Cybertalk with IT security expert Sorin Mustaca

By Ditsa Keren, 16/06/2016

vpnMentor: Can you tell us a little bit about your background in IT security?

I have been a team and product manager at Avira antivirus for many years, where I was in charge of developing some of the software's major components. About 1.5 years ago, I decided to establish my own IT security consultancy firm, where I offer corporations a vertical view of their exposure to cyber threats, while helping them to see "the bigger picture".

As part of my work, I have developed with my partners a cyber security management system that measures different aspects of security in corporations, giving recommendations that can then be integrated and implemented from within the organization.

vpnMentor: With so many new threats and with the fast development of hacking technologies, how can an anti-virus stay up to date and protect a company from being hacked?

Antivirus companies have a lot of potential because they protect the end user, but when it comes to larger businesses and corporations, the biggest concern is that cyber threats are getting stronger by the day, so no matter how eminent the AV software may be, it cannot provide full protection.

Some people believe AV companies are developing viruses to get richer-  they are incredibly wrong. AV companies have rules and regulations that don't allow them to do so, but moreover, they do not need to do it because there are so many viruses going around every day, that they have not even managed to overcome.

vpnMentor: What can you tell us about the recently emerging Ransomware encryption Malware attacks?

 That's a perfect example of what I was just talking about. Encryption malware (ransomware) are like an onion, with layers upon layers of compiled malware that antivirus software simply cannot detect. In fact, classic antivirus software would only detect the outer layer, which is in this case the archive or file attached to a malicious email. It would warn you not to open it, but if you already have, there wouldn't be much else an antivirus can do for you.

Ransomware comes as an archive in an email, and once downloaded, it will find the vulnerability of the system and exploit it to encrypt files or prevent the system from booting.

Next, it will start asking for ransom, either in money or in bitcoin, in return for the encrypted files.

vpnMentor: What defenses would you recommend in the case of a ransomware attack?

 You can remove the ransomware, but the files will remain encrypted. In such cases I would advise to never give them their ransom unless the files stolen are extremely valuable to you.

The worst thing people can do in such cases is to give away their credit card details, as those will quickly be sold to strangers and will continue to get charged. They're certainly not waiting for anyone's approval to do it.

For a team manager or an IT consultant, the best thing to do is educate the team to never open anything that looks suspicious or unfamiliar, and always backup their files. Otherwise, even the NSA would need a couple of years to recover ransomware- encrypted data.

vpnMentor: What can you tell us about the recent leak of over 32 million twitter accounts?

LeakedSource were the first to publish the story about it and have made a lot of noise in mass media. Personally, I feel something very suspicious is going on. There are a lot of things that don’t entirely match with the story. For instance, they say they got the account emails from various hackers, but by pure chance, they all have the same format. How is that at all possible?

According to LeakedSource, it was not Twitter that got hacked, but the users themselves.

If the opposite was true, would we even know about it?

Are LeakedSource saying the whole truth…?

And there is another issue here: Twitter wasn't the only social platform under attack. We know now that Linkedin, Tumbler and MySpace have also been hacked about 2-3 years ago, but it has only come to the press very recently, and again, the format of these files was exactly the same.

vpnMentor: Why do we only see these leaks now?

My guess is that a group of hackers, possibly from Russia, have managed to find vulnerabilities in some software and have used it to hack into these platforms. Their goal was to get ransom money in return for remaining silent, but for some reason, these companies refused to pay and now it's all over the media.

vpnMentor: Do you recognize a specific country from which the majority of hackers operate?

Not exactly. Attempting to categorize hackers via their IP addresses would likely yield deceptive results. Ultimately, cybercrime is a global issue and isn't confined to any specific nationality.

vpnMentor: Do you see any leakage of cyber technology between military intelligence organizations and the dark net? Can you give us some examples?

Not as far as I now, but if it is happening, they are probably putting a lot of effort into making it invisible. However, government officials do have information, which they either buy from hackers or receive from their own "white hackers" which they employ.

About a year ago we've heard about an official spying and monitoring agency in Italy, who got hacked by a team of hackers, which soon after threw all of their information out into the open web. The main clients of that company were government officials from various countries, and that alone was enough to result in great controversy. The main question at hand was: Where is the border between good and bad when it comes to hacking?

vpnMentor: What kind of new cyber threats can we expect to see in the near future?

 Over the next 2-5 years, we will see a whole new range of malware, all aiming for "the internet of things"- from smart watches, through phones and tablets to fridges, TV's and cars. These day to day devices will gather information from people without them even knowing it, and sell it to corporations.

You may ask yourself, why should anyone care about the info on my smart watch?

Well, some corporations would give anything to find out about your work-sleep habits, how many times a day you open your fridge and what do you take out of it, or where do you stop on your way home from work.

The problem about this type of malware is that nothing is regulated: everybody wants to put their hands on the data, but remain in the shade when it comes to public awareness.

In such cases, I expect cyber security to require 10 times more labor and costs.