Reboot 2016 Influencers: Jerome Segura, lead malware intelligence analyst, Malwarebytes
Reboot 2016 Influencers: Jerome Segura, lead malware intelligence analyst, Malwarebytes

As new threats arrive daily, researchers like Jerome Segura are on the front lines monitoring the latest malware and trends in cybercriminal activity.

This year alone, he has spotted and analyzed several advance persistent threat (APT) groups, ransomwares and Angler exploit kits distributed in malvertising campaigns. Some of the most notable attacks he examined were those that simultaneously targeted major publishers – including MSN, The New York Times, AOL and the BBC – by exploiting video advertising networks.

“In the past, it was not uncommon to see a large website deliver malware, but not a number of them at the exact same time,” Segura told SC Media. “In this particular case, criminals went for a medium not many people were expecting – video ads – and were able to launch a wide attack that started on a weekend and went on for a few days before getting completely stopped.”

In addition, he also spotted and examined cybercriminals using an unpatched browser that allowed rogue advertisers to "fingerprint" their victims and either display bogus ads or send ads laced with malicious code. He said it was possible for threat actors to determine if the visitor had certain tools installed on their computer directly from the ad banner itself, thereby flagging them as security researchers and thus avoiding the payload delivery stage.

Other major threats Segura investigated this year include a RIG exploit kit that borrowed techniques from the Nuetrino EK in an attempt to fill the void left by the shuttering of Angler; a DetoxCrytpo ransomware disguised as his own firm's software; RAA ransomware written in JavaScript; tech support scams; and several malvertising campaigns leveraging poorly secured and fake ad networks.

Despite his already distinguished career, Segura was somewhat of a late bloomer in the world of computing as he didn't even get his first computer until he turned 18.  And while he admits this was quite late in life, he said he always had an interest in technology and computers while growing up. The young researcher received a Masters degree in Information Systems after which he went on to help others deal with the onslaught of adware and spyware.

Motivated by the satisfaction he gains from reconstructing attacks and finding the missing pieces that make it work, Segura said, “generally speaking there is always something going on and most infosec people will tell you that they wish there were more than 24 hours in a day.”

“The biggest challenges will always be trying to bridge the gaps between users and technology in a connected world that is evolving at a very fast pace,” Segura said. “Security is not a state but rather a continuous journey with bumps along the road.”

Whether it is the rapid progression of malware techniques used in tech support scams to the great cloaking tricks malvertisers have used to hide and run their large campaigns, the researcher said he has witnessed several interesting things along the several fronts that he follows.

 “Malvertising has taught me that when you think you've seen it all, you've only scratched the tip of the iceberg,” Segura said.

Click here to read about the next Influencer: Devon Bryan, EVP and CISO, Federal Reserve System.