Episode 18: Christopher "Tophs" Elisan on Malware Trends
In the latest episode of the Digital Guardian podcast, Christopher "Tophs" Elisan, Principal Malware Scientist at RSA, describes recent malware trends he's seen, two approaches to thinking about breaches, and the dangers of attributing attacks.
Welcome to Episode 18 of the Digital Guardian Podcast! On this episode our hosts Will Gragido and Chris Brook chat with Christopher "Tophs" Elisan, Principal Malware Scientist at RSA about his introduction to information security, including stints at Trend Micro, Damballa, and F-Secure before landing at RSA. Tophs describes a few trends he's seen adopted by malware authors as of late, including using commercial solutions as threat infrastructure. Tophs, Will, and Chris also briefly discuss breaches, the concept of "malware factories," and the dangers of attribution around Olympic Destroyer, the malware that hit the Olympic Games earlier this month. As always, you can listen and subscribe to our podcast via SoundCloud, iTunes, or Google Play to keep up with new episodes every month.
Highlights from this episode include:
- 02:18 - Tophs describes how he got his start in infosec
- 13:57 - Tophs on the origin of the term "watering hole attack"
- 16:01 - Tophs explains how malware is still able to excite him after all these years
- 17:16 - "What type of malware really impresses you?"
- 21:10 - How has the concept of the "malware factory" evolved over time?
- 27:41 - The difference between intent-drive breaches and opportunistic breaches
- 33:45 - Looking ahead to 2018 and 2019, will Equifax be the high water mark when it comes to breaches?
- 35:11 Will open source technology continue to be an attack vector?
- 40:00 - Tophs on Olympic Destroyer and the dangers of attribution
Intro/outro music: "Groovy Baby" by Jason Shaw, licensed under CC BY 3.0 US
Previously on the Digital Guardian Podcast
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business