Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
To celebrate the 25th anniversary of Trustwave, we wanted to look back at how our profession has changed – specifically in regard to the evolution of threats, attacks and scams. As the leader of the renowned Trustwave SpiderLabs global security research team, Ziv Mador was the perfect person to interview for this topic. Find his full perspective below:
Q: How long have you been involved with cybersecurity?
Ziv: 24 years – soon to be 25! I joined the Microsoft R&D team in the summer of 1996. After I got my master’s degree, I started working on security related projects right away – so my entire career has really revolved around cybersecurity, although we didn’t use that term back then.
I started by joining a team that developed enterprise firewall products, then moved to Redmond and joined the Microsoft anti-malware team. That’s how I got exposed to this fascinating world of cybercrime – and I saw how upset organizations and people got as cybercriminals figured out how to exploit the early versions of Windows, which was being attacked by worms like Blaster, Slammer and Code Red. I was there when the famous Trustworthy Computing Memo was sent to all Microsoft employees, which really helped spur the development of the cybersecurity industry: looking for vulnerabilities, educating developers and collaborating with governments, developing testing standards, and all the many things we needed to figure out back then.
Q: What are some of the biggest security developments of the past 25 years, in your opinion?
Ziv: Well, let’s start with the cybercriminals, because they evolved first. Firms like Trustwave evolved in response, in a sense. 25 years ago, the biggest threats were spam, simple phishing and very simple malware. There were hardly any targeted attacks.
Even when people did develop malware, it really was kind of like the “garage workshop” version of malware – people were mostly trying to develop proofs of concept. If there was a vulnerability in Windows or other products, they wanted to develop code that would exploit it, but those exploits often were not reliable. Blaster used to crash so often that it was a warning sign of an infected computer. And because it was crashing so much, it was self-defeating.
The change in modern times is tremendous; malware currently is very reliable and very well constructed. Cybercriminals even distribute documents that show how to build malware. Cybercriminals now run robust and scalable operations for distributing malware and have figured out many ways to monetize their activities. It has become a very profitable illicit industry
Q: What’s the most memorable event you’ve been personally involved in?
Ziv: For me, it was the Conficker worm, from 2008. That was really a game-changer for the industry. I was part of the Microsoft team that responded to it. It’s not the only worm I’ve ever worked on, but the way the industry responded – and the potential that we all saw for something really bad to happen – was unique.
Conficker was the fastest spreading exploit ever, at the time. So, we created a working group, which included many security vendors from the industry, and we worked together on weekly and sometimes daily phone calls to discuss the malware and all of its evolutions. The exploit was using a Domain Generation Algorithm (DGA) to register a new domain every day – so the infected computers were constantly shifting to a new target, and that made it very hard to take down. But by working together we managed to decrypt the algorithm and started holding the URLs with registrars, so that when traffic was sent to those URLs, it was actually under our control. That helped us disrupt the botnets ability to do real harm, but also allowed us to collect telemetry. Eventually, the criminals completely abandoned the botnet.
Q: Over its history, what research items from Trustwave SpiderLabs do you think have been the most significant?
Ziv: We’ve had many accomplishments, and some really interesting findings. SpiderLabs grew organically from about 5 people in 2005, to over 250 people today, and our capabilities have grown tremendously. Some of our most significant accomplishments, in my mind, have been:
Learn more about the 25 year history of Trustwave and how we have become a global leader in threat detection and response.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.