Today’s cyber threats are very different from what they were 10 years ago. In fact, they are evolving every single day and the number of successful attacks against both individuals and organizations are growing rapidly.
When it comes to a single person, one can protect their devices with reliable antivirus software. However, securing an entire business network requires robust programs with scalable resources and impeccable malware detection technology.
So, today we talked with Hen Lamay, the Co-Founder and COO at Deceptive Bytes – a company that offers multi-stage protection – about the current cybersecurity landscape, the latest innovations in threat detection, and the best security measures.
How did it all begin? What has the journey been like for Deceptive Bytes?
Our story begins more than a decade ago. We are three brothers with various backgrounds who wanted to work together. Avi (the CTO and a cybersecurity expert), Sagi (the CEO and an experienced Sales & Project Manager), and I (the Senior Software Developer and a team leader on my record) talked about getting more experience so that one day we'd open a company together. But we didn’t have an idea back then. When the idea came up on how to prevent malware by using its own defenses and techniques against it, we did some research and decided to establish Deceptive Bytes.
Since we founded the company, we have helped various organizations to protect against different and devastating types of cyberattacks and got recognized by leading research firms like Gartner, CB Insights, and more. In addition to that, we secured our patent application last year which affirms our uniqueness in the endpoint protection and deception markets.
Can you introduce us to your deception platform? What technology do you use to stop threats in their tracks?
We provide our customers and partners with our Active Endpoint Deception platform which dynamically responds to attacks as they evolve and it changes their outcome. Our patented technology is built into our solution which creates deceptive information based on the current detected stage of compromise through the entire endpoint kill chain. This covers the evolving nature of the advanced threat landscape and sophisticated malware techniques, stopping all threats without relying on signatures, patterns, or the need for constant updates.
For our MSSP partners and large multinational organizations, we offer a multi-tenant platform to control multiple customers or subsidiaries under a single management console with our deception platform.
What security threats does a faulty endpoint security system pose? What’s the worst that can happen when a device is compromised?
Organizations and individuals can experience data exfiltration, encrypted files, or credential theft, which results in downtime, loss of money and reputation, and loss of customers and partners. This also results in damage to business continuity as they struggle to recover when a successful attack occurs.
The worst is of course the organization shutting down over a compromised device which leads to the entire environment being infected and rendered useless. It also always includes a high ransom demand from the attackers to avoid publishing any confidential materials and help recover encrypted files.
Have you noticed new threats emerge as a result of the recent global events?
Yes, we’re seeing an increase in the use of obfuscated WSF scripts inside encrypted zip files sent to organizations to gain access and conduct attacks. Usually, these scripts will be sent via email with an attachment, convincing the user to execute the script without realizing its malicious intentions. This is similar to more common attack vectors such as malicious documents running PowerShell or VBScript payloads, though in these cases the attackers continue to generate more obscure or modified versions to avoid being detected by traditional tools.
Share with us, what early signs indicate that there might be malware or viruses hiding in the company network?
There are different indicators of a malicious presence in the network, including but not limited to:
- An unusual internet traffic
- Sluggish computers or servers
- The appearance of unknown files
- Unusual processes on the endpoint that are sometimes running from temporary locations
- Machine background changes with ransom demands
All of the above-mentioned symptoms are strong indications that you might be compromised and should contact a professional IR team to investigate.
What are cybercriminals usually trying to gain by deploying malware?
It depends on the target. When it's a corporate or a large enterprise, threat actors prefer to employ ransomware attacks by first stealing data, including intellectual property and confidential information, and then encrypting the files to blackmail the target into paying millions of dollars.
SMBs and SMEs are usually targeted to conduct supply chain attacks. The attackers impersonate the SMB/SME to target its enterprise customers, governments, and their military agencies. They are usually targeted by nation-sponsored threat actors to gain useful intelligence on their adversaries and sometimes interfere with or even take down its infrastructure, such as an electric system, water, financial system, etc.
Of course, there are other factors and sometimes attackers will use different attacks or types of malware depending on their objective and mission.
In your opinion, what types of organizations should be more concerned about updating their cybersecurity posture?
Every organization should review its cybersecurity posture to make sure it can prevent, detect, and recover from a cyberattack that can cripple its operation and reduce the organization’s reputation among customers, employees, and partners.
Having said that, SMBs & SMEs should be more prone to update their security stack with more advanced security solutions as they’re perceived as an easier target and a successful attack can lead to a complete enterprise shutdown. Since there are many factors in choosing the proper defenses, we suggest organizations should consult with their security experts whether internal or external.
What security measures do you think are essential both for companies and individuals nowadays?
There are a lot of security measures to be taken seriously to avoid being a victim of a cyberattack. Here are some of our suggestions:
- Never download files from questionable sources and unknown email senders; Make sure the sender/source is known and reliable.
- Check files using proper tools, like VirusTotal, Sandbox Environment, or a virtual machine in case you’re not sure if it is malicious or not.
- Never open unknown or weird links from emails, SMS, WhatsApp, Messenger, and other platforms. This can lead to credential theft and account overtaking, including banking, social, or other.
The best advice we can give is: when in doubt, have no doubt and consult a security expert in the organization, technical colleague, or a friend about anything that might seem off. Their insights might save you from an unpleasant experience.
And finally, what’s next for Deceptive Bytes?
Since threat actors don’t rest on their laurels, we don’t either as we continue to grow in terms of the company and market share. We constantly increase capabilities in the product as we recently added device control to better manage the security of connected devices and increased our multi-tenancy capabilities. In the next version, we’ll continue adding features to the multi-tenant dashboard and platform in general.
We’re also expecting to expand in terms of partnerships with service providers and resellers around the world who can contact us via our partner's page.