He Hunts Malware for a living. Here's what he's most afraid of

NetworkChuck · Beginner ·📄 Research Papers Explained ·6mo ago

Key Takeaways

The video features an interview with Bogdan Botezatu, Director of Threat Research at Bitdefender, discussing the biggest threats in cybersecurity, including advanced persistent threats and malware hiding beneath the surface. He shares insights on how Bitdefender uses sensors, honeypot networks, and threat intelligence to track down malware and threat actors.

Full Transcript

Who are you and what do you do? >> Uh my name is Bogna Botato. I'm a director of threat research at Bid Defender. >> What does that mean? >> That means that I'm working with a couple of people in labs in in various aspects like um we investigating stuff together with coordinating disclosures for vulnerabilities that we identify. And some of my work involves counting stuff like threats, uh number of infected PCs worldwide, mapping out uh malware evolution and so on. I'm both exposed to research and to uh the extent of the damage malware does to uh modern people. >> We'll start with something big right now. What is something that scares you about malware? Is there something right now that's just like like oh this is crazy? >> You know what scares me the most? uh what I'm not seeing right now. You you know malware is like an iceberg. You see just part of it. Uh you're aware of what you're a able to identify on victim's computers, but you don't see stuff that you're not currently detected. And this is uh something that is visible in the what we call the AP space. It's not that uh tuned with a advanced persistent threats uh malware that's specifically designed to stay hidden on high-profile computers and exfiltrate information or kick in when its masters wonder it so to do so. Basically, if if it were for me to sum it up in some way, I'm more afraid of what I'm not seeing at the moment than uh afraid of what I'm seeing. uh what you see can be managed. What you don't see you have no idea exists. >> So that's a great segue into how do you start to see malware? What how do you guys first discover malware and start to track it, trace it by sector? >> Uh that's a very good question. Uh what you're seeing behind me is uh a fraction of the insights that we're receiving from what we call sensors. Uh it's customer computers who are sending uh metrics to us. It's honeypot networks that behave like computers willing to get hacked and uh we integrate that into systems that are able to track down families of malware and threat actors. That's uh what we call threat intelligence and it's a whole discipline in itself. But we normally identify uh stuff that's out of the baseline. Uh for instance uh we have dashboards that show uh how Bit Defender products interact with files on different computers and uh once we see peaks in activity we uh normally have two options. A we messed up something we're we're like inadvertently detecting uh legitimate files or B there's an outbreak somewhere that needs to be investigated. Most of the times it's not us who mess up but it's uh outbreaks that uh show up on our maps. >> So when you find an outbreak um what's the next step? How do you guys handle that? >> We have uh uh specific processes. Um of course we uh start investigating uh the origin and the spread. Uh we want to know where uh that outbreak first emerged and we want to know how it uh how it spreads. This doesn't happen as often as you'd think, right? U actually the last time uh such an event occurred was around 2017. U about 400 kilometers away from the Romanian border. Uh we are in Romania right now in Ukraine, our neighboring country. Uh there was this devastating attack that uh happened in 2017. It was caused by a piece of malware called Natpetia which crippled the Ukrainian infrastructure and started aggressively uh spreading away from Ukraine into neighboring country like basically jumping from one network to another up until it it reached the United States and the northern hemisphere. So that was one of the most aggressive malware outbreaks we have ever investigated and we were able to pinpoint it as originated from Ukraine and we traced it back uh into our sensor network gaining insights about how fast it would spread. >> What's the the craziest malware you've seen or you've experienced uh and working at Bit Defender? >> That's that's hard to say. Uh I was in uh Bit Defender back at the time where StockXnet hit. If you uh for for those who know a little bit about cyber security, stockset was one of the most advanced types of malware that uh was designed to sabotage Iran's nuclear program. So uh it was one of the most complex and most expensive types of malware to run and its side effects uh were visible for the years. In its original form, it was designed to uh target computers running a specific configuration and hooked to uh controllers to industrial controllers. It had also a wormable component that would force it to spread across networks. So maybe 40 years after stocket was done. It was a closed case. We were still seeing stockset spreading out to Germany on on regular computers. It wouldn't do anything but it it would still attempt to spread out. So, probably this was one of the most sophisticated uh strains of malware that we looked into and was one of the most aggressive ones as well. >> That does sound pretty terrifying. Uh what is what is the malware right now that is um you're keeping an eye on that is prevalent. It's still infecting computers [clears throat] and that you're you guys are watching and trying to mitigate. Funny enough, um we are now very concerned about a family of malware that's called info stealers. They're a specific strain of malware designed to exfiltrate passwords uh and uh all sorts of credentials including blogging uh cookies from browsers. So this is probably one of the most important threats to consumers in 2025. >> Now I want to jump to this. We didn't talk about this before. How would you describe your skill set, what you do? How did you kind of get the skills you have now? Was it all on the job or did you have a lot of stuff? >> Well, I I learn a lot by interacting with smart people across the teams in Vid Defender. It's one of the things that um make me stay in the industry and in the company. I'm always surrounded by smarter people than me who have a very very large skill set. uh from uh uh networking gods to people who do reverse engineering for fun or uh people who uh code whole applications over the weekend into a hackathon and so on. We also have a very strong uh team of uh machine learning researchers. As a matter of fact, uh B defender was uh one of the first companies to adopt artificial intelligence back in 2007 and we have been perfecting detection technologies ever since. How are you using AI in your product right now with the defender to detect things? >> We we use AI in uh in various uh scenarios. We have AI that detects suspicious behavior. Uh we have AI that filters spam. Uh we have AI that detects potential uh scams before they reach uh uh the critical point where uh the the the victim gets hooked. We have AI that engages in conversations with scammers trying to uh waste their time and uh gather insight about how these scams operate. So um to give you a little bit of uh context about uh the scale of AI in in the company, I would say that we have about 25% of our uh patents based on AI technologies. >> Oh wow. I didn't know it was 25%. That's crazy. right now. What are you most excited about with your job? >> Uh, I'm involved in um uh the IoT uh vulnerability research program in the company with a couple of very smart people in the office inclusion that allows me to gain a little bit of insight about what's actually happening with our smart homes. And it's scary. You know, there's this joke with uh the guy who cracked a joke and Alexa laughed, his printer laughed. It's not a matter of jokes anymore. The smart home in 2025 uh offers a huge attack surface for uh cyber criminals. And that's because hardware is commoditized. It's cheap to run. It's uh uh very easy for people to order inexpensive devices from uh they're the favorite store in China. But but the but by by the time they have it in their hands, that device is already obsolete and probably the company who uh manufactured it no longer exists. So that means no technical support, no patches, no fixes, no security auditing for the entire duration of the product's lifetime. What m makes it worse is the fact that when you install a device uh that's vulnerable on your network, you don't get that uh bleeping red light that warns you uh it ships with a CVE from 2017. It just stays there uh waiting for somebody to stumble upon it and get control of it. It doesn't expose just uh the owner's information. It's also used as a weapon to deal devastating DDoS attacks against hospitals, banks, government institutions and so on. So our smart home is an unwitting accomplice to cyber criminals. >> So what do you recommend for people to do right now with their smart home? Like for example, do you have stuff in your smart home? Most of us and your audience is in the system administration space. That that means that probably they're working as admins in uh in companies and they're also the CIS admins of their home. When you're a professional at work, you're going to have patching cycles, security auditing, network segmentation, and so on. But when you're at home, you're dealing with a couple of black boxes. You have no idea what's running on them, whether they're compromised or not, whether they have uh they ship with vulnerabilities and so on. So uh I would say that first thing that we should do at home is chart the magnitude of our network. Uh you most likely have forgotten about your smart fridge who is connected to the internet, but it doesn't have any utility. Uh it doesn't order food by itself. uh it uh it doesn't help you with the grocery list, but it's it has a Wi-Fi chip in it and uh will uh gladly report inside temperature to your smartphone app. Right? These are uh devices that are easy to uh lose track of. Uh smart switches as well, they're buried under drywall and God remembers that they ever exist, but they're dead and they have vulnerabilities. So I would start with uh looking in the router interface to see how many devices we have. I have 50 most of them answer to ping request but I have no idea where they physically placed in the in the room. Right. Do an audit uh chart your network see what needs to be on your main network and what needs to be moved on the guest network and run a vulnerability scanning solution across the network. There are a couple of free apps that will uh will help you identify open ports and maybe uh known vulnerabilities. So you can get to decide whether you'll still uh willing to take a risk and use the device or not. >> Do you have um any rules that you go by or you could recommend for people as they're building their smart home? What should they avoid doing? What what's the best practice? I would start with uh investing in uh devices that come from respected brands. That's because they have a better track record at fixing uh vulnerabilities and probably they have a bug bounty program and companies like us will report vulnerabilities to them. They will rush to fix it because it's the brand at stake. Right? When you're talking about no name devices, there's no uh harm to the brand. So probably you're not going to see uh devices getting shipped. And even even if you choose with your security interest in mind, don't just assume that these devices are safe. Uh crammate network um if you have uh the networking gear, just segregate them. If not, just move them to the guest network and that's going to be much better for your core network security. Uh there have been a lot of cases in which one single device led to massive compromises like uh you know a smart switch that was inadvertently exposed to the internet and was vulnerable would allow a hacker to uh pivot on the internet and plant ransomware on a family NAS for instance >> just a light switch that's crazy >> it is it is it only takes one device for a skilled hacker to pivot into your network and you know when I'm saying skilled hacker it's like a a person who is literate enough to use a computer because most of these tools are automated. Uh most of the attacks that we see are automated. They are executed by uh open-source tools on the internet. So hackers only need to be patient to run a full scan of the internet, identify what devices they want to compromise and then issue a mass command and have a botnet by the law. >> That is very scary. Now you mentioned how um you guys will get IoT devices, analyze them and even report um vulnerabilities to the uh manufacturer. Describe that process. How do you guys do that? >> Okay, we uh we don't have the bandwidth to uh analyze everything even if we we would so much want to do so. Uh but so we're picking our targets based on how likely they are to be present in most people's home. uh we select them by popularity and we looked into uh we look into devices that are highly popular because that's where most of the damage uh happens. We have a wide range of uh products that we analyze. Thermostats um um IP cameras, baby monitors, uh smart TVs, smart fridges, uh even electricity inverters which seem to be the new endpoint. We normally look into uh three main things. uh the mobile app that's a companion to the device. Uh the firmware itself, we tend to uh dump the firmware and look for the lowest hanging fruits like hard-coded passwords, uh hidden back doors and so on. And uh the cloud security aspect because sometimes you don't need to hack into the device when you can hack into the cloud bucket where uh that device stores information into. So, u uh these are the three main uh things that we look at and for the past 5 years, we've found some scary stuff going on. >> What's the scariest thing you've seen? >> Uh the scariest thing we're seeing is uh security surveillance cameras that inadvertently leak what's happening into uh people's homes. We've had a lot of uh camera models that take the same approach. Um, cameras are a special breed of IoT devices because they are physically designed to be accessible from outside your home. You don't normally watch your camera while you're inside. You're watching your camera while you're away. So, these cameras uh have a 360 uh perspective of what you're doing in your home. And sometimes you end up being streamed on the internet like in the Truman show. And this is uh not overstating. It's something that happened in Milan a couple of weeks ago where uh a couple of uh folks have made a business out of streaming realtime information from people's homes on Telegram like some sort of a sick Netflix alternative from people's homes. Uh they got prosecuted. But the the point is that even if they got convicted, there's no way to measure the damage because the amount of victims is unknown. Law enforcement wasn't able to identify victims and possibly reach out to them and tell them, you know, for the past 6 months your life has been streamed to the internet and who knows what you have exposed about yourself. >> That is this just a few weeks ago this happened. >> Yeah. But just imagine that the level of digital fallout that these people have inadvertently caused. Streaming people's homes could ruin reputation, could put people in different positions that they wouldn't want to be associated with. It's like, you know, you're living in your home, you you expect some level of privacy, but not with IoT, apparently. >> No. No. So what's your opinion on like uh going fully local uh with IoT Home Assistant? >> If that's an option, I would take it. Uh and it has become easier and easier to run your own version of Home Assistant, but people normally choose convenience over security. Not everybody knows how to do that. Not everybody has the resources. Not everybody wants to run a server into their own home. This would be the best approach. I wouldn't expect people that they follow this. >> What's your opinion on Alexa and and Google Assistant and everything? >> They're part of the of our lives whether that we want it or not. Um my kid uses uh voice assistants since he was a cub, right? He learned to speak and first thing he do was issue a hey Google command. At least three of my kids, they learn how to say Alexa pretty pretty early on to trigger Alexa. It's so funny. >> They're very popular devices and one one of the things that uh I'm happy about it is that security-wise, they're pretty strong. Um I'm I cannot say for sure what's happening behind closed doors with all the information that's being recorded non-stop. You know, when you when you're talking to a digital assistant and they respond like, "H, your microphone is muted." Really? [laughter] Yeah. >> How do you know that? >> Exactly. Exactly. So, you're less worried about big corporations getting that information. You're more so worried about the the hackers who take advantage of random white label devices. >> How about both? I'm also worried about the amount of information that's being collected uh from people. And it it's not just because everybody's trying to train AI models on our data and voices and whatnot, but what happens in the event of a data breach. the more data you have on somebody, the more you lose when you get hacked. And that's another key concern of ours. Um, the amount of information that has become public, even if people haven't necessarily disclosed it willingly, it's not an option for you to withdraw information from your uh local police department. They have information about you, your name, your address, your whatever because they issue documents, right? If they lose that information, they expose a lot of stuff about me that's not changeable. My social security number is a a tough thing to change. Um, my uh birth date is immutable. I cannot choose another one just by picking it from the calendar, right? My home address, another thing that once exposed will put me in a world of hurt. It's not so easy to move out, get a new home just because somebody has leaked your home address and you know even if you do that 2 years after that somebody else will leak it. >> So would you say that's the biggest threat facing us right now? >> Yeah. Um I I I think that you know cyber criminals now have a little bit more information about yourself than your local government. They know your search history. Uh they know your fantasies. They know your shopping list. They know what you're watching. They know your medical history probably. And they are pretty adept at building these unified profile based on a unique key. Let's say your email address or your phone number which is common across data breaches, right? Maybe your social network has leaked about you. Uh your username, uh your gender, your likes and dislikes and so on. But you also have the phone number that you use to validate uh your account on. So that one is a unique key that cyber criminals can build more information around. And at the end of the day, cyber criminals know a lot about us and that that's visible in the way they're running their scams. um they're targeting people with real life scenarios like they can impersonate the bank you're doing business with because they probably have that information from a data breach. They can impersonate a neighbor because they don't where you live. uh they can impersonate your boss or your colleague because you know a social network that's designed for work has leaked all this information your position in the company who you are reporting to and who you're working with. >> So what do we what do we do about that? >> There's very little that you can do to uh protect yourself but there's a lot that you can do to stay informed. Um one of one of the things is that a lot of companies are selling uh digital monitoring technologies that alert you whenever information about you pops up on the internet on or on the dark web. Before that uh it used to be a little bit simpler. You would just Google your name, look it up on your search engine and see what the internet knows about you. Now we have regulations like GDPR which prevents uh search engines from showing uh personal information. So you don't know what what the internet knows about you. And also cyber criminals have moved their businesses from forums and uh uh deep web to darknet. One one of the technologies that help is a digital digital identity monitoring technology that alerts you whenever your social security number pops up on the dark web in a data breach or uh when your email address gets leaked or anything about you that uh actually gets leaked. Uh if you know that information, you could limit the amount of exposure because once your credit card data ends up on on the dark web, you can uh just call your bank and have that card cancelled. >> Yeah. Um what's your experience with the dark web? Have you uh seen any major hacks that you guys have been involved in? Have you dabbled in trying to research the dark web? Dive into that a little bit? Oh, I I think that's part of regular business at most cyber security companies. Yeah, we're lurking on the dark web because there's where good things happen, right? Good things. >> When you say lurking because like I I've done videos on the dark web and it's like you you connect via the tour network. You get on there and it's like where do you go? >> First of all, you need to know where you're going. Uh the dark web does not have street signs directing you. Uh this is where you buy coke from. This is where you buy weapons from. This is what you order assassination as a service from. But there are a couple of markets who are very well known cross uh industry members. And we like to lurk on these uh dark markets and uh see what's getting traded, what's getting sold, what the latest trends are, how people uh rank vendors for for instance, what kind of shipping uh methods they use and so on. Is this more like a manual method or do you have like an automated method? Mo >> most of the time it's automatic but the real the really good things uh happen when you spend time there. Even if you can cluster with uh uh tools uh information on the dark web when you're reading it out you get the context and uh that that's something that's uh brings you a little bit more value than than than scraping it with uh automated tools. Some of the dark markets are not even accessible to everybody. they have to be vouched in by somebody who uh already is a customer and uh that's solely to uh prevent uh uh law enforcement or security researchers from uh getting in and uh monitoring it from inside. >> So in that situation, what do you guys do to get in? >> I can I cannot discuss about that. >> We've talked about some stories um yesterday and uh about some crazy things you've seen. What are some Can you share a few of those stories? Um, interesting hacks, interesting experiences you had being a bit defender. >> I'm um one of the first responders on ransomware cases. Um, Bit Defender offers a wide range of ransomware decryptors uh that are the result of investigations with law enforcement. In specific cases, we are able to recover decryption keys for ransomware attacks and we bundle these uh decryption keys into uh free decryptors that we uh make available for free to victims. Uh that's because a it's important that victims do not pay up because by support by paying up they support the ecosystem and they are actively investing in making it better. uh and B because we want to disrupt ransomware by uh cutting uh access to funding. I have a lot of stories coming for from victims who uh were seeking out help. Uh I have this PhD student who was uh on the verge of defending his thesis but he didn't have the latest version. he kind of lost one month of work um in the the backup was one month old and whatever he had worked meantime got lost that night uh I got uh word from one one of my colleagues that we have a decryptor and we were able to save his uh PhD thesis. Uh another thing that uh I saw and it was pretty wild was that back in the day there was huge competition on the ransomware market. there were like maybe a dozen strains of ransomware all competing for the same files for the same users and there's this individual uh who had one file infected by 24 different strains of ransomware. So they uh in order to get that information back they would have to pay for 24 ransoms that would have totaled to about $300,000. imagine that he didn't have that money and he there was no guarantee that at some point one of the ransomware layers wouldn't be decryptible like you know you've gone 50% in and then one layer fails and good luck with the rest. Uh we've also seen companies who had lost information permanently because of bugs in ransomware encryptors. uh you know uh people who write ransomware code are still human and they produce sometimes imperfect code that glitches while running. So there's this uh situation in which a company lost virtual machine discs because they were large and cyber criminals uh didn't factor in the case where NTFS would be an issue. So uh even if they paid they wouldn't be able to restore access to the information because files were overwritten with zeros. And there's this um again this very sad story of a uh couple in Syria. Uh Syria was shaken down by wars and it was 2019. Uh there's this couple who were who were uh mentioning on the internet that their computer had been infected. Well, it was no surprise in that. And that their pictures had been taken hostage and uh the cyber criminal was asking for like $350. Not much by western standards by but a lot in uh in terms of how much money people in Syria have. What stood apart from the rest of the cases was that those pictures was very important to the family. They had uh pictures of uh two two of their kids who had lost their lives at war. So that was the only proof of them being part of this life in the past. It it was a very sad story. uh we managed to uh decrypt that information and uh we took it very personally. >> That's amazing. What is the process to build a decryptor? >> Uh there are three main avenues. Um the first one and the most unlikely one is when uh cyber criminals have uh put code implementations that would allow us to infer the the decryption key. There there were some circumstances in which u newcomers to this scene would try to implement their own encryption routine uh from scratch and this is a very very let's say rocket science operation. They failed to do it safely and we were able to decrypt uh information because the decryption keys were derived from files timestamps which we knew right. The second decryption avenue would be when uh cyber criminals decide to go out of business. Maybe they have attracted too much attention or maybe they realize that they're doing the bad thing or maybe I don't know they have internal fights and they dismantle thing. Then they dump the master keys which help us help the others uh who need uh the cryptos. The last method involves a little bit more work because it normally involves teaming up with law enforcement agencies, getting into the cyber criminals infrastructure, confiscating uh servers, getting uh hold of the keys and then bundling them in individual decryptors. >> Oh wow. See, my my mind first went to like, oh, just reverse engineer the software. Let's figure that out. >> Well, easier said than done. >> Unfortunately, we know how encryption and decryption works, but math stands in the way. Cracking into RSA 2048 is not an easy feat. If it were, you know, the world would light up empire. I don't know what would happen. That that's not an option. Uh, you know, it's Matt sending in the way and you either have the keys or you don't. >> Do you see um a problem with quantum and and it being able to decrypt our current cryptography standards? >> There will be a problem with the quantum. Not now, but in the future, yes. >> Like right now, it's still all theory, right? >> There are attack uh viable attack mechanisms against smaller size keys, but we we're still safe. >> Okay. Okay, good. Let's go to back to your career at Bit Defender. How long have you been here? >> Uh I've been with the company for 17 years now. >> That's an extremely long time. Why are you still here? >> That's probably one of the hardest questions. Uh I I will be a little bit me centric now. Uh so probably because of the challenge every single day in in the labs is different. There's no take two. Uh the landscape is so dynamic that every day you encounter new new challenges that require fixing. And uh uh because we're still on the MI side now. I would say that u I not only that like the challenge I also like the responsibility uh securing uh families people uh companies is a huge liability right you have to do it perfectly every every single day because you know your detections are uh the ones that make the difference between uh honey I'm home and uh honey we just lost our life savings. So that's probably more of like why you do this just the impact you can make. >> Yes. I I wouldn't be so bold to say that we keep the digital world spinning but we for sure have a contribution towards that. One thing that stands now um is how we did in the pandemic uh during the uh COVID time uh hospitals were some of the most attacked uh institutions in the world. That's because they were operating on urgency. uh they normally don't have cyber security budget to uh help CIS admins uh secure attack avenues and uh make sure that everything runs smoothly. There's a lot of legacy software inside from CT scanners running Windows XP to probably more complex equipment running still running Windows 95. You're not just uh swapping out uh $6 million piece of equipment just because its software got dated. you'll still use it and even if that makes you prone to attacks. And at that point we felt that we need to uh move the needle uh to the cyber security aspect to make sure that uh the hospitals remain uh operational. And we reached out proactively to a couple of hospitals provided uh security software uh for free and also expertise and uh uh sock monitoring for their businesses to make sure that the lights stay uh on and that people get treated in in a timely manner. That's I think probably my favorite part about Bit Defender and what I've learned on this trip. Um, and maybe the reason you're still here, too, is that it's it's not just about the money. It's about the bottom line. You guys really care about the the state of people's lives. And let's face it, you know, every every life is so digital now. >> I believe that cyber security should be a fundamental human right just like the right to liberty and the right to critical thinking. uh it shouldn't be conditioned by money. But once you realize how much the digital life has impact on your physical life, uh people understand that you need to secure your digital life to enjoy your physical life. You need to be able to stop tracking. You need to be able to prevent your life savings from getting stolen because you have clicked the wrong uh link. you have to uh be able to uh keep your job even if uh your manager tries to convince you that uh you're going through a merger and acquisition and you need to pay out $28 million right now out of the company funds to make it happen. >> So do you think right now we are uh we're winning the battle with cyber security? >> Well, we're still here, right? Uh yeah. Uh it's going to be worse before it gets better. But the world keeps spinning. This is not a one battle. It's an ongoing battle. But uh we managed to keep the lights on for uh people. We managed to uh still enjoy uh digital communications. Uh phones are working fine, computers are working fine and so on. What we need to be on the lookout for is that uh every single day thousands or hundreds of thousands of people discover the internet for the first time and they get exposed to the Nigerian prince for the first time. Uh they get their first cyber bullying message for the first time. It's important for us as a security company not only to uh watch out for uh people who already are established on the internet but also to uh educate uh new generations towards how to stay safe on the internet and education is one of the most important things that we can uh help people with. >> I hadn't considered that that there's so many people discovering the internet now for the first time. You know, there's uh this X KCD u cartoon with u uh the 10,000. Bottom line is that every single day 10,000 people discover for the first time what happens when you mix Coke with Mentos. [laughter] >> Yeah. Yeah. That's that's wild. So, education wise, uh what are you guys doing to inform people? >> We're starting early. Uh we have a couple of directions where we're going. uh we uh are uh informing people about the latest threats. Uh we have several blogs that my team uh caters to uh in which we uh dissect how malware works, how scams work, what are the tailtale kinds of malware or scams and so on. Uh we also do school visits uh where we uh talk to uh kids uh young kids about the dangers of getting approached by strangers on the internet. uh how to stay safe on the internet and how to not become a problem for the other ones, how how to stay away from cyber bullying, where to draw a line when uh things get heated and so on. We also teach uh kids about uh uh the safety of interactions in uh uh various games like Minecraft or Fortnite or you name it, Roblox, you know. >> We go even further. We have uh masters programs for uh shaping up the new generation of security experts for companies. We uh get involved in pretty much every single aspect uh of uh evangelizing cyber security like we're doing now to your audience, >> right? Um and that's fantastic. What would you say uh someone can do to become like you to be in not exactly your role obviously but to be as well versed as you are to be at the cutting edge to be in threat research what's the path to that >> get curious there are a lot of avenues into cyber security uh one of them is uh networking of course if you have a networking background the next logical move would be cyber security uh tech support again a very very big avenue into cyber security because you already know the company, you know the products, you know how uh uh the IT service desk uh works. So, it's only natural to go from fixing printers to uh monitoring computers. But not nothing matches experience. Stay curious, stay informed. Um there's a lot of educational content uh on the internet. There are conferences that are getting streamed. One thing that's not missing is information. you only need to make time to uh approach uh this content and ingest it at your own pace. >> So, speaking of staying curious, um that's probably still true for you now. What are you most curious about right now? What are you learning? >> How to configure Minecraft servers for my kid? [laughter] >> I'll make >> There I said it. >> I'll make I'll make a video on that. [laughter] Uh, what's your opinion on um on Minecraft and Roblox? Like I I took Roblox away from my kids because I just I saw the risks. I'm like, it's not worth it. >> I love Minecraft. Like it's one of the most amazing experiences you can live as a kid or as an adult. You go explore an infinite world and you know your creativity is the only limit. It It's an amazing game. I hooked up a a VR headset to the game and that's a whole new level of depth and experience that you know being on top of a castle and looking down staring down at a pit. Wow. [laughter] Yeah. Frightening and amazing at the same time. You know the enderman is taller than you with one block. >> I have to go into the experience that it sounds really fun. But Roblox, what's your opinion on that? >> Uh, massive massive multiplayer games are usually very popular across among children. There is a fascination towards fighting your your friends. But uh they're also one of the ways you can get in touch with uh strangers, with people that you do not trust and you do not know and who don't necessarily have your best interest in mind. Uh there there's a lot of scamming happening in these games and normally, you know, it's like we have this uh saying it's like stealing candy from a baby. No, it's like stealing that elite skin from a baby because that that's what usually happens. There's a whole underground ecosystem of scammers who are after their assets and whatnot. I'm a big fan of Pokémon Go. Uh I've been playing it since uh 2016 and I I'm still playing it uh as part of family activities. We Yeah, we go chasing Pokemons, taking part in raids as a team, uh me, my wife, and my kid. And you know, I wouldn't take it easy if it were for me to lose my account. It probably doesn't have any any physical value. But for me, the Pokemons that I've ch chased and exchanged with my kid and my wife, priceless and and that's real. Like that's for us that's like real estate for us. It's it's so valuable. >> Now getting back to what you're learning now. What are you learning any AI things? Are what's what's do you go home and do homework on? >> At this point, I'm learning how to build iOS applications there. That's something that I that I'm relatively new to because I'm relatively new to iOS. Uh I I've been using Android for most of my life but switched to iOS uh two years ago and I just realized that even if I built Android applications, I've never approached iOS. So uh that's that's something that I'm working on. It's a um a flight tracking application that allows me to keep count of how much time I spent in flights, uh how many countries I visited, uh how many miles I flew, what my carbon impact is to the world and so on. Nothing fancy, but it's a very uh cool exercise into uh learning a new technology, seeing how you you handle unknown situations and whatnot. Now, as someone who's expected to be at the cutting edge and up to date on everything cyber security, how do you keep yourself up to date? >> Well, this is where uh the larger team kicks in. I would say that knowing everything about cyber security is a pretty huge deal for one person, but uh cyber security is a team effort. We have people who know a lot about very specific things and that's when you uh get up in a break and uh the mentoring starts. Um by working with people who are deeply involved into something we get to this transfer of knowledge that allows us to stay on the cutting edge. >> Is there anything about Bit Defender that people probably don't know that you want to say? >> Yeah, I'm not I'm not sure. I I could bring up the fact that Bit Defender was not always a cyber security uh company. We ended up building one of the best cyber security products because we needed one. The story is that Bit Defender was founded in uh the early '9s in Romania, a country that had just uh uh shook off uh its communist regime that occupied it up until the '90s. We started uh working with uh uh a couple of companies from an outsourcer perspective. We would build uh custom software for uh partners in the western Europe. And because we were at the confluence of uh uh the eastern and the western world, we we were neighboring with the former Soviet Union and Bulgaria, we would see uh malware coming from Russia and Bulgaria firsthand. we would experience it here. You know, back then malware was traveling on floppy discs because the internet, even if it existed, it was like a very very restricted access technology. Just a couple of people were connected to the internet. Uh those floppy discs uh roamed around Romania carrying the worst of the worst of the malware. and security solutions didn't have hourly updates or cloud connectivity to tell you that this latest virus is identified on your device. So we would normally get infected, we would pass out the infection to uh different people involved in this supply chain uh with us and yeah that that was troublesome. So um we started working on an anti virus engine in house to fix this specific issue. We sent it out to our partners to make sure that they are staying safe as well and they're not spreading the malware to their ecosystem and our partners were like you know what forget about what you're doing for us let's focus on the anti virus because it looks amazing and we started developing it commercially and here's how Bit Defender was born. That's an amazing story and I know like just being here in Bucharest and and hearing the stories of communism, it's amazing the company exists the way it does now and you're a leader in this industry in your space. One thing that I don't think a lot of people know about is that you're more than just anti virus software. You're you lead threat research. You provide signatures to not just your own software but to other companies. Can you talk about that? >> Yes. Bit Defender is also a large uh technology licenser because our security solutions are so good at detecting malware. Um there's this normal business perspective coming from whoever wants to build a security solution and start a business here. Why not license an already mature technology rather than developing it in house? because it's expensive to reach this level of uh detection that would would qualif qualify you as a good anti virus. So uh we are providing security solutions to about 40% of uh the top anti-malware solutions that are currently tested independently. Uh there are two testing organizations independent testing organizations AV test and AV comparatives. one is located in uh Germany and the other one is located in Austria who are benchmarking security solutions. So if you're looking at the top bid defender technologies are present into a significant chunk of uh these products we're replicating the same licensing model to uh the internet of things security with partnering with the router manufacturers now and telecom providers to have bit defender detection technologies built at the core of the router or telco equipment. So whenever uh customers contract a subscription uh for uh internet services, they will get builtin uh security for the internet of things. >> That's really important. Um what does it do to analyze and find IoT? Is it like doing network scans and like going oh we know the CDE will be applied to this software. >> All of the above. The technology has uh a couple of layers. configuration port scanning looking for what's exposed and what shouldn't be exposed uh known CVS um abnormal patterns that uh in communication between the device and the internet which are a tailtale sign that somebody else is controlling the device and probably putting it to use that wasn't the equipment wasn't designed for. Uh we have real-time network scanning. uh we have artificial intelligence algorithms that look at whether the traffic looks good or not. >> That's that's crazy. And I that's the biggest problem I think is so many routers don't have that built-in security to look for those signatures behavior. >> It's not just built-in security. We we're also aiming at making it easy for uh people to manage devices. You have a dashboard. You look at it. You see all the connected devices and you see their security status, whether they are affected by um an issue uh whether there's a known vulnerability uh that the device shipped with, whether there's a new firmware update for the specific device or whether you have poorly chosen credentials that will make it trivial for a cyber criminal to uh brute force. Um, we we're aiming at making the smart home as easy to manage and as safe as possible uh for people because whether we want it or not, the IoT is here to stay. They don't make dumb devices anymore. If you're going to a retail store to purchase a new fridge or a new washing machine, you will not be able to find one that doesn't connect to the internet. So, smart home is not your choice anymore. it it's like take it or live it. We need to make sure that everybody uh stays safe.

Original Description

Check out the main video: https://youtu.be/puwodnADbII I sat down with Bogdan Botezatu, the Director of Threat Research at Bitdefender. He revealed something terrifying: The biggest threat in cybersecurity isn’t the malware we see; it’s everything hiding beneath the surface. He breaks down how modern threats actually emerge, from stealthy APT malware that stays invisible for years, to the rise of info-stealers that harvest passwords and cookies at scale. He also explains why your smart home might be the weakest point in your entire network. 🔥🔥Join the NetworkChuck Academy!: https://ntck.co/NCAcademy SUPPORT NETWORKCHUCK --------------------------------------------------- 🎓🎓 Sign up for NetworkChuck Academy: https://ntck.co/NCAcademy ☕☕ COFFEE and MERCH: https://ntck.co/coffee 🌐🌐 Use the MOST SECURE Web Browser, NetworkChuck Cloud Browser: https://browser.networkchuck.com/ 🧠🧠 Use n8n, my favorite automation tool: https://ntck.co/n8n 🆘🆘 NEED HELP?? Join the Discord Server: https://discord.gg/networkchuck STUDY WITH ME on Twitch: https://bit.ly/nc_twitch READY TO LEARN?? --------------------------------------------------- -Sign up for NetworkChuck Academy: https://ntck.co/NCAcademy -Get your CCNA: https://bit.ly/nc-ccna FOLLOW ME EVERYWHERE --------------------------------------------------- Instagram: https://www.instagram.com/networkchuck/ Twitter: https://twitter.com/networkchuck Facebook: https://www.facebook.com/NetworkChuck/ Join the Discord server: http://bit.ly/nc-discord Do you want to know how I draw on the screen?? Go to https://ntck.co/EpicPen and use code NetworkChuck to get 20% off!! “He Hunts Malware: What a Threat Research Director Fears Most” “Inside Bitdefender Labs: The Scariest Malware in 2025” “APT Malware Explained: Why Hidden Threats Are the Real Problem” “How Cybercriminals Hack Your Smart Home in 2025” “The IoT Security Crisis: Why Your Smart Home Is Dangerous” “What Bitdefender Sees on the Dark Web (and Wh
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from NetworkChuck (2) · NetworkChuck (2) · 36 of 37

1 how to NOT be a hacking noob in 2022 // ft. John Hammond
how to NOT be a hacking noob in 2022 // ft. John Hammond
NetworkChuck (2)
2 noobs Q&A with NetworkChuck and Cameron
noobs Q&A with NetworkChuck and Cameron
NetworkChuck (2)
3 He put all his money in NFTs and crypto // ft. Knox Hutchinson
He put all his money in NFTs and crypto // ft. Knox Hutchinson
NetworkChuck (2)
4 why David Bombal became a hacker
why David Bombal became a hacker
NetworkChuck (2)
5 How to go from a Hacking noob to a John Hammond
How to go from a Hacking noob to a John Hammond
NetworkChuck (2)
6 LINUX saved his life! // ft. Shawn Powers
LINUX saved his life! // ft. Shawn Powers
NetworkChuck (2)
7 Do I need to learn coding to be a Hacker?
Do I need to learn coding to be a Hacker?
NetworkChuck (2)
8 The best Linux distro to learn to become a hacker
The best Linux distro to learn to become a hacker
NetworkChuck (2)
9 What skills do I need to start hacking??
What skills do I need to start hacking??
NetworkChuck (2)
10 Does knowing networking make hacking easier??
Does knowing networking make hacking easier??
NetworkChuck (2)
11 What is a hacking CTF?
What is a hacking CTF?
NetworkChuck (2)
12 What does a threat analyst do?
What does a threat analyst do?
NetworkChuck (2)
13 Do CTFs prepare you to be hacker?
Do CTFs prepare you to be hacker?
NetworkChuck (2)
14 Ed Sheeran or Seth Rogen?
Ed Sheeran or Seth Rogen?
NetworkChuck (2)
15 The first thing to do when learning hacking
The first thing to do when learning hacking
NetworkChuck (2)
16 Cheating is okay (As long as you are learning)
Cheating is okay (As long as you are learning)
NetworkChuck (2)
17 talking with HakLuke (Hacker and creator of Hakrawler and other tools)
talking with HakLuke (Hacker and creator of Hakrawler and other tools)
NetworkChuck (2)
18 How to get a job in IT (according to the experts)
How to get a job in IT (according to the experts)
NetworkChuck (2)
19 Home Assistant made their own Alexa!!
Home Assistant made their own Alexa!!
NetworkChuck (2)
20 Is the NEW CompTIA A+ Exam Worth It? (220-1201 and 220-1202)
Is the NEW CompTIA A+ Exam Worth It? (220-1201 and 220-1202)
NetworkChuck (2)
21 How I Accidentally Created a Viral Meme Coin
How I Accidentally Created a Viral Meme Coin
NetworkChuck (2)
22 How I handle multiple Python Versions (pyenv)
How I handle multiple Python Versions (pyenv)
NetworkChuck (2)
23 how to host Open WebUI locally (self-hosted AI Hub)
how to host Open WebUI locally (self-hosted AI Hub)
NetworkChuck (2)
24 Turn Open WebUI into a real website (Domain + SSL)
Turn Open WebUI into a real website (Domain + SSL)
NetworkChuck (2)
25 How to Run n8n Locally (Full On-Premise Setup Tutorial)
How to Run n8n Locally (Full On-Premise Setup Tutorial)
NetworkChuck (2)
26 This Man Taught Me Everything I Know (Jeremy Cioara interview)
This Man Taught Me Everything I Know (Jeremy Cioara interview)
NetworkChuck (2)
27 The AI Attack Blueprint (Interview with Jason Haddix)
The AI Attack Blueprint (Interview with Jason Haddix)
NetworkChuck
28 The Telos Method Explained (ft. Daniel Miessler)
The Telos Method Explained (ft. Daniel Miessler)
NetworkChuck
29 How Long Do Network Engineers Have Left?
How Long Do Network Engineers Have Left?
NetworkChuck
30 Cisco's Certification Director Explains the Future of CCNA
Cisco's Certification Director Explains the Future of CCNA
NetworkChuck
31 From Engineer to YouTube Pioneer (David Bombal's Story)
From Engineer to YouTube Pioneer (David Bombal's Story)
NetworkChuck
32 They’re Teaching AI to Run the Data Center. Here’s How.
They’re Teaching AI to Run the Data Center. Here’s How.
NetworkChuck
33 Dark Web Expert Explains How He Infiltrates Cybercrime Forums
Dark Web Expert Explains How He Infiltrates Cybercrime Forums
NetworkChuck
34 Interviewing The Leader behind one of the Most Secretive Cybercrime Teams
Interviewing The Leader behind one of the Most Secretive Cybercrime Teams
NetworkChuck
35 Scam Researcher shows how he tricks scammers with AI
Scam Researcher shows how he tricks scammers with AI
NetworkChuck
He Hunts Malware for a living. Here's what he's most afraid of
He Hunts Malware for a living. Here's what he's most afraid of
NetworkChuck
37 Talk to Claude on 3CX Phone System Tutorial (Full Setup)
Talk to Claude on 3CX Phone System Tutorial (Full Setup)
NetworkChuck

The video discusses the biggest threats in cybersecurity, including advanced persistent threats and malware hiding beneath the surface. It highlights the importance of cybersecurity education, IoT security, and digital identity monitoring.

Key Takeaways
  1. Investigate the origin and spread of malware
  2. Coordinate disclosures for vulnerabilities
  3. Map out malware evolution
  4. Track down families of malware and threat actors
  5. Perform vulnerability scans on smart home devices
  6. Implement digital identity monitoring
  7. Develop strategies for IoT security
  8. Build defenses against malware
💡 The biggest threat in cybersecurity isn't the malware we see, but everything hiding beneath the surface.

Related AI Lessons

I Spent Weeks Looking for a Research Gap Before I Realized I Was Searching the Wrong Way
Learn how to effectively find research gaps by changing your approach, a crucial skill for AI researchers and academics
Medium · AI
ICMI 2026 Reviews [D]
Learn how to interpret ICMI 2026 reviews and improve your paper's acceptance chances
Reddit r/MachineLearning
Workshop submission for main conference paper under review [D]
Learn how to navigate submitting a paper to a non-archival workshop before the final decision of a main conference like ECCV
Reddit r/MachineLearning
Kept context-switching between arxiv, OpenReview, GitHub, and HuggingFace for every paper, so I built this. Chrome extension + website with everything inline, plus citation graph + SPECTER2 neighbors. 3M papers, free, feedback welcome [P]
Streamline your research with a new Chrome extension and website that integrates 3M papers from arxiv, OpenReview, GitHub, and HuggingFace, including citation graphs and SPECTER2 neighbors, and provide feedback to improve it
Reddit r/MachineLearning
Up next
Beyond Big Vendors: ERP Systems Explained #shorts
Digital Transformation with Eric Kimberling
Watch →