Lëtz Talk about Cyber with Paul Rascagnères

Threat Researcher at Kaspersky GReAt, writer, former teacher at the University of Luxembourg & 3D-printing artist

  • 31 Mar, 2021

Lëtz Talk about Cyber with Paul Rascagnères

Threat Researcher at Kaspersky GReAt, writer, former teacher at the University of Luxembourg & 3D-printing artist

Mixing science, teamwork & creativity to find the way through the jungle of all the complex issues.

Paul Rascagnères has recently joined the Kaspersky Global Research & Analysis Team (GReAT). When introducing its daily work, Paul Rascagnères describes it in two parts:

  • Hunting, in his own words “understanding how the bad guys are doing their job”,
  • Once something is found (i.e. a 0 day or an unknown malware used by a threat actor), his job consists in analysing, understanding and documenting it in order to notify the community.

Career start

Paul Rascagnères’s first job in cybersecurity was in Luxembourg, where he worked on the Turla group (the advanced persistent Russian threat group). “Starting with Turla is like learning how to ski on a black slope…”, he recalls. “We were the first ones to publish a public report. It was an interesting experience, since I learned a lot in a short amount of time.”

An award later…

Later on in his career, as part of the Cisco Tallos’ team, Paul Rascagnères received the Péter Ször award given by the VirusBulletin conference in 2019, for their Sea Turtle publication.

Paul Rascagnères recalls: “It wasn’t a technical topic, but the scale was insane. We discovered a threat actor that targeted Registrar, Registry over the Internet (the entity that manages the domain names servers and top-level DNS). The threat actor was able to manipulate the domain names of really important entities such as governments or companies. It was the first time we saw such an aggressive actor that was not targeting its victim directly but the entity that manages the DNS of an entire country. It’s one of the reasons why our research team was selected and nominated.”

However, Paul Rascagnères warns “These bad guys are playing with fire. Playing with DNS at this level, if they fail, they can switch off the Internet of an entire country. Luckily, they are good enough on operations so they didn’t commit any huge mistake.”

Paul Rascagnères and his team’s research, with the help of the US government, led to reactions as the threat actor stopped. “We are not so sure whether they stopped or changed their way of operating so that our way to hunt them became inefficient”, Paul Rascagnères said. “However, we generated a cost for them since they had to change something in the way they proceed and we notified entities.”

The Researchers’ community

“Across the world there are thousands of threat researchers and we all know each other – even if we never meet physically. I really like this part of our sector, being able to share knowledge with competitors.” Despite the race to publish, Paul Rascagnères mentions the good cooperation that exists between researchers. “We trust each other”, he says.

To Paul Rascagnères, conferences play an important role to build trust between people as many projects or problem-solving tricks are discussed informally during such events. “Even if you know researchers, meeting them in person makes things smoother as you create links. I work for years with people; we meet at conferences and things become way easier afterwards. We are humans after all. We need to meet people and be in the same room to work efficiently. He adds that local gatherings are important for young people, the local community and the local economy.

Writer of 3 books

Paul Rascagnères has written 3 books about malware analysis. “Each time I write a book, I tell myself, ‘it’s the last time, never again’. And…it’s the third edition”, he jokes.

Although all three books deal with the same subject, each new edition includes the developments in the field as well as the new tools, methods and operating systems.

How does the future of cybersecurity look like?

Paul Rascagnères insists on the fact that it takes time to set up a whole process to arrest criminals. And each case is getting more complex than the previous one. “In the future, we will have a lot of work. As a crime point of view, I’m a little more optimistic. I hope that law enforcement and pressure between governments will work. From a pure espionage point of view, I’m less optimistic. If you take the latest Exchange vulnerability, one vulnerability was used by at least 10 different threat actors at one time…”, he comments.

Is there any relationship between cybersecurity & creativity?

According to the researcher, 3D-printing brings reality into his virtual world. “With 3D-printing, I got the feeling of creating something. At the end, I got an object”, he explains. “I had the feeling that I spent my life working on something that does not exist. When my kids ask me what my work is, I cannot really explain it, unless I show them my terminal… If I show them a 3D-printing, they think it is really cool. Plus, I can fix a lot of things in my house”, he continues.

Beyond creativity, bringing together profiles with different backgrounds makes a strong team

“When I was in Luxembourg, I worked with someone that had a PhD, whereas I don’t have any diploma. So, 2 opposite profiles in the same room”, the researcher explains. “When we had to solve an issue, my teammate would rather have a complex mathematical approach while I would have a more pragmatic approach. Having these 2 profiles in the team was great because at the end we got a great solution from 2 different backgrounds.”

Watch the full Interview: