Who is SophosLabs: Numaan Huq, Threat Researcher

Who is SophosLabs

SophosLabs is at the center of Sophos. It’s the place where highly skilled experts in the field work round the clock to build protection from the latest threats.

But who works there?

In the first of this series, we’re talking to Numaan Huq, Senior Threat Researcher from SophosLabs Vancouver.

Numaan HuqI am originally from Dhaka, Bangladesh. I moved to Canada for school back in 2000.

I have a BSc (’04) and MSc (’09) in Computer Science from the University of Victoria (UVic) in Victoria, BC. My focus in my senior years and in grad school was on networks. My MSc project thesis entitled “Performance Analysis of Cascaded Policing System” was on network traffic shaping.

I’ve been an avid fan of fantasy novels since grade 7. I listen to whatever music fits my mood and my fancy – I don’t have a fascination for any particular genre.

I’m a big fan of soccer and Formula 1 racing. I’m currently harboring a dream of going mountaineering and am targeting a climb of Mount Rainier (elevation 14,410 feet) in Washington State next year. But first I need to whip myself into shape.

I can’t live without my internet enabled phone.

My friends say I cook tasty food, but then maybe they’re just happy getting a free meal. They sing songs about my deeds so I invite them again.

I did an internship where I worked on programming Voice over IP (VoIP) phones. Part of my responsibility included pen-testing the VoIP phones to see if we could get root access to the device.

When I was looking for employment, the job at Sophos seemed like a natural extension of my experience. It also helped that it was in the same city I was living in!

My specialty within the Labs is on APTs (advanced persistent threats), web threats and vulnerabilities. I am co-author of a paper titled “Trapping unknown malware in a context web” which has been accepted to the VB2013 conference in Berlin this October.

Currently I’m conducting research on malware that targets point of sale (PoS) systems.

I am also the SophosLabs contact for Microsoft’s MAPP and I coordinate and contribute to SophosLabs’ Patch Tuesday processing. My other interests include OS architecture and encryption algorithms.

The best thing about my work is definitely the team. We have a set of very talented and hardworking people here in Canada who truly believe that we can do things better, while at the same time making a difference. That attitude rubs off on you quickly, and it motivates me.

I’ve had two super memorable moments in SophosLabs:

  1. When I wrote my first ever virus detection and disinfection, W32/Ngvck-U, back in August 2007. I worked very hard in analyzing the virus, figuring out how the infection routine worked and then writing and re-writing disinfection to meet the Labs standard. I felt very proud that day and it solidified my self confidence.
  2. I was asked to figure out the “attack graph” of an APT for a very important customer. All I had was a mess of packed, seemingly disjointed files, out of which I needed to build a complete picture. It took almost a week of intense reversing to try to connect the dots and decipher where the APT had come from, how it penetrated/propagated and finally what it attempted to mine. Again, it was a superbly satisfying exercise.

To me, the biggest threat in the next few years is APTs. Though it is a term much loved by the media, in reality it is a serious threat which will only mature. The threat vectors will get more complicated because the operating and eco systems are becoming more secure and dynamic all at once. This requires the creation of more complicated and innovative methods of exploitation.

Social engineering is as old as malware. There is a popular saying in SophosLabs: “The biggest vulnerability lies between the chair and the computer.”

The business of mass-produced malware generated using crime kits is in its infancy and I predict it will become more sophisticated and user-friendly, leading to an exponential increase in the volume of malware. I think new business models will emerge for malware, driven mostly by the latest technology trends of that period.

SophosLabsWhen giving security advice, I tend to tell people to run Macs. It’s not like OSX is bullet-proof, but their market share is small so they don’t make a lucrative target for malware authors. This is why we see so little malware for OSX.

If you’re tech-savvy, go ahead and run Linux.

My recommendations: Encrypt, encrypt, encrypt everything! Most modern operating systems have simple options to enable encryption. And always protect your mobile device with a strong password.

For security reading, I recommend Naked Security of course! And Virus Bulletin has a link to most of the popular computer security blogs.

If you’re trying to break into the security field – read lots. This is a dynamic place and following blogs and forums is a great way to get your head around the security space. Visit a couple of conferences to ‘meet and greet’ people in the industry.

A popular free conference is Security B-Sides and most major conferences have student registration prices. Attend a “dojo” or training session at one of these conferences; they are a bit pricey but extremely helpful.

In the future, I would definitely like to stay within the realms of computer security. In ten years I might transition from researcher to a management role but as they say, “Yesterday is history. Tomorrow is a mystery. Today is a gift.”

Want to know more about SophosLabs?

Check out our YouTube playlist, or read more here.