At the Kaspersky Cyber Security Weekend at Siam Reap, Cambodia last week, the team at The Tech Revolutionist managed to conduct an interview with both Wayne Lee, Junior Security Researcher and Seongsu Park, Senior Security Researcher.
It was a valuable and insightful interview whereby we get to learn more about what the GReAT team are doing to keep us safe from this cyber war and get to know them personally a little more.
Lee is a Junior Security Researcher whereby he focuses on finding interesting objects relating to APT campaign, finding samples, performing attributions and documenting his findings. He also performs network analysis and digital forensic.
Park is a Senior Security Researcher and he’s a threat hunter in the cyber world where he is responsible for looking into emerging cyber threats and tracking notorious threat actor’s activities.
With the never-ending attacks in the cyberworld, we asked Lee and Park about their opinions on the trends from a security researcher perspective.
“Spear phishing is getting common where the attackers perform social engineering, crafting out very targeted document to lure the victim.”, said Lee as he explained the danger if the victim clicks on the document. He also mentioned that a lot of people thinks that administrator privileges are required to gain system control but that is not the case. Privilege escalation is possible even without administrator rights he warned. “But some malwares are there to exfiltrate information” he added. “This information includes password, credit card details etc. Keyloggers are out there for a long time and there are many different types of keyloggers. Software and hardware, some don’t even require administrative privileges to run”. To keep ourselves safe it is best to use an anti-virus software to scan the document before opening it.
Park shared his opinion on the current trends in the cyber security world stating that cyber criminals are evolving. They are always following the latest technologies (Blockchain technology and cryptocurrencies), using sophisticated attacks targeting many regions and companies. We can see that the cyber criminals are investing a lot to keep themselves ahead.
As every job has its difficulties, we asked Lee and Park about the challenges they face in this niche job of theirs. Both Lee and Park agreed that threat hunting is difficult. Being able to diagnose the correct attribution of an attack is sometimes very tricky. An attacker may use source codes of another attacker to trick threat hunters. “One’s tools of tricks and skillset” is very important, Lee said while explaining the importance of staying on the edge to keep updated on new implementations and learn continuously.
Lee never expected he would end up in the GReAT team as he shared with us his journey. When he was young, he was fascinated with calculators. The instantaneous result the calculated provided ignited his curiosity. He started to search and read. Eventually finding out that the magic all starts from the CPU.
Lee interest steered towards the lower level side of computers. “In order to cut down a few milliseconds in a robotic competition, I had to code in C.” he said as he shared about his past experiences in robotics during his school days. He added that he “had never imagined myself in the working cyber security field”. It was only when his university sent an email stating that Kaspersky wanted to train malware researchers and a criterion was having some experience in reverse engineering. That was when he thought he would give it a shot. He applied, and one thing led on to another and here he is now. The training that he went through heavily dependent on sharing opinion and getting critique from his mentor while he slowly improves through a lot of hands-on projects. “No pain no gain” he quoted.
Park also shared an interesting incident that happened in the past. Park used to work in a game company and as game companies usually contain a lot of customer personal information, it is a target for cyber criminals. He remembered that it was like a cat and mouse game then when he would analyze and setup defense measures whenever an attack has taken place. Even though it is impossible to detect and prevent 100% of all attacks, the solution he shared was to minimize the attack duration and come to a resolution in the shortest amount of time.
It was stressful but wanting to know root cause of the attack was what kept him going.
With aspiring security researchers in mind, we concluded the interview asking Lee and Park what resources helped them learn and keep updated with the perpetual evolution in the cyber world.
Lee shared that Youtube helped him a lot, followed by Reddit, Forums and his colleagues. He also recommends the book “Practical Malware Analysis” which is a starting point for beginners.
Park on the other hand feels that practical technique is more important than grades. He added that more importance is put into the research and techniques used in a malware research report.
We would like to thank Kaspersky Lab for inviting the team to participate in their annual cyber security weekend and provide the opportunity to meet the GReAT team.