Published on January 18th, 2018 | by admin0
Florin Talpes Interview (Bitdefender’s CEO & Founder)
We catch-up with CEO and Founder of Bitdefender Florin Talpes to talk about cyber threats and how to protect your systems from cybercriminals.
As a security analyst, which Malware threat in 2017 made you take the most notice and why?
There are actually two malware threats that made serious headlines during 2017: ransomware and IoT malware. While we’re no strangers to ransomware, this year’s WannaCry and GoldenEye outbreaks raised serious concerns regarding the new worm-like capabilities that enable it to affect countries all over the world. IoT malware, such as Mirai, were also responsible for affecting fortune 500 companies after performing a DDoS attack on DYN (DNS service provider). This incident proved not just that an IoT army/botnet can affect the Internet’s infrastructure, but also that they’re becoming increasingly popular for cybercriminals because of their lax security.
Tell us how cyber criminals may target smart technology in the home?
If the Mirai malware was mostly about trying out default credentials on internet-connected devices in order to gain access to them, we’ve already seen new IoT malware that actively exploits known – but unpatched – vulnerabilities in them. This increased complexity in IoT malware is fueled by both the proliferation of IoTs but also by the fact that a very large number of household smart devices never (or rarely) receive security updates to known vulnerabilities. If passwords can be changed, unpatched vulnerabilities can prove far more effective as they may remain unpatched and re-exploitable even if the device is reset, throughout the entire lifetime of the device.
What advice would you give users to protect their smart devices?
The easiest way of securing your smart devices is to get a home network cybersecurity solution that’s capable of not just securing anything that’s connected to the internet, but also let you know if a device is vulnerable or if there are security updates that you need to apply to these IoTs. A solution like this would also prevent brute forcing attacks coming from cybercriminals that try to repeatedly guess your IoTs passwords, or prevent vulnerable ports from being exposed to the internet.
Other security tips for IoTs involve creating a separate home network to which only smart devices are connected. For example, if a smart doorbell is compromised, the attacker will not be able to move laterally across your network in order to also compromise your smartphone or laptops. He would be confined to a network where only IoTs could potentially be compromised. This is in no way a perfect security measure, but at least your private and personal data that’s stored on your NAS, desktop, or laptop will be safe from ransomware or cybercriminals.
Before purchasing any IoT it’s highly recommended that you research the manufacturer to find out if they have a bug bounty platform of if they constantly push security updates to their smart devices. Otherwise, you may end up plugging a vulnerable smart device to your home network that may never receive any security updates.
How do you predict 2018 will pan out with cyber threats and what should we be looking for?
Threats will definitely increase in sophistication for both PCs and IoTs. New capabilities will be developed for age-old ransomware – to make it more difficult to detect by security solutions – while IoT malware will become commonplace. With the increased popularity of cryptocurrencies, it’s likely that we’ll see threats aiming to leverage the processing power of both controlled IoTs and regular devices in the hopes of generating cryptocurrency for cybercriminals.
Do you own any smart home devices and if so, which ones? What are the pros and what the cons of owning these devices?
It’s hard not to own a smart device nowadays. Smart TVs are in many homes and although people don’t consider them IoTs, they are actually equipped with an operating system, they are connected to the internet, and can be infected or affected by threats. Smart light bulbs and smart electrical sockets are also quite popular, and while the benefits of owing remotely controllable devices have to do with convenience and usability, the risk of having them breached is a reality. The major con to owning a smart device is that most users connect it to their main Wi-Fi network, potentially placing at risk all other network connected devices. The fact that users are not always aware of security implications associated with smart devices is probably the biggest con.
What do you feel will be the biggest threat to these devices?
IoT malware designed to compromise smart things and make them a part of a botnet is probably the most serious concern. While some users might not too worried about this, they need to be remembered that smart devices could be used to leak personal information (e.g. biometrics, Wi-Fi credentials, etc.) or even infringe on our privacy (e.g. IP cameras and baby monitors that can be used for espionage and eavesdropping). The biggest threat to these devices is not necessarily malware, as that’s just a consequence, but unpatched vulnerabilities and poor security practices make for the biggest threats to IoTs.
Can you tell us a little about your relationship with Netgear and how will this benefit users?
With IoTs estimated at billions of devices, having a the ability to seamlessly protect all of them while at the same time implicitly protecting your data and privacy has become a necessity. The partnership with Netgear is aimed at providing advanced cyber threat protection for your entire home and all your devices, while at the same time giving users a compressive view on their home network security status. Intelligent device management and constant vulnerability assessment is key to making informed security decisions, and having all that integrated with your network gateway – your Netgear router – offers the constant visibility into the overall security posture of your home, while at the same time having actionable intelligence.
To learn more about Bitdefender, please visit https://www.bitdefender.com.au/