Tony Jarvis is Check Point Security’s Chief Technology Officer (CTO) although he prefers the term advocate or evangelist.
GadgetGuy had the pleasure of chatting to Tony about all matters security, especially those relating to consumers.
Tony rightly points out that Check Point is one of the big four enterprise vendors along with names like Cisco, Palo Alto Networks, and Juniper. But, don’t worry. What is happening at the big end of town is happening to consumers too. It is just that Enterprise has more money and resources to throw at the problem – and much more at stake.
The good thing for consumers is that the technology that protects banks, governments and military is flowing down to them.
The interview was far-ranging, so the best I can do is paraphrase.
GG: Tell us how you got into Security?
I am a Melbourne boy gaining an Honours grade Bachelor of Commerce, Accounting and Business Management as well as an Honours grade Bachelor of Information Systems. Add to that certifications from Cisco (CCSP/CCNP), CompTIA (A+ and Nwtwork+), Juniper (JNCIS-SEC), (ISC)² (CISSP), ITIL (V3) and ISACA (CISA) and sixteen years’ experience and you begin to see what it takes to become a CTO.
As you do, I went from Uni to Telstra in 2003 as a Network Specialist. It is great training covering core networks, security, network optimisation, SLA, and managed network services for enterprise and government clients. Then KAZ for three years at a Network Engineer rounded out my post-uni conversion from theory to practice.
I spent a little over six years with Standard Chartered Bank in Singapore as a Senior Security Specialist/Infrastructure and Security Architect. Let’s just say that breaches and downtime for a bank are catastrophic and this was a great baptism. Banks are a prime target for hackers and cybercriminals.
I did a brief stint with FireEye working on prevention of Zero-Day attacks and learnt more about incident response, forensic investigations, information security and cyber operations.
In January 2016 I became Check Point’s CTO for the Asia Pacific, Middle East and Africa. Let’s just say that my job is about thought leadership and strategic advice.
GG: Computer virus has been around since MS-DOS days of the ’80s and 90s. What has changed?
(Note this is an amalgam from both GG and Tony).
Virus writing was all about infecting an MS-DOS or later Windows PC because they could. It was fun, and many universities used virus writing as a basis for learning to code. Pre-internet you had to put a floppy disk into the PC and run an infected program, but there was little you could do to exfiltrate data or infect networks.
GG: Ha – so it’s true that Steve Jobs funded or encouraged virus development for Microsoft machines and virus writers to lay off Macintosh?
I cannot confirm or deny. There were rumours.
But virus writing for fun moved to virus writing for profit with the advent of the internet and now today’s always-connected world.
We now have hackers working for nation states that break into computer systems and steal secrets. These are the somewhat brilliant if misguided people that invent the tools. Today we call this malware, and these carry all manner of payloads.
Some payloads steal certain types of data, some may surreptitiously use cameras or microphones, and some may set up huge networks of infected bots to do things like DDOS attacks or to send masses of junk emails. Their goal is nation-state dominance.
Then we have cybercriminals who are in it for the money. Most of what consumers and enterprise see – ransomware, crypto-coin mining, banking trojans etc., – are cybercriminals using tools readily available on the Dark Web or developed by hacker staff.
So, let’s call this for what it is – crime committed using the internet (an IP wide area network) to break into computing devices via a vulnerability. It is no different from a criminal breaking into a house via a badly designed lock.
GG: You mentioned that consumers benefit from enterprise protection. How?
Enterprise, especially those with customer databases are daily targets for cybercriminals. Most access comes via emails – highly developed, machine learning or AI-driven, social engineered, spear phishing; masquerading as a colleague (Business Email Compromise); or spoofing (using a known trusted address).
The aim is to elicit action. Go to a website, click on a link, transfer funds – anything that the recipient can do in their job. We call that self-sabotage – weak passwords, weak security, weak people and all can be fixed.
Once a cybercriminal is inside a computer, they can browse the network and decide on what goodies to take.
Simply put enterprise employs dozens of best of breed tools to stop this and this intelligence flows down to the consumer via online malware detection clouds and endpoint software. In our case, we develop ZoneAlarm for home and small business, and it’s the same protection as enterprise has on its endpoints.
What consumers don’t have, and frankly cannot afford is the perimeter hardening tools like enterprise firewalls, sandboxes, patch management, hyper-scale management etc.
But these tools are also coming to SaaS (Security as a Service) where SMB and consumers won’t have to worry – all it will cost is a small monthly fee.
GG: What are your predictions for the coming year?
More of the same only faster! Some years we play catch up with the bad guys, and some years we edge ahead. Make no mistake – cybercrime is big money and cybercriminals have all the latest tools like machine learning and AI.
2017-2018 was the year of ransomware. It’s still a huge threat, but things like the No More Ransom Project (and we are an Associate Partner) are helping to slow that down. We – the security industry – played catch up to help beat ransomware, and it is no longer as profitable for cybercriminals.
2018-2019 is the year of crypto-currency miners and nearly half of the top ten malware threats take over your PC, mobile or even IoT to mine cryptocurrency. Why? Because together huge botnets can make money for cybercriminals and you pay via your data, power and hardware overheads.
- ↔ XMRig – Open-source CPU mining software used for the mining process of the Monero cryptocurrency, and first seen in-the-wild on May 2017.
- ↑ Cryptoloot – Cryptominer, using the victim’s CPU or GPU power and existing resources for cryptomining – adding transactions to the blockchain and releasing new currency. It is a competitor to Coinhive, trying to pull the rug under it by asking a smaller percentage of revenue from websites.
The other threats focus setting up spam servers, adware, stealing data etc.
Remember personal data is gold and goes into your profile on the Dark Web to help with Identity Theft or AI-driven spear phishing.
- ↔ Emotet – Advanced, self-propagate and modular Trojan. Emotet once used to employ as a banking Trojan and recently is used as a distributor to other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. Also, it can spread through phishing spam emails containing malicious attachments or links.
- ↔ Nivdort – Multipurpose bot, also known as Bayrob, that is used to collect passwords, modify system settings and download additional malware. It is usually spread via spam emails with the recipient address encoded in the binary, thus making each file unique.
- ↔ Dorkbot – IRC-based Worm designed to allow remote code execution by its operator, as well as the download of additional malware to the infected system.
- ↑ Lokibot– Lokibot is an Info Stealer distributed mainly by phishing emails, and is used to steal various data such as email credentials, as well as passwords to CryptoCoin wallets and FTP servers.
- ↑ Gandcrab- GandCrab is ransomware distributed via the RIG and GrandSoft Exploit Kits, as well as email spam. The ransomware uses an affiliates program, with those joining the program paying 30%-40% of the ransom revenues to the GandCrab author. In return, affiliates get a full-featured web panel and technical support.
- ↓ Ramnit– Banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.
GG: OK the hoary old question – PC or Mac?
Mac desktop/laptop market share is static at around 9%. Linux is about 2% and Windows about 88%. Cybercriminals go after the money, so it makes sense to go after Windows.
But macOS is not safe as our Malware Pedia shows. While there is nowhere near as much Mac malware, it is more sophisticated to get around Mac’s native defences. If you use Mac read the Mac Malware Pedia link above and get some protection NOW.
iOS is not as safe either. We say that Apple’s lower volume – around 12% worldwide versus Android at 88% makes Android the sensible target – we call it the ‘Perils of popularity’. Read our take on this, Taking a bite from Apple’s iOS myth and note that using an iPhone without protection is madness.
GG: What phone do you use?
I am a security evangelist, and I use Android Oreo. Android Pie is even better, and Google is doing an excellent job in securing the operating system.
But remember that the always-connected word means that cybercriminals view all mobile devices as a) a gold mine for what is on them and b) a way into the corporate or home network.
Mobile security is now in its fifth-generation, and Check Point has a slightly different slant on that. We call it SandBlast 3.0 – a cloud-based solution that works on Android and iPhone devices and protects from malware, man-in-the-middle attacks over cellular, and Wi-Fi networks, OS exploits, and phishing attacks. It has the highest threat catch rate on the market.
It is for enterprise use at present but will migrate to consumer use soon.
GG: IoT threats are always popular
Let’s get back to basics. The Internet is a wide area network (WAN), and the home or business network is a local area network (LAN). Both work together via IP (Internet protocol).
When you’re on the internet, which everybody is, everybody is fair game, so we have to be aware of that.
Australians have a reputation for being early adopters and heavy consumers of technology. There are estimates of 20.4 billion Internet of Things (IoT) devices by 2020. Securing these devices must be a priority, given that IoT presents a future that is very difficult to secure.
He said it’s important for everyone involved, including designers, manufacturers, retailers, and consumers, to be aware of the security risks.
A cybercriminal has malware that roams the WAN that wants to get into the LAN. Automated botnets attack routers, IoT, security cameras, anything with a known vulnerability. IoT, especially older IoT does not have security in mind – many still use default passwords like Admin/Admin. Most do not have security patches.
Or you have remote access enabled to get into local storage, security camera or alarm system.
Once in they can roam the LAN looking for gold in the data, send junk email, be part of botnets DDOS attacks and more.
GG: What about the emerging cybercriminal industry in Asia and elsewhere.
Wherever labour is cheap, you will see an emerging cybercriminal industry that uses tools from the Dark Web and to go after the low hanging fruit. Things like working on Collection #1-5 data breaches, attacking old unpatched vulnerabilities, spear phishing and ransomware. The thing is that it does not take too many successes to fund their expansion and some of the tools are now homegrown.
There is a huge industry now in targeting high net worth individuals. There are attack farms in places like South East Asia and Africa that specialise in this. They use machine learning and AI to deliver highly targeted spear phishing. It may purport to come from the local gym, post office, supermarket or newsagent. They may employ dumpster divers to go after gold in your bin, steal from your mailbox or follow your movements around the suburb. Yes, its beginning to happen in Australia.
GG: So, how paranoid do you need to be to survive?
The average person still has not connected the dots. For them, it is still convenience over security.
They are still the weak link be it using generic passwords, clicking on email links, not being suspicious enough of fake websites – I could go on. Cybercriminals will flourish until the world is paranoid enough to counter them.
GG: Five tips, please
- Use reputable paid anti-malware/virus/phishing/ID Theft on every device – free software does not cut it
- Use complex passwords or a password manager like the freemium Last Pass (the free version works for most of us)
- Implement multi-factor authentication everywhere – especially where money or valuable information is involved
- Don’t overshare on social media – it aids identity theft
- Think – look at emails and websites, and if the deal or offer is too good to be true it is
GG: Final words?
In the security industry, our greatest fear is complacency. Threats evolve quickly, and we need to do more than just respond. We must evolve faster!
And every threat is exacerbated by the proliferation of apps designed to help us by knowing more about us. Don’t give too much away.
And remember – for every horror story you hear about a friend being hacked – it could just as easily be you.