Tony Jarvis is Check Point Security’s Chief Technology
Officer (CTO) although he prefers the term advocate or evangelist.
GadgetGuy had the pleasure of chatting to Tony about all
matters security, especially those relating to consumers.
Tony rightly points out that Check Point is one of the big four enterprise vendors along with names like Cisco, Palo Alto Networks, and Juniper. But, don’t worry. What is happening at the big end of town is happening to consumers too. It is just that Enterprise has more money and resources to throw at the problem – and much more at stake.
The good thing for consumers is that the technology that protects
banks, governments and military is flowing down to them.
The interview was far-ranging,
so the best I can do is paraphrase.
GG: Tell us how you
got into Security?
I am a Melbourne boy gaining
an Honours grade Bachelor of Commerce, Accounting and Business Management as
well as an Honours grade Bachelor of Information Systems. Add to that
certifications from Cisco (CCSP/CCNP), CompTIA (A+ and Nwtwork+), Juniper
(JNCIS-SEC), (ISC)² (CISSP), ITIL (V3) and ISACA (CISA) and sixteen years’
experience and you begin to see what it takes to become a CTO.
As you do, I went from Uni to Telstra in 2003 as a Network
Specialist. It is great training covering
core networks, security, network optimisation, SLA, and managed network
services for enterprise and government clients. Then KAZ for three years at a
Network Engineer rounded out my post-uni conversion from theory to practice.
I spent a little over six years with Standard Chartered Bank
in Singapore as a Senior Security
Specialist/Infrastructure and Security Architect. Let’s just say that breaches and downtime for a bank are catastrophic and this was a great baptism.
Banks are a prime target for hackers and cybercriminals.
I did a brief stint with FireEye working on prevention of
Zero-Day attacks and learnt more about incident response, forensic investigations,
information security and cyber operations.
In January 2016 I became Check Point’s CTO for the Asia Pacific, Middle East and Africa. Let’s just say that my job is about thought
leadership and strategic advice.
GG: Computer virus has been around since MS-DOS days of the ’80s and 90s. What has changed?
(Note this is an amalgam from both GG and Tony).
Virus writing was all about infecting an MS-DOS or later
Windows PC because they could. It was fun, and
many universities used virus writing as a basis for learning to code.
Pre-internet you had to put a floppy disk into the PC and run an infected
program, but there was little you could
do to exfiltrate data or infect networks.
GG: Ha – so it’s true
that Steve Jobs funded or encouraged virus development for Microsoft machines
and virus writers to lay off Macintosh?
I cannot confirm or deny. There were rumours.
But virus writing for
fun moved to virus writing for profit with the advent of the internet and now
today’s always-connected world.
We now have hackers working for nation states that break
into computer systems and steal secrets. These are the somewhat brilliant if
misguided people that invent the tools. Today we call this malware, and these carry
all manner of payloads.
Some payloads steal certain
types of data, some may surreptitiously use
cameras or microphones, and some may set up huge networks of infected bots to do things like DDOS attacks or to
send masses of junk emails. Their goal is nation-state
Then we have cybercriminals who are in it for the money.
Most of what consumers and enterprise see – ransomware, crypto-coin mining,
banking trojans etc., – are cybercriminals
using tools readily available on the Dark Web or developed by hacker staff.
So, let’s call this for what it is – crime committed using
the internet (an IP wide area network) to break into computing devices via a
vulnerability. It is no different from a
criminal breaking into a house via a badly
GG: You mentioned
that consumers benefit from enterprise protection. How?
Enterprise, especially those with customer databases are
daily targets for cybercriminals. Most access comes via emails – highly
developed, machine learning or AI-driven,
social engineered, spear phishing; masquerading as a colleague (Business Email
Compromise); or spoofing (using a known trusted address).
The aim is to elicit action. Go to a website, click on a
link, transfer funds – anything that the recipient can do in their job. We call
that self-sabotage – weak passwords, weak
security, weak people and all can be fixed.
Once a cybercriminal is inside
a computer, they can browse the network and decide on what goodies to
Simply put enterprise employs dozens of best of breed tools
to stop this and this intelligence flows down to the consumer via online
malware detection clouds and endpoint software. In our case, we develop ZoneAlarm
for home and small business, and it’s the
same protection as enterprise has on its
What consumers don’t have, and frankly cannot afford is the
perimeter hardening tools like enterprise firewalls, sandboxes, patch
management, hyper-scale management etc.
But these tools are
also coming to SaaS (Security as a Service) where SMB and consumers won’t have
to worry – all it will cost is a small monthly fee.
GG: What are your
predictions for the coming year?
More of the same only faster! Some years we play catch up with the bad guys, and some years we edge ahead. Make no mistake – cybercrime is big money and
cybercriminals have all the latest tools like machine learning and AI.
2017-2018 was the year of ransomware. It’s still a huge threat, but things like the No More Ransom Project (and we are an Associate Partner) are helping to slow that down. We – the security industry – played catch up to help beat ransomware, and it is no longer as profitable for cybercriminals.
2018-2019 is the year of crypto-currency miners and nearly half of the top ten malware threats take over your PC, mobile or even IoT to mine cryptocurrency. Why? Because together huge botnets can make money for cybercriminals and you pay via your data, power and hardware overheads.
↔ XMRig – Open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017.
↑ Cryptoloot – Cryptominer, using the victim’s CPU or GPU power and existing resources for cryptomining – adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites.
The other threats focus setting up spam servers, adware, stealing data etc.
Remember personal data is gold and goes into your profile on the Dark Web to help with Identity Theft or AI-driven spear phishing.
↔ Emotet – Advanced, self-propagate and modular Trojan. Emotet once used to employ as a banking Trojan and recently is used as a distributor to other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. Also, it can spread through phishing spam emails containing malicious attachments or links.
↔ Nivdort – Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.
↔ Dorkbot – IRC-based Worm designed to allow remote code execution by its operator, as well as the download of additional malware to the infected system.
↑ Lokibot– Lokibot is an Info Stealer distributed mainly by phishing emails, and is used to steal various data such as email credentials, as well as passwords to CryptoCoin wallets and FTP servers.
↑ Gandcrab- GandCrab is ransomware distributed via the RIG and GrandSoft Exploit Kits, as well as email spam. The ransomware uses an affiliates program, with those joining the program paying 30%-40% of the ransom revenues to the GandCrab author. In return, affiliates get a full-featured web panel and technical support.
↓ Ramnit– Banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.
GG: OK the hoary old
question – PC or Mac?
Mac desktop/laptop market share is static at around 9%. Linux is about 2% and Windows about 88%.
Cybercriminals go after the money, so it makes sense to go after Windows.
But macOS is not safe as our Malware Pedia shows. While there is nowhere near as much Mac malware, it is more sophisticated to get around Mac’s native defences. If you use Mac read the Mac Malware Pedia link above and get some protection NOW.
iOS is not as safe either. We say that Apple’s lower volume – around 12% worldwide versus Android at 88% makes Android the sensible target – we call it the ‘Perils of popularity’. Read our take on this, Taking a bite from Apple’s iOS myth and note that using an iPhone without protection is madness.
GG: What phone do you
I am a security evangelist, and
I use Android Oreo. Android Pie is even better, and Google is doing an
excellent job in securing the operating system.
But remember that the always-connected word means that cybercriminals
view all mobile devices as a) a gold mine for what is on them and b) a way into
the corporate or home network.
Mobile security is now in its fifth-generation, and Check Point has a slightly different slant
on that. We call it SandBlast 3.0 – a cloud-based solution that works on
Android and iPhone devices and protects from malware, man-in-the-middle attacks
over cellular, and Wi-Fi networks, OS exploits, and phishing attacks. It has
the highest threat catch rate on the market.
It is for enterprise use at present but will migrate to
consumer use soon.
GG: IoT threats are
Let’s get back to basics. The Internet is a wide area network (WAN), and the home or business network is a local
area network (LAN). Both work together via IP (Internet protocol).
When you’re on the internet, which everybody is, everybody
is fair game, so we have to be aware of
Australians have a reputation for being early adopters and heavy consumers of technology. There are estimates of 20.4 billion Internet of
Things (IoT) devices by 2020. Securing these devices must be a priority, given
that IoT presents a future that is very difficult to secure.
He said it’s important for everyone involved, including
designers, manufacturers, retailers, and consumers, to be aware of the security
A cybercriminal has malware that roams the WAN that wants to
get into the LAN. Automated botnets attack routers, IoT, security cameras,
anything with a known vulnerability. IoT, especially older IoT does not have
security in mind – many still use default passwords like Admin/Admin. Most do not have security patches.
Or you have remote
access enabled to get into local storage, security camera or alarm system.
Once in they can roam the LAN looking for gold in the data, send
junk email, be part of botnets DDOS attacks and more.
GG: What about the
emerging cybercriminal industry in Asia and elsewhere.
Wherever labour is cheap, you will see an emerging cybercriminal industry that uses tools from the Dark Web and to go after the low hanging fruit. Things like working on Collection #1-5 data breaches, attacking old unpatched vulnerabilities, spear phishing and ransomware. The thing is that it does not take too many successes to fund their expansion and some of the tools are now homegrown.
There is a huge industry now in targeting high net worth individuals. There are attack farms in places like South East Asia and Africa that specialise in this. They use machine learning and AI to deliver highly targeted spear phishing. It may purport to come from the local gym, post office, supermarket or newsagent. They may employ dumpster divers to go after gold in your bin, steal from your mailbox or follow your movements around the suburb. Yes, its beginning to happen in Australia.
GG: So, how paranoid do you need to be to survive?
The average person still has not connected the dots. For them, it is still convenience over security.
They are still the weak link be it using generic passwords,
clicking on email links, not being suspicious enough of fake websites – I could
go on. Cybercriminals will flourish until the world is paranoid enough to
GG: Five tips, please
Use reputable paid anti-malware/virus/phishing/ID Theft on every device – free software does not cut it
Use complex passwords or a password manager like the freemium Last Pass (the free version works for most of us)
Implement multi-factor authentication everywhere – especially where money or valuable information is involved
Don’t overshare on social media – it aids identity theft
Think – look at emails and websites, and if the deal or offer is too good to be true it is
GG: Final words?
In the security industry,
our greatest fear is complacency. Threats evolve quickly, and we need to do more than just respond. We must evolve faster!
And every threat is
exacerbated by the proliferation of apps designed to help us by knowing more
about us. Don’t give too much away.
And remember – for
every horror story you hear about a friend being
hacked – it could just as easily