Recapping the GReAT AMA

[harlan4096]

Jeff’s favorite questions and answers from Kaspersky’s Global Research and Analysis Team’s recent Reddit AMA session.

When your company hosts an AMA on Reddit, you have to be ready for all possibilities. About four years ago, we were a bit apprehensive heading into our Global Research and Analysis Team (GReAT)’s first AMA and then the one with Eugene Kaspersky — but like Boy Scouts, we prepared. And despite the expected trolls (more on them in a bit), both events went off without a hitch for the most part.

You know, working with a global team and getting everyone on the same page was challenging even before COVID. Nevertheless, it had been a while, and we wanted to get the gang — plus a few more — back together.

Yesterday, we logged on to a virtual room for the AMA with Costin Raiu, Vitaly Kamluk, Brian Bartholomew, Noushin Shabab, Aseel Kayal, Ivan Kwiatkowski, Maria Namestnikova, Dmitry Bestuzhev, Ariel Jungheit, Dan Demeter, Igor Kuznetsov, and Kurt Baumgartner to kick off our second Reddit AMA. The event was slated to last 2 hours, but the team had so much fun, it lasted almost three times as long. Below are some of my favorite question threads of the chat.

What’s up with Antidrone?

I was glad to see the recent news of our antidrone technology caught some Reddit users’ eyes. The question and answer were pretty good.

There was a story recently about a “drone detector” originating from Kaspersky. Is that really a threat for some orgs, or is this primarily a Russian hobby?

Maria here: My neighbor has a drone, and he is Russian. So maybe it’s a Russian hobby, I don’t know. But a drone is, in many cases, just a flying camera that can make photos of anything the owner wants, be it what’s inside someone’s house or in the office, say on the monitors of the computers. So it seems there is something to worry about.

Brian here: Drones are definitely a threat to many organizations. For instance, prisons in the US are using anti-drone technology to help prevent the smuggling of contraband. The tech is also used in many public spaces, such as sporting events, large crowd gatherings, etc. for protection and monitoring. Some organizations are also concerned with corporate espionage through the use of drones.

How to learn YARA

As many a reader of this blog knows, YARA is a crucial tool for our research team as well as for many other threat hunters around the world. I’m glad to see people becoming interested in using it professionally.

I was hoping to learn Yara, but before doing that, what prerequisites should I be aware of? Do I need to know assembly, C & reverse engineering? My background is in network security.

Costin here: Yara’s syntax and strings are similar to C, so that would be a good start. General knowledge of reverse engineering helps, although we know many people who write Yara rules without ever having reversed any samples! A general feel of how malware looks like, how malware works and things like file formats is probably a good start. In case you haven’t seen it yet, do check out this short webinar I did on Yara back in March: https://securelist.com/hunting-apts-with-yara/96386/

PS: Our PR and sales are kindly asking me to try to sell you this training Some people say it’s pretty good actually: https://xtraining.kaspersky.com/

Vitaly here: To add to what Costin said and give him some credits, please watch this short presentation written entirely in Yara about Costin using Yara to catch 0-days: https://www.youtube.com/watch?v=fbidgtOXvc0

In essence, those skills are not required, but the more you know the more tools you have to create your own perfect Yara rule!

How to start working in the field

I was psyched to see a number of questions about how to get into the cybersecurity field. This on stood out in particular and is one that gives me positive feelings for the future.

Do you have any idea how can I get remote job as Malware Analyst? is such position exist?

I’m 17 y/o; have read famous book in subject; currently reversing malware that I had access to (gootkit, remcos, netwalker, …) and reading Advanced Binary DeObfuscation Material

Ivan here: If you’re reversing those samples at 17 years old, I have the feeling that finding a job will not be an issue Just keep doing what you’re doing and companies will be fighting for your services in no time!

Maria here: I totally agree with Ivan Just today we’ve hired an intern who is 18 and who is reversing samples and is really interested in the cybersecurity topic just like you are. So There is a way to start your career path really soon and even working remotely. Gogogo!

Good ol’ trolling

Of course, we expected some challenges, and sure enough, Reddit came through. Some people still cannot get over the false narrative that Kaspersky is run by the Russian Federation — seriously, that joke is old. Our folks replied in earnest, but it seemed that people wanted to dish it out, not take it. Come on — it’s Reddit!

Still working for the Russian government?

Costin here: Of course! From the banya, when we are not riding bears to the beach. We also run a chocolate factory 6 miles north of the Kremlin

Ariel here: If it ain’t broken, don’t fix it.

Ivan here: I’ve been trying for years, but as a French citizen they just won’t let me.

Brian here: Secretly for the Americans, with the Russians

Dan here: Privet!

At least some people got our point.
...

Continue Reading