Russians are the best hackers because of their country’s huge education effort starting in the 70s and 80s focusing on maths, engineering, programming, and technology.
“Besides what do you do if you have a chip on your shoulder and see everything is rosy in the USA – nuking computers is a good place to let off steam,” said Romanian based Bogdan Botezatu, Bitdefender’s Senior E-threat Analyst.
Botezatu and Global PR manager Andrei Taflan were in Australia to support their Australian country partner/distributor SMS eTechnologies for the launch of Bitdefender’s 2018 product. The crisp Sydney morning reminded them of how good we have it here.
“The company has come a long way from 1990 when Florin Talpes and his wife started a company building software for their partners. They found that Russian and Bulgarian hackers were somehow infecting their systems and software and started writing their own security solution for internal use in 1996. That became Bitdefender in 2001,” Taflan said.
{loadposition ray}
It is a fascinating story because Bitdefender is now rated as number one by several independent test labs. In part that is because of Romania’s proximity to Russia, Ukraine, and Bulgaria that all underwent massive political, social and economic upheaval resulting in a strong survival ethos.
“Hackers are motivated by a lack of opportunity in economically struggling Russia, not so much they see it as a crime, but a business,” Taflan said.
Bitdefender has adopted the “Dacian Draco” - a dragon with open wolf-like jaws.
Taflan continued, “We continue to carry the standard of our Dacian ancestors as a symbol of courage, determination, and victory in our fight against online threats. A trade of brilliance, data security is an industry where only the clearest view, the sharpest mind, and the deepest insight can win — a game with zero margins of error.”
“Our job is to win every single time, one thousand times out of one thousand, and one million times out of one million. And we do. We outsmart the industry not only by maintaining the clearest view, the sharpest mind, and the deepest insight but by staying one step ahead of everybody else – be they black hats or fellow security experts,” Botezatu added.
The remainder is a combination of Botezatu’s and Taflan’s comments.
OK, I get the picture – you see this as a fight, good versus evil?
Yes, we fight, we take it personally, and we win. The Russian cybercrime market has undergone a dynamic transition moving away from a chaotic bunch of hackers to a highly organised, extremely well-funded and resourced, cybercrime world. That is not to say that other country’s hackers are less dangerous but they tend to focus on regions that speak their own languages.
Hackers get most of their money from banking, phishing and ransomware scams, that seek to get access to your passwords, bank and credit card accounts, and social security numbers. To be successful today means you need greater social engineering and that means local knowledge. If you get an email from a café you frequented you are more likely to open it and click on its new menu attachment.
We use feedback from our 500 million users in over 100 countries, cleverly use machine learning to identify departures from good behaviour, and in seconds can not only block the machine under attack but block every machine we protect. We must because we are a minnow – only 1300 employees and most of those are technical and engineering-focused. We have over 50 patents related to security technologies, including machine learning.
I noticed that AV-Test you scored 100% for protection against zero-day malware, web, email threats and against the latest malware discovered over the past month with no false positives. You scored the top score in protection, performance, and usability for Windows, MacOS and Android. What about the enterprise Windows arena?
Yes, we protect that too and we did get the top score for endpoint protection, performance and usability there too. But enterprise is different to home users.
There are issues like virtual machines (Hypervisor Introspection) and we have developed an entirely new agentless security layer which malware cannot compromise or evade – through raw memory introspection directly at the hypervisor level.
Then management is an issue. We offer system administrators GravityZone, a single pane of glass to look at comprehensive protection for desktops, servers, and mobile devices plus security and antispam for Exchange mailboxes.
Bitdefender licences a lot of its technology to other cyber security companies. Why?
We cannot mention all names but we can say that we offer SDK integration, re-branding (white label) and bundling to some of the biggest names in OEM PC and security. It is not just about our anti-virus engine but almost all Bitdefender technologies have been licensed by everyone. On the enterprise side, we integrate with MSP consoles such as Kaseya, or LabTech.
And we have technology alliances with VMware, Nutanix, Intel, Citrix, Amazon Web Services, and as a Microsoft ISV.
Why have you been successful?
I think it has been because we always try to stay ahead of the curve. Despite all the marketing hype of competitors many still use on-machine, endpoint protection, they still use signature-based detection, blacklisting, and technologies that have been around for years.
We introduced behavioural analysis over 10 years ago, moved entirely to a cloud-based product over five years ago and that is paying off big time – over 300 unique malware samples are discovered every minute and providing threat intelligence to customers at this pace is extremely challenging.
Can I liken our industry to F1 racing where all cars have the same chassis, brakes, engine specifications, etc? The tuning and driver are really the only difference to extract winning performance. The AV industry is a lot like that and we are a disruptor, the new kid on the block with 16 years history, a small thorn in the side of the big guys. We simply got there earlier.
We are a smaller, leaner, smarter company and we have adopted very high levels of machine learning to handle the volume of threats. To give just one example of how proactive these technologies are, I’ll mention WannaCry. We identified WannaCry in its moment zero with a machine learning model trained four years ago for a different family of ransomware.
Having said how good we are – the problem is that we prefer to invest the bulk of our money in research and development rather than in marketing.
Our success comes from making a better product. What we find is that consumers and enterprise buy Bitdefender using their head – you know it is better - not their wallet because we sell the product at its real value rather than dumping it like the big guys do.
You mentioned behavioural analysis – what others call AI?
Our secret is that we use a system of penalty points – if a program trying to perform a series modifications to the operating system that might or might not be malicious we assign it penalty points and we suspend the specific process as soon as it reaches the dangerous threshold.
But the cyber criminals use machine learning too – more to see where systems and security software is vulnerable. It is a cat and mouse game and the mice are getting smarter.
But the weakest link is still the human factor. It is the human that does not conduct good computer hygiene (install patches and updates), that clicks on malware, that visits dodgy websites, that falls for phishing. Frankly, a lot of exploits would be obsolete if humans played nicely with the computer.
Is Australia a different market?
Small business here, by sheer volume, is the hackers target. They are the ones that cannot afford to keep PCs up to date, can’t afford IT support, don’t effectively back-up if at all, and are using old versions of the software. That is typical – do I spend money on IT and security or spend it to make money?
What we see is that 45% of small business ransomware victims pay up simply to get their data back again. This is bad because it encourages cyber-crooks to focus on developing malware that converts.
But what works against us most is that we speak English and that enables most hackers to “localise” the appeals that get phishing emails read. China and Brazil are challenging Russia for hacker supremacy but English is not even their second language.
What are the key messages you want to leave iTWire readers with?
- Cyber space is a very dangerous place. Threats evolve, not devolve as evidenced by our identifying over 300 unique threats a minute.
- Go back to basics and look closely at what you are buying – then use you head instead of buying a so-called bargain.
- Any endpoint – mobile, IoT, computer - can be the entry point to the corporate or home network and cloud-based behavioural analysis and protection is proven more effective than signature-based
- As per point 3 know your boundaries – a company may have data on devices, offices, clouds, on-premise etc. It all needs to be protected.
- Be aware of the “kill chain”. A hacker uses LinkedIn to get your details, works out a socially engineered strategy, phishes, gets in, gets information, and then targets colleagues using your profile. It is time to stop sharing so much online especially if you are a person of interest.
- People are still the weakest link – this won’t happen to me is wishful thinking.
- You see a doctor when you are in pain but in cyber security, if you are in pain it is too late. Look for the best in class to prevent pain.
- Spending money on security solutions is only part of the spend – most will be spent in educating people to protect against their own gullibility.
- Don’t be reckless if you have any valuable information at all on your device – assess the risk because one day you are going to lose that valuable, irreplaceable information.
- In our case bigger is not better – work smarter not harder.
Header image courtesy of The Hacker News
