Trustlook Releases a Vaccine to the Wannacry Attack
2 weeks after its outbreak, the Wannacry attack is still taking victims, blackmailing some of the largest data centers in the world, including banks, governments and global institutions. We spoke to Trustlook CEO Allan Zhang to hear about their latest solution to the WannaCry cyber attack and their general approach to cyber security. Share
Please provide some background on Trustlook.
Trustlook has been around since 2013. We started as a consumer-facing organization, with apps for mobile security, cleaning cached files and backing up programs for the Android platform. We're still doing that.
However, 2 years ago we transitioned to an Enterprise focus, with China and the US being our 2 top target markets. We enable mobile apps and device manufacturers to embed our security engine. For example, Huawei, the #3 device maker in the world, uses Trustlook’s security engine in all of their phones distributed in China.
At our core, we are a security company who prides itself on improving the technology of our products, which is why we focus extensively on Artificial Intelligence (AI) as the foundation for all of our security products. We’re also a place with a lot of malware researchers who are constantly investigating and stopping the latest attacks.
For instance, after the recent WannaCry ransomware attack, we worked for two straight days to develop a scanner and vaccine toolkit for Windows users who wish to avoid being infected.
That's one of the core strengths of our company- getting to the bottom of outbreaks and responding quickly to provide adequate solutions.
How can AI be used to enhance cybersecurity?
AI is without question the future of cybersecurity. There are too many threats, too many connected devices, and not enough manpower to keep computers safe without using machine learning and artificial intelligence.
As humans, there is only so much we can do to stay ahead of attacks. Naturally, computing power is growing quickly and the amount of data is far beyond what we are capable of utilizing manually. We use an AI engine to process the data we receive every day and improve upon it.
Humans can look at 1-10 samples of data every day, but a machine can look at hundreds or thousands. They can quickly predict how malicious a sample is, so the only thing left to do is reverse the malware.
Once malware is identified, we let it run by itself so we can track and monitor its behavior. It might open a file or registry, send an SMS to a bank, or make a phone call. Anything suspicious or out of the regular pattern of behavior will be flagged and stopped by our AI engine.
Our AI-security engine can also complement traditional antivirus and firewall technologies still used by many network providers, Today, these legacy systems need to be constantly updated But with AI, the model continually learns and improves resulting in a high level of accuracy that keeps improving over time.
In your opinion, what's led us to the WannaCry attack. Could it have been predicted?
There is a general user apathy with regards to patching their systems. Humans seem to be the weakest link in the chain of protection. If all Windows users knew this attack was coming, we wouldn’t be in this situation. That being said, the nature of cyber says attackers will always be a step ahead, so it’s understood in security circles that it's always going to be a challenge to predict and prevent these outbreaks. In China alone there were 2000 computers infected with WannaCry in just the first hour.
Numerous security firms have been investigating remedies for WannaCry. We swiftly deployed our scanning and vaccination toolkit as promptly as possible.
What can you tell us about your solution to the Wannacry attack?
The scanner is perfect for large organizations with hundreds of computers who simply want to know which ones are infected. The scanner will quickly scan the entire network and locate the worm.
The vaccine will prevent unharmed Windows computers from becoming infected. It is a very light weight tool that is operated with just a click of a button- no need to reboot your computer like with some other security tools.
There are currently many companies using the scanner and vaccine. We've been updating it and it's currently being tested by a big company in the US with thousands of machines. Their Chief Information Security Officer (CISO) says that when the toolkit is applied, it simply works. For these companies, any downtime can cost serious money as well as a public relations problem.
It might still be impossible to decrypt files, but it lets people know if the virus is present and can prevent it from coming in if it hadn't already.
The users either choose to patch their systems, or use some kind of tool. The industry has 3 classic solutions:
- First is to find an antivirus solution.
- If you see the worm on your computer, it means all of your data is already encrypted.
- In order to stop the worm from spreading in your network, you need an advanced tool like ours.
With the third solution that we released, the worm cannot start normally. When you double click the tool we pass around hundreds of different ransomware, but none of them can work. That solution is also very lightweight.
Python users can modify our solution to make it work for their customers, to avoid a 10,000 computers timeout.
Who is your typical client?
We have products for consumers, app developers, OEMs, systems integrators, large enterprises, and more. Pretty much anyone looking to build security into an app or computing device can benefit from our AI security engine.
We have our roots on the consumer side, and proud to say that we have 75 million users across all of our apps. We also power the security for apps with user bases totaling more than 250 million.
But we now work with big OEM, such as Huawei and Qualcomm, who are implementing our AI security engine into their devices and chips.
We are also working with a number of traditional network security company who are interested in using our technology.
We're now looking at IOT as a big strategic level for us. Samsung is having a bad PR problem with their TV's being called a 'spy'. They are looking for companies like ours that can help them build a better reputation and make their products more secure.