Would you like to get involved in cybersecurity? Take the test and discover your ideal job!

This week we began the celebration of the first ever Antimalware Day, a global ESET initiative to reinforce the importance of protection against computer threats. Why did we choose November 3 as the date to establish it? Because on that day, in 1983, Dr. Fred Cohen created one of the first computer viruses as we now know them today, and inspired his professor, Prof. Leonard Adleman, to coin the term for the first time.

Fred Cohen's experiments proved that viruses could replicate quickly in and to other systems, and also that it was necessary to develop multiple layered computer defense techniques against them. From that moment, the search for countermeasures to protect the systems was born and it became clear that we must work to improve them continuously. This search for a safer technological environment is the same one that, some years later, inspired ESET to develop its solutions, with the aim that users can enjoy safer technology. Today we celebrate Antimalware Day hoping that more and more people will join this search and contribute to achieve a more secure environment.

Being one step ahead of cybercriminals is a 24/7 job, 365 days a year, and no one can do it alone. Apart from us, there are many experts, specialists, researchers, analysts, hackers, even executives and government officials who work to make our digital world safer. Of course, we always need more hands and we are facing a scarcity of professionals in cybersecurity, but we know it is only a matter of time until more people decide to join this mission.

Today we want to suggest that maybe you can try it. If you are interested in our content and you see yourself often taking precautions to protect yourself, teaching your friends to do so or being curious about the behavior of computer threats, maybe it's time you consider getting involved in cybersecurity. Of course, there are different profiles in this area and not everyone enjoys the same activities. So we have prepared a quiz to help you discover what your ideal job would be in the field of cybersecurity — according to your abilities and interests. Your contribution is more necessary and valuable than you think: so take the test and be a part of the antimalware celebration!

Cybersecurity profiles: Discover your ideal job!

[Outcomes]

·         Security Researcher

o   You have amazing analysis and research skills and an unstoppable curiosity, a need to always find out a little more. You enjoy finding flaws that nobody had spotted before, studying and communicating them. In addition to the technical behavior of threats, you are interested in their impact on users, society, and organizations. You would make a great Security Researcher.

·         Malware Analyst

o   Your relationship with malicious codes is one a love/hate one. You are passionate about learning about them, amazed by their tricks, and they inspire you to keep digging because nothing can get past your radar. But you hate them, so bad, because of everything they ruin. You are an expert in reverse engineering and an enthusiastic detective. Your mission in this world is to unravel the behavior of threats and be a step ahead of cybercriminals.

·         Security Evangelist

o   You were born to be a medium: you communicate what happens in the technical world to the users out there who are not so much related with it, or are simply not interested (their miss!). Just because they do not have technical knowledge does not mean that users should be left out of security awareness, and your mission is to translate complex concepts into friendly messages for them, so that they are also part of it and learn why and how they should protect their data. You think everyone deserves to know and you are interested in teaching, sending a message so that people understand you. However, if you encounter an equally skilled expert, you won’t hesitate to lecture them as well!

·         Detection Engineer

o   You are a logical person with detective skills, who loves finding logical and behavioral patterns in the threats you analyze. Your passion is not the behavior of the malware but the patterns behind it, and luckily, your mathematical mentality allows you to calculate hashes and define signatures for everything you see.

·         Pentester

o   You love the risk of being caught, but are confident it won’t happen. You are a white hat smooth (not)criminal. You like to break everything! Always finding the secret, hidden path to make your way to enter any system. Your laptop and your pentesting tools are all you need to survive.

·         CISO/SysAdmin

o   Your mission is to protect the datacenter and the network, like a perimeter guardian. If you are in charge, no one will pass. You are careful not only that the systems are safe at the technical level, but that you also follow the management closely. For you, security is not a concrete action but a process.

1. What’s more fun to do in front of a PC?

·         Finding security flaws to report

·         Analyzing the behavior of a malicious code

·         Teaching friends and family to protect against cyber threats

·         Identifying patterns to carry out a registry of malicious codes and matching them according their behavior

·         Testing the security level of a system or organization

·         Managing the security of a system or organization

2. Your favorite type of malicious code to work on is:

·         The one that has capabilities never seen before

·         The one that has an interesting programming logic

·         The one from which you can learn a lot of lessons

·         The one that imitates the behavior of others

·         The one that allows an easy way into a system

·         The least harmful and easier to protect from

3. The malicious code you hate the most is:

·         The one you have been seeing for a while and has nothing new

·         The one with anti-debugging techniques

·         The one that is very hard to explain

·         The one that is hard to identify and doesn’t fit any previous description

·         The one that doesn’t do any real harm

·         The one that can infect the whole network and disrupt the services of an organization

4. What would be your ideal work environment?

·         A laboratory with many recent metrics and statistics

·         Any room where you can read security news and use your PC loaded with hacking tools

·         A laboratory with many malware samples and test environments

·         Anywhere with many potential victims to use your laptop with Kali Linux

·         An auditorium or classroom full of people eager to learn more about something

·         A datacenter and many endpoints to protect

5. Pick one of these:

·         Steve Wozniak

·         Sherlock Holmes

·         Sheldon Cooper

·         Alan Turing

·         Profesor Xavier

·         Mr. Robot’s Elliot Alderson

·         Optimus Prime

·         The IT Crowd’s Maurice Moss

Professor Len Adleman explains how he coined the term “computer virus”

By Sabrina Pagnotta

As you might have read, we decided to declare November 3 as Antimalware Day because it was on this date in 1983, when computer scientist Dr. Fred Cohen, then a student, created a program capable of rapidly overtaking a general purpose system, as part of a university experiment. It was the first time a program like that was called a computer virus, and it meant the beginning of computer defense techniques.

We continue the Antimalware Day celebration, an ESET initiative, by going back to that fateful day in 1983 when this program and its name were born. At that moment, the virus was defined as “a program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself”.

Dr. Cohen demonstrated a virus-like program he created after eight hours of work on a VAX11/750 system running Unix; it was capable of installing itself in other system objects and infecting them.

He wanted to prove how quickly this program could self-replicate. It was his teacher back then, Prof. Leonard Adleman, who coined the term “computer virus” to name the program, referring to its operation in terms of “infection”. He is a well-known computer scientist, one of the creators of RSA encryption algorithm (Rivest-Shamir-Adleman) and creator of DNA computing.

The Californian native not only gave a name to the program, but he also obtained the permits needed to conduct those first experiments at the University of Southern California (USC), and accompanied Cohen during his research and supervised him while he was writing his PhD thesis.

Therefore, we can say, confidently, that he is the right person to tell the story about how the first computer virus was born.

This is how he told us what happened on November 3, 1983:

I recall Fred, who was a student at my class, coming up to me after class and saying “I have this idea for a new kind of computer threat”. He said, “I will write this program and make it available to all the users on our systems. I will advertise the program as doing something useful, like organizing the user’s files”. But when they uploaded the program, what it would actually do is surrender all control of their data and privileges to Fred.

I said “Fred, yeah, that would work”. And he said “I wanna try it”. And I said, “Fred, you don’t have to try it. It will obviously work”. And Fred said “I wanna try it”. And I said “Fred, there’s no point. It will do exactly what you say”. And Fred said “I wanna try it”. So Fred was very sort of forceful and energetic. And so I finally went to the Chairman of the Computer Science Department and asked for permission for Fred to try this experiment on the department computer.

This was 1983, there were no smartphones or anything similar to personal computers, and the department computer was used by the entire faculty, all the students and all the administrators. Fortunately, the Chairman said “Sure, why not?”, so Fred did his experiment and wrote his program. Think of that program as one of the fake apps we speak about today, a thing that is advertised to do something but when you download it, it might do something else.

When he had done his experiment, his lecturer, Prof. Adleman, invited him to report the results to the class:

The program had done exactly what he had claimed it would do. It very rapidly was taken up by users of the system and all rights and privileges and data of the system were surrendered to Fred.

Cohen went on to do several experiments, and it never took more than a couple hours before he had complete access and complete control of the entire computer. So it worked.

Realizing what had just happened and what this virus meant

As passionate as he was with these experiments, Fred Cohen started thinking about what else could be done with these kinds of programs. According to Prof. Adleman:

He had all sorts of ideas, as I recall, about good things you could do with these programs. They would sort of run around and organize data without your intervention, they would do good things, but of course, it was also possible that they could do bad things.

So when word got out about Fred’s success, other people started thinking about what these kinds of computer threats could do, and the Chairman didn’t want any more experiments done on his computer.

Not that this was going to stop Fred’s interest in the matter: he was intensely interested and wanted to write his PhD thesis on it. Since he was in the Electrical Engineering Department and Prof. Adleman was in the Computer Science Department, the latter became his de facto supervisor, adding a theoretical perspective to the investigation, attempting to give a definition of what a computer virus was, and proving that it would be very difficult to stop them or recognize them all:

I would meet with Fred on a regular basis to discuss this, and I at the same time was doing research on HIV in a molecular biology lab. So viruses and how they worked were sort of much in my mind and I was reading a lot about molecular biology at that time. And so somewhere along the line during our discussions I started calling these things computer viruses.

Then sometime after that, I was at a conference on cryptography and ran into a reporter from the LA Times. His name was Lee Dembart, and Lee asked me what was going on. I said “not much, I’ve got a student who is researching something we’re calling computer viruses, but the research is embryotic and we haven’t got much now”.

Of course, saying the name ‘computer virus’ to a journalist when nobody knew about them was planting the seed, and the story wrote itself from that moment. “Lee wrote the story about it. I have never been able to find that copy but I think it was illustrated with a computer with a thermometer. And that’s what got the term computer virus out into the world”, he concluded.

When did we start talking about viruses?

“Saying the name ‘computer virus’ to a journalist when nobody knew about them was planting the seed”

Prof. Adleman acknowledges the term had been already used in science fiction at the time, for example in the movie Westworld of 1973, where the staff of the park meets to discuss the spread of malfunctions in the robots that were being caused by a sort of virus, analogous to the ones that cause infectious diseases.

And if you are thinking “wait, I remember Creeper, Elk Cloner and other early threats as also being the first viruses”, you are right. Remember, this was 1983 and there was no internet as we know it today, no smartphones or social media, so Fred Cohen and Len Adleman didn’t actually know about these other experimental programs. Anyway, none of them were actually called a “virus” at the time:

We weren’t aware of other experiments apart from ours. I’ve learned since then that other computer programs that had been written by other people also have the claim to be the first computer virus, but at the time we didn’t know any of that.

Whether Dr.Cohen’s was the actual first computer virus or not, we can certainly say that the reason we all now know these things as computer viruses today is because they both started calling them computer viruses at that time.

ESET research team assists FBI in Windigo case – Russian citizen sentenced to 46 months

Flash back on Operation Windigo

In March 2014, we released a paper about what we call Operation Windigo, a set of Linux server-side malware tools used to redirect web traffic, send spam and host other malicious content. This was the result of nearly a year’s worth of research effort that consisted of the in-depth analysis of different components, observation of how they were used and linking it all together. We are very proud that our work was recognized by the industry at VB2014 where our paper was awarded the inaugural Péter Szőr Award for best technical research.

At the core of Operation Windigo is Linux/Ebury, an OpenSSH backdoor and credential stealer that was installed on tens of thousands of servers. Using that backdoor, the attackers installed additional malware to perform web traffic redirection (using Linux/Cdorked), send spam (using Perl/Calfbot or SSH tunnels) and, most importantly, steal credentials when the OpenSSH client was used to spread further.

Since the release of that paper we wrote multiple updates regarding Windigo and Ebury. Today we have two new articles: this one about the arrest and sentencing of Maxim Senakh and a technical update on the new Ebury variants out there.

How ESET collaborates with law enforcement

As malware researchers at ESET, one of our roles is to document new threats and protect our customers from them. The scope we are given is actually larger: if at all possible, our job is also to protect all Internet users. This can take the form of takedowns, disruptions or even helping to get cybercriminals arrested. These operations cannot be accomplished without working with others and usually requires the involvement of various law enforcement agencies.

While malware researchers are capable of dissecting malware, analyzing their behavior, noting code similarity between samples and finding artifacts left in malware files such as compilation timestamps; the attribution of a cyberattack to a given individual or group is the job of law enforcement. Unlike private companies, law enforcement agents can legally seize C&C servers, follow the trails from monetary transactions and work with ISPs to identify the people profiting from crime.

In the case of Windigo, we have collaborated with the FBI by sharing technical details about the malicious operation and the malware components involved, allowing the FBI investigators to better understand the various parts of this very complex scheme. They also used our report to explain exactly what Windigo is to prosecutors, lawyers and judges.

The story of Maxim Senakh

It wasn’t without difficulty that the FBI apprehended one of the conspirators behind Operation Windigo. One of the ways the Ebury botnet was monetized was by displaying unwanted advertisements to unsuspecting users visiting compromised web servers. According to the indictment, the FBI followed the money trail of revenues generated from advertising networks. The ads were visited with traffic generated by the Ebury botnet. This resulted in the identification of a Russian citizen using multiple fake identities to register domain names used for malicious purposes and to manage monetary transactions related to the unwanted advertising operation.

Maxim Senakh was subsequently arrested on August 8^th 2015 by Finish authorities at the Finland-Russia border at the request of US federal authorities. It was not a smooth process: Russia objected to the arrest and extradition process on the basis that information related to Senakh’s illegal activity was not sent to Russia first. Soon after, the USA submitted an extradition request to the Finnish Ministry of Justice, who agreed to the request after a complex evaluation process. This decision could not be appealed, and Senakh was extradited to the US in February 2016, awaiting his trial.

Senakh originally pleaded not guilty. This meant both sides were preparing for a jury trial. ESET was asked to provide expert witnesses to testify at the trial and explain what Windigo and Ebury are, how the findings, numbers and facts present in our report were collected and why they are accurate. Writing technical reports on malware is one thing; testifying in a court of law in front of the alleged criminal is quite another. Despite the pressure, we accepted, knowing our involvement would be only related to the technical aspects of the operation. Proof of attribution was left to the FBI.

In March 2017, Senakh announced to the court that he would be changing his plea to guilty to a reduced set of charges. A trial was no longer necessary.

In August, he was sentenced to 46 months in prison in the state of Minnesota.

Here’s a summary of the timeline:

·         2015-01-13: Indictment against Maxim Senakh is produced, charging him with 11 counts.

·         2015-08-08: Maxim Senakh is arrested by Finnish authorities at its border while returning to Russia after personal travel.

·         2016-01-05: Finland agrees to the extradition of Senakh.

·         2016-02-04: Senakh is extradited from Finland to the US, where he pleads not guilty to all charges against him.

·         2017-03-28: Maxim Senakh enters into a plea agreement with the US Attorney’s Office and pleads guilty to the first count of the indictment, the remaining 10 being dismissed.

·         2017-08-03: Senakh is sentenced to 46 months in federal prison, without the possibility of parole.

The outcome – where is Windigo now?

Did the arrest of Senakh shut down the Operation Windigo botnet? From what we’ve seen, only partially.

Not long after Senakh’s arrest in 2015, our telemetry showed a sharp decrease in the traffic redirected by Cdorked, the component responsible for sending web visitors to exploit kits or unwanted advertisement pages. As we explained earlier, the FBI determined that this malicious activity benefited Senakh directly. This activity has not resumed.

We are not the only ones who think Cdorked could be extinct: two weeks after Senakh’s arrest, Brad Duncan, a security researcher from Rackspace, noticed a significant drop in Windigo activity related to the web traffic redirection.

This is good news. However, Windigo was not put to rest completely. We’ve seen new variants of Win32/Glupteba, a Windows malware that has strong ties with Windigo; Glupteba acts as an open proxy.

Also, last but not least: the malware component at the core of Windigo, the Linux/Ebury backdoor, has evolved. Development has continued and important changes were made to the latest versions, such as evasion of most of the public indicators of compromise, improved precautions against botnet takeover and a new mechanism to hide the malicious files on the filesystem. Read our complete analysis of the updated Linux/Ebury for more details.

https://www.welivesecurity.com/2017/10/30/esets-research-fbi-windigo-maxim-senakh/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

The Cybersecurity Skills Gap: Educating the next generation

By Tony Anscombe

Technological advancements are increasing rapidly, but the general population’s ability to utilize these new capabilities continues to lag behind. The growing number of recent cybersecurity attacks highlights a second gap; a shortage of skilled workforce in the cybersecurity industry, predicted to reach around 1.8 million workers by 2022.

There are numerous suggestions and ideas about how to close the gap, such as upskilling existing employees skill sets or utilizing automation. But a long-term strategy focused on training and educating the next generation will help to ensure enough people have the right skills for the future.

Children are now growing up in a digital age and should be in an ideal position and better equipped to take on the challenges of cybersecurity when they enter the workforce. This early exposure to the technology and best practices could easily be harnessed to give them a golden opportunity to be trained in the skills needed to fill the gap in the cybersecurity industry. But how do we to attract them into what many consider a geeky industry?

Diversity in the workforce

As with any industry, ensuring that cybersecurity attracts a diverse workforce is important in building a high-performing cybersecurity sector. The number of women in the cybersecurity industry is extremely low, accounting for just 7% of the industry’s workforce in Europe, yet women make up at least 40% of the general workforce in many countries. Attracting more women to the profession will create a more diverse workforce and help to reduce the numbers gap.

Making cybersecurity part of the curriculum

In 2014, Britain became the first G7 country to make computer science a compulsory subject at school – students should be able to write and debug a program by age seven. It’s important that we educate society broadly through a national curriculum that will ensure everyone possesses a certain skill level so that more people go on to develop the necessary expertise. This also give educators the opportunity to identify talent early on and hone in on it. Organizing intensive training for talented youngsters is already taking place with cybersecurity style clubs.

Hard skills to address

Understanding both network and computer basics is integral to giving youngsters a successful foundation in cybersecurity. At a cybersecurity boot camp run for high school students in San Diego, this topic was addressed through a foundation class in network architecture. Instilling these fundamental skills in young people ensures fewer knowledge gaps making us less vulnerable when protecting ourselves from would-be hackers. Workshops on malware, coding and encryption should  be included as standard so that young people have a broad range of knowledge and understanding. More specific training, perhaps targeted at young people who demonstrate talent in computer science. It is also important to include other perspectives on cybersecurity, such as law enforcement.

The importance of softer skills

Technical knowledge is, of course, imperative. However communication skills shouldn’t be overlooked and are often thought of as highly important in the industry. While a big topic to address, it’s important to ensure cybersecurity professionals develop the mind-set and moral code required to work effectively in this industry.

The answer to bridging the cybersecurity skills gap is education, not just for potential security experts of the future, but for all — by training the next generation and ensuring everyone has a solid understanding of computer security. There is little doubt that with the right curriculum and opportunities, the brightest and most talented individuals will be attracted to the fantastic opportunities that exist in the cybersecurity industry.

https://www.welivesecurity.com/2017/10/27/cybersecurity-skills-gap-educating-next-generation/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29