Tales of a SophosLabs intern

Check your help

Julian BhardwajHello, I’m Julian, a student studying discrete mathematics at the University of Warwick, and I have been working as a SophosLabs intern for the last two months.

(In case you don’t know, discrete mathematics is a fascinating discipline of mathematics and computer science, not a type of secret maths which is done in darkened rooms and not spoken of!)

I was offered this opportunity following my involvement in the Cyber Security Challenge UK – a series of online and face-to-face competitions provided by industry sponsors which aims to attract more talented people into the cyber security profession.

The Challenge was a wonderful opportunity to both experience and enjoy the competitions, as well as learn more about the rapidly expanding security industry and the big players within it. I have to admit, before competing in the Challenge I’d never heard of Sophos before!

Naked Security readers will be no stranger to the critical importance of good security in today’s society. Whether it be from targeted attacks against big corporations, or rampant zero-day exploits against home users, security (or lack of!) is a big concern to us all.

There are some very talented security experts who I have had the pleasure of working with here at Sophos, but the industry needs more people like these and that’s why initiatives like the Cyber Security Challenge UK are so valuable.

Simply put, the days of spotty teenagers sitting in their rooms hacking for “for the lols” are over. Cyber criminals are now professional and business minded – now is the time for a new generation of upcoming professionals to join the fight against cybercrime. I’m still a spotty teenager, but I’m sitting in an office wearing a shirt and tie (well, the tie part was true for day one at least!).

Cyber Security ChallengePeople always ask me, how did you learn to hack? (Because *hacking* is the first thing that comes to mind when I try to explain my interests to friends.) The truth is, I had very little experience of computer security, hacking or otherwise, before my involvement with the Challenge and Sophos this year. Academic study (and curious Google searches) only gets you so far!

Besides, what most people consider as hacking is very different to what computer security actually entails. There are no legitimate jobs for “hackers” in the traditional sense.

So on arrival at Sophos on my first day, the main question at the forefront of my mind was “What do anti-virus companies actually do?!” So many of us rely on anti-virus to keep us safe online with little understanding of how this is actually accomplished.

After two months of attempting to contribute to this effort myself, I now really appreciate how hard it is. I am told that SophosLabs sees over 200,000 new malware samples every day. It gives me a headache just thinking about how many bytes of code that is to analyse before I even start to factor in the tsunami of spam messages the labs process each day!

I had previously imagined that spam would be a fairly easy problem to defeat with clever automation systems and had no idea of the continuous effort that’s required by skilled analysts to keep this beast at bay! This has also shown me the importance of reminding friends and family of the danger spam can pose, as I’ve seen how effectively malware can be distributed through unsolicited emails.

SophosLabsI have spent a good deal of my time here looking at a growing threat on the malware horizon: ransomware. Specifically, I have been analysing a particular family of file-encrypting ransomware which poses quite a problem for anti-virus vendors. The outcome of this analysis shows that it is no longer feasible to provide decryption tools for victims of this plight, as the cryptography employed by these ransomware families is highly sophisticated.

By either using public key crypto, or by generating random symmetric keys and transmitting these to a remote command-and-control server, it is possible (and fairly easy) for malware to irreversibly encrypt users’ documents, photos and music. This massively raises the stakes for Sophos and other vendors alike to detect and protect against these intimidating threats before the damage is done.

One approach would seem to be to redouble efforts to tackle the malware distribution networks, for example, by combating compromised websites that deliver drive-by download attacks.

Moreover, I feel that companies like Sophos need to refocus on developing behavioural analysis systems to be able to detect and block previously unseen malware based on what it is actually doing at runtime.

As the bad guys develop new tricks to ensnare their victims, the professionals fighting the plague of malware rise to the challenge.

The battle between malware authors and malware analysts continues, and I know which side I’d rather be on – the one with the steady paycheck and no chance of a jail sentence!