EXECUTIVE SUMMARY:
In this interview, join Aseel Kayal in discussing recent and emerging malware trends that could impact your choices, decisions and actions as a CxO.
Aseel Kayal is a malware analyst with the Check Point Research division of Check Point Software Technologies. She joined the company as a security analyst in 2016. She received her Bachelor’s degree in computer science and English literature, and speaks Arabic, Hebrew and English. Aseel’s research mainly focuses on threat groups and cyber attacks in the Middle East. She has presented her work at security conferences such as Virus Bulletin, Chaos Communication Congress, Botconf, and TheSASCon and is regarded as an expert in the field.
Late last year, as a malware analyst for Check Point Software, you discovered that the Egyptian military is conducting cyber espionage on political dissidents. Can you tell us a bit about this research, and its implications?
The research began with an investigation of a state-sponsored cyber attack that took advantage of third-party applications. Misconfigured servers used by the attackers allowed us to gain insights into the inner workings of their activities, to discover malicious mobile applications that the attackers were developing, and to eventually find out where they might be operating from. After the research was published, the attackers took the entire infrastructure down.
Have any of the software applications used in this attack been seen elsewhere (governments, corporations)? Is there any reason for corporate executives to worry about its use?
The malicious artifacts were unique to this operation, but we have seen similar techniques being used by different threat actors in the past. For example, the notorious Ocean Lotus threat group also used third-party phishing apps for digital surveillance of their victims.
When business leaders download apps, and a page pops up with a privacy agreement, or other info, are there any common keywords or phrases that they should scan for to alert them that the app might be malicious?
Warning signs business leaders can look out for when downloading applications include requests for access to sensitive permissions (camera, microphone, location access, etc.), which are unnecessary for the services that the app provides. Repeated attempts or requests to download an application are also considered suspicious. Lastly, generic phrasing or grammatical mistakes in e-mails or SMS can indicate that the source of that message is suspicious.
Tell us about a current malware campaign that CISOs will want to be aware of.
A recent investigation by the Check Point Research mobile security team showed how a malicious application made its way to 75% of a multi-national employer’s mobile devices via the company’s compromised Mobile Device Manager (MDM) server. This is especially dangerous because it allowed the attackers access to many devices through the compromise of one server, eventually exposing credentials and causing more corporate damage.
What’s your take on the potential for malware visualization systems?
Malware visualization is interesting, but not entirely new. Karsten Hahn released the PortEx tool enabling the visual analysis of executable files back in 2014. While combining such visualization with machine learning is an interesting take, such an approach can have its own flaws. For example, many of the malicious executables used by attackers are usually packed, and those packers will look the same when visualized, but in truth will deliver different payloads.
What policies, practices, or types of products would you recommend to defend against the latest malware threats?
My first recommendation is always raising user awareness for potential threats, as user awareness and system protections complement each other. I would also recommend for users to have a security solution, such as SandBlast Mobile installed on their mobile devices, considering how integral those devices are and the large amount of sensitive data usually stored on them.
For more information on the latest malware threats, visit Check Point Research.
