In our series "Interview with a malware hunter," our feature role today goes to Jérôme Segura, Malwarebytes’ Head of Threat Intelligence and world-renowned exploit kits researcher. The goal of this series is to introduce our readers to our malware intelligence crew by involving them in these Q&A sessions. So, let’s get started.
Where are you from, and where do you live now?I was born and raised in France. After graduating from university, I moved over to North America, where I currently reside.
You are most famous for your exploit kit research. How did you get involved in that field?I think I first got into exploit kits around 2007. I was working for a small company, and my job was to find new malware samples. I recall learning about drive-by downloads and reading an important book: Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz.
After reading this book, I wrote a very basic prototype for a honeypot that would capture payloads from drive-by attacks.
This is also around the same time that I discovered the Fiddler web debugger tool that I have used on almost a daily basis ever since.
Are there any other fields that have your special interest?Over the years, I've been curious about different fields that have come up, mostly by chance. For example, when I first started working remotely, I once received a phone call from tech support scammers. While I could have forgotten about it, it made an impression on me, so much so that it led to writing more than 30 blog posts on the topic and working with the FTC to shut down a multi million-dollar operation in the US.
Did you major in computer sciences? Or did you switch to cybersecurity later?I graduated with a Masters in Information Systems, which at the time was not specific to computer science (by the way, I got my first computer at 18 years of age), but also included law, economics, and even things like accounting. Cybersecurity came up much later.
How long have you been a security researcher?
I've done malware research for about 12 years.
How did you end up working for Malwarebytes?After working for the same company for a number of years, I found myself needing a new opportunity. Even though social media sites were not as big then, it was via Twitter message from long time malwarenaut Mieke [Malwarebytes Director of Research] that I got here.
What’s the most interesting/impactful discovery you’ve made as a researcher?That's tough to say. There is work that I've done that was really interesting and that I devoted a lot of time to, but perhaps didn't have as much of an impact or didn't get published.
What’s the biggest cybersecurity “fail” you’ve witnessed?There are a lot of fails happening every day, but I think what struck me most was to see poor security practices in person. For example, seeing computers at the hospital left unlocked, running outdated software. The same ones where doctors store your personal and health records.
At the same time, I understand that lack of awareness or small budgets are some of the reasons why this is happening, and individual people aren't always to blame.
Can you give us an impression of what a typical workday looks like for you?The interesting thing about our job is that there is an unexpected element to it which reflects heavily on the day's schedule. You could be reviewing logs or responding to emails when something comes up and needs your immediate attention.
Otherwise, a lot of the job consists of checking on various indicators to get a sense of what's going on and then digging deeper when something seems new.