example of this was when we published the names of some of the Russian hackers that meddled in the US elections. 

We play by the rules and don’t actively hunt secrets but if we catch you then we have an obligation to let the victims know. 

Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
One Identity named Leader in PAM and IAM by KuppingerCole
KuppingerCole lead analyst Anmol Singh evaluated the strengths and weaknesses of 20 solution providers in the PAM market for the report.
Healthcare environments difficult to secure - Forescout
The convergence of IT, Internet of Things (IoT) and operational technology (OT) makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks.
Bitglass appoints new cloud, business development leaders
The cloud security company has appointed vice presidents for worldwide channels and worldwide business development.