Vasily Dyagilev, Check Point Software Technologies - about incorrect pokemons, lost users' fingers and dangerous cryptomines

Vasily Dyagilev - IT Business Development Specialist, since 2013 heads up the Check Point Software office

Technologies in the CIS countries. Previously, he was responsible for selling Microsoft products to corporations and guided the development of the Kaspersky Lab partner network.

- How do Check Point Infinity products protect against targeted attacks, and what is the principle of their actions to protect corporate networks?

- The company has long been engaged indeveloping systems to prevent targeted attacks. Most products in their DNA have such a thing as working with new, unknown threats, and not just a signature analysis of what is already known. Solutions both analyze anomalies in incoming and outgoing traffic within the organization, and deal with the prevention of the very source of threats. For example, we have technologies under the general name SandBlast, which protect against phishing attacks. When a user downloads a file, SandBlast does not delay the document for checking in the sandbox, but allows the user to immediately receive a 100% secure copy. The system also analyzes the links and deactivates those that may be potentially dangerous.

Photo: Anton Karliner / Haytek

Another problem we solve is leakcorporate data. Very often, people register under one login and password in several systems, including using a corporate email account, for example, in social networks. By not using a corporate login and password to register or enter into a registration form on online resources, we protect the user from accidentally opening the data to attackers who may send phishing emails.

Essentially, Check Point Infinity - modelsecurity by subscription, in which a person instantly gets access to all our technologies and can use them depending on what tasks he performs in his network.

Clouds, Virtualization, and Hybrid Protection

- As for cloud data protection - how do your products work in this segment?

- We have a number of products that are designed forprotection during migration in the cloud. Let's be honest - at the moment there are no 100% of cloud companies, or companies that store everything only in the perimeter. All one way or another use cloud services for various tasks. Check Point's position here is absolutely simple - to provide the customer with the possibility of seamless integration of cloud technologies with the same level of protection. In fact, by raising a service in the cloud, you can apply the same security policies as in the local network, and thereby ensure the same level of security both in cloud applications and in the repositories, as well as within the enterprise.

Photo: Anton Karliner / Haytek

If we are talking about IaaS, then this is protectionvirtualization - virtual machines, storage, cloud configuration. In turn, SaaS is specialized protection tools, such as sandboxes for checking content for new threats, anti-phishing, and multifactor authentication. For example, to provide Microsoft 365 users with mail security precisely in its cloud version. In addition, thanks to the acquisition of Dome9, we have a solution for securing multi-cloud deployments in Amazon AWS, Microsoft Azure, and Google Cloud.

Dome9 technology allows auditingcloud instances and see how current security is ensured and apply the same security policies as for the local network. The direction is actively developing in Russia, we see a growing need from the business side, since the issue of scaling is quite acute.

The company has already begun to work out suchproposals for users of Russian cloud solutions, and we are in active dialogue on the introduction of such services for the largest Russian cloud providers.

- Is the protection against biometric attacks being developed, and how to deal with the invisible mask method?

- Biometrics are beginning to enter tightly enoughour life. In fact, this is only a certain method of user authentication within the information system. When you enter a username and password, the system understands that there is a certain user in front of it, and with the help of an identifier that is assigned to you, it further lets you through, gives you certain access rights within this system and so on.

So, biometrics is only the first step to the data. Entering the login and password, we replace the face, fingerprints, voice - up to the DNA of your body. The input of this data is verified with the identifier preserved inside the information system, a certain digital hash. Then everything is the same as what happens when you enter a username and password.


We do not work directly with biometrics, becausewe protect not the access, but the information system itself, the data that are in it. The question of how a user is defined within the network is another field.

However, the digital agent substitution caseuser authorization is becoming increasingly relevant, I think that in the near future more attention will be paid to this. On the one hand, biometric identification is very convenient: you do not need to remember multiple passwords, the combination of data is unique. On the other hand, it is not as reliable as it may seem at first glance. To unlock a smartphone with a Face ID, an attacker simply has to show the face of the owner. Moreover, there were criminal cases. In some countries, biometrics has been banned to identify a user with an ATM. Then fingerprints were used - and after several cases of chopping off fingers to steal money, they began to refuse this method of identification.

In addition, attackers can affectrecognition systems so that the system does not recognize the image correctly. One of the advanced methods is the invisible mask method, where an attacker uses infrared LEDs to trick the camera. IR radiation, invisible to the eye, affects video systems and causes an erroneous classification in the recognition system. In other words, there is a manipulation with the recognition system, and not with a person’s appearance.

Of course, the biometrics market is developing, and the issues of the legal use of certain systems will be solved. For us, the question of data protection remains paramount.

Football, Pokemon and fake applications

- What new applications for multi-level protection of mobile devices will appear this year?

- Along with clouds, mobile solutions -a priority. The number of mobile threats for both the Android platform and the iOS platform is growing at about the same pace as for classic PCs. We must understand that we are not carrying a phone in our pockets, but a full-fledged computer. And the information that is stored in it, sometimes much more interesting to attackers than on the PC. A smartphone can store a digital face, information about health, location, bank card data, contacts - and all this information can be very valuable for scammers. In addition, last year, crypto-miner attacks spread to mobile phones, and sometimes carried physical damage with them due to the heavy load on the operating system — for example, a battery exploded.

Threats are developed and directed to three mainthings: theft of personal and corporate data, the use of processor and memory resources and the creation of botnets. It is against these threats that Check Point solutions work.

First, the Capsule family protects data insmartphone inside the so-called container, which is used to store all corporate information. Thus, the solution separates the user and corporate parts on a personal device so that confidential information does not fall into the most vulnerable parts, for example, social networks.

The second is the SandBlast family, which, in fact,transfers to mobile devices the same logic that is used to protect personal computers. It ensures that the user does not install suspicious software, scans and detects compromised Wi-Fi networks, blocks access to suspicious applications and devices until the threat is resolved.

A vivid example: if you downloaded a flashlight application that hid the malware, the solution blocks online banking so that an attacker cannot get to your finances.

- How dangerous is malware when installing mobile applications, including through special shops? How can I set protection?

- Users are frivolous tomobile devices and installing apps. Giving this or that program access to internal processes - contacts, microphone, up to administrator rights, users do not think about the consequences.

For example, who frequently visits exhibitions, knows aboutapplications with the schedule and navigation of the exhibition. Such an application often requests access to contacts, a location, a microphone, so that you can communicate with other participants, share photos, set a geotag. To download the application, you need to scan the QR code - and no one thinks that someone can paste another one on this QR code, which will download the fake application that requests the same rights and steals data from your phone.

Photo: Anton Karliner / Haytek

The same happens with unpreparedusers who, at the peak of the popularity of a game (as it was with Pokemon Go) or events (FIFA World Cup) download fake apps masquerading as games, schedules and broadcasts. Such applications steal passwords, record conversations, steal SMS from a bank - and much more.

The risk here is much higher than that of users.corporate PCs. Usually, existing security policies in companies do not allow third-party programs to download and maintain strict controls. With mobile devices more difficult. Despite the fact that we use corporate mail on them or use documents, companies are afraid to restrict employees from using personal gadgets.

In terms of malicious applications, the platformAndroid is more vulnerable because it is very popular and allows you to download applications from informal stores. However, on iOS, you can also install third-party applications, for example, from corporate portals, where there may be a risk of substitution. In addition, there is a large body of people who are involved in the rutting of smartphones on the iOS platform, and they are equally at risk as Android users.

From the point of view of companies, you need to useMDM systems that distinguish between corporate and personal information. And if we talk about ordinary users, then security solutions from major manufacturers will be suitable, which protect against viruses and against the installation of unwanted content.

How to save the Internet from vacuum cleaners, coffee makers and crypto miners

- How serious are the so-called hidden crypto miners today? How to protect yourself from crypto tools?

- Last year, crypto miners entered monthlyin the top 3 most active threats. One of the most popular hidden mining platforms, Coinhive, was closed on March 8, but even during these eight days, the cryptominer attacked 23% of organizations around the world. I think this vector of attacks will evolve, the technology of hackers is already quite debugged. To extract a cryptocurrency you need a huge amount of computing resources. Where to get them? Only create a botnet, the total capacity of which will exceed all possible farms for the production of cryptocurrency. So, you download, at first glance, an innocuous application that after some time begins to download malicious modules for crypto-mining. All you can notice is that the smartphone is constantly under increased load, it is quickly discharged.

Botnets - networks from connected devices are created forIn order to use the power of the connected device for massive attacks on third-party resources. A vivid example is the Mirai botnet, which led DDoS attacks from vulnerable webcams and routers. He was used by a hacker who disconnected a whole country from the Internet — Liberia. With proper capacity, hackers are able to leave the country without electricity and communication, so the risks are very high.

The second way hackers have mastered in the pastyear, and, most likely, it will continue to evolve - the direct break-in cryptobirge. Since a huge number of cryptobirds are created without a proper level of security, since speed and convenience are in the foreground, for hackers, this is a short path to money. And the greater the growth of cryptocurrency, the higher the interest of hackers to this topic.

- What are botnets, and how not to be attacked?

- In the PC world, network structures with botnetslearned to fight well, because, in fact, it is the same malware. The situation on mobile devices is less controlled, and with other IoT devices, things are even worse. As we have said, mobile users are at risk because of neglecting the security rules and installing unreliable applications. Devices of the Internet of Things are not perceived by many at all as sources of threat. Connected devices, be it smart TV, smart vacuum cleaners or coffee makers, are initially created without regard to security requirements. For example, there is a manufacturer of Wi-Fi or Bluetooth chips, which builds them in a billion devices around the world: watches, cameras, drones, elevators and trains. Their software is very vulnerable, and if the hacker finds a way to take control of the chip, but he can take control of the entire system of devices. Either the software update of such devices is not provided, or no one does it.

Photo: Anton Karliner / Haytek

In a recent attack on Asus, hackers gotaccess to official update servers and tried to infect a huge number of Asus devices to create a botnet and gather information for a more serious attack. I would call it a breakdown of the pen, since the hackers wanted to understand how many devices they could control. Botnet - one of the main threats today. A botnet of 50 thousand devices once arranged a blackout in the Baltic States, a botnet of 200 thousand devices almost brought down the worldwide network. Now imagine a botnet the size of several million devices. The consequences of such an attack power can not be predicted.

Among security professionals anddevice manufacturers are actively debating how to protect the Internet of Things devices. One approach is the protection of each individual device, the introduction of so-called nanoagents, which are developed by large suppliers. Another approach is global cloud-level security. However, now there is no panacea for this threat.