Information Security and the Role of Cybersecurity Researchers

The growth of technology companies (e.g., Amazon, Google and Yahoo), combined with an increase in cybersecurity threats such as the WannaCry and Petya ransomware attacks, has led to greater demand for security researchers.

A highly specialized branch of the information security industry, security research involves

• parsing and analyzing log data
• building and hardening operating systems and networks
• disassembling, analyzing and reporting on malware used to exploit application and system vulnerabilities.

In the case of the WannaCry virus, for example, security experts were able to examine the ransomware’s functions and analyze how it exploited known vulnerabilities in Microsoft Windows to execute attacks. They gained insight into

• the virus’s structure
• the methods it uses to encrypt files
• the way in which it communicates and replicates itself

Using this unique “fingerprint”, researchers were then able to trace the malicious software to the Shadow Brokers hacker group.

Specializing in areas such as reverse engineering or network forensics, security researchers track hackers according to the methods they deploy. They also

• share threat intelligence
• help law enforcement apprehend cybercriminals
• develop behaviour profiles to aid security analysts and incident responders

Security vendors and law enforcement share security researchers’ findings to help detect ransomware and other nefarious activities before they reach computer systems. Powerful antivirus (AV) software programs such as BitDefender, Trend Micro and AVG rely on threat intelligence for up-to-date virus definitions to detect cyberthreats. In other words, sharing threat information is crucial in immunizing systems against known and suspected ransomware attacks before they can cause lasting damage.

If your virus definitions are up to date and your computer protected, it’s likely because of the tireless work of security researchers.