Live on the Infosecurity Magazine stand (#4222) at RSA 2017 at the Moscone Center in San Francisco, Infosecurity Magazine interviewed James Lyne, head of security research at Sophos.
Infosecurity Magazine: As is often the case at conferences and shows you’re hosting some live security demos this week for visitors to enjoy, can you tell me a little bit about the demos you’re running?
James Lyne: There’s a litany of demonstrations which, so far, have gone really well. We started off with some dissembling of de-bugging; showing how to unpick applications, which is quite a technical process. Also, things like patching and understanding how companies like Microsoft patch things. The bit that I’m really excited about is the talk that I’m doing tomorrow. I’m doing a lot of research on ransomware, of course the most loved campaign of cyber-criminals over the last 12 months, and looking at how they’ve been optimizing their technical and business operations, how to do crypto better, improving their payment channels, but also poking fun at some of the things they got wrong that give us the opportunity to go on the offensive and undo the damage.
Infosecurity Magazine: I’ve been lucky enough to see some of your demos in the past, they’re really great and it’s obviously something you enjoy doing, what is it about demos that you enjoy so much and why are they so much fun?
James Lyne: I often think I’m standing on stage having more fun than most of the audience! I like making things real. It’s all well and good saying ‘ransomware is scary, the internet of things is broken, be afraid’, but when we can get to specificity, look at an example and unpick what’s good about it and try and show people for themselves how something works, I think it makes it all the more tangible and more likely to inspire new ideas about how security should be done.
Infosecurity Magazine: What’s been your favorite security demo so far?
James Lyne: That’s difficult! I have to say it’s a draw between one of the ransomware samples I looked at which was filled with errors but still very effective. One of the things I find amazing about it is they hardcoded the password they used to encrypt all of their victim’s data with malware, it’s trivial to find. My other favorite one was a CCTV camera/IoT device unpicking. That is fascinating to me because the root password you can use to control the whole system is inadvertently the same on every one of their cameras worldwide, it’s like going back to the days when I was a teenager; old tools becoming useful again, it shouldn’t be a thing in 2016.
Infosecurity Magazine: Reflecting on your recent research, what are you seeing regarding the current threat landscape this year?
James Lyne: Cyber-criminals are more competent, cyber-criminals are better at operating as businesses and at sharing information. We will be seeing a lot more ransomware and a lot more high-quality threats. Yet, although a lot of security professionals are always saying ‘everything is getting worse’, what I will say that’s good is a lot of the platforms that are targeted have done a good job of introducing more resilience into those platforms than ever before. Entire categories of bugs are being thwarted and I’m excited that the security industry is using a lot of new innovation.
Infosecurity Magazine: Lastly, if you could host one security demo in the future, what would it be?
James Lyne: I did a presentation two years ago where I had 10 IoT devices in less than 45 minutes, it was live and the most nerve-wracking thing I’ve done. I would like to do the same thing with the IoT devices we have now, except I’d like to do 20 of them in an hour at something like RSA with a big audience.