Cybersecurity Expert On Phishing, Cyber Hygiene, And Device Safety [Dev Talks #4]

Lyubomir Tulev, a cybercrime expert, shares valuable information about the types of malware and ways of dealing with them.
Cyber-Security-Dev-Talks

Let us introduce you to Lyubomir Tulev. He is a cybercrime expert who has been working internationally for more than 10 years on cybercrime investigations in countries like New Zealand, Russia and many others across Europe. In 2015 he was recognized by the Federal Bureau of Investigation (FBI) as one of the top 10 international cybercrime experts. He is in the private sector now and his work involves penetration testing, social engineering, consultancy and cyber forensics. He is also a trainer for Information Security Management course at SoftUni. Lyubomir shared more about his professional motivation as well as practical tips that will help you protect yourself and your devices from cyber attacks.

Helping And Protecting People Has Always Been His Driving Force

“The fact that I have been involved in the police structure for seven years means that I have been first inspired to help and protect people.”

After 7 years on the force, he decided move to the private sector in search of career growth. The inspiration behind this move was a friend. Lyubomir still helps people but his main focus is on companies in need of strengthening their cyber security.

Basic Measures Against Cyber Attacks

Cyber-Security-Hacker

“The Coronavirus pandemic has spread across the globe and the one positive thing about this is the opportunity to rediscover the methods of transformation of our digital lives. On the other side, it possesses many obstacles coming from the hackers.”, says Lyubomir.

He explains that now, when people are spending more time at their homes working remotely, hackers are more likely to attack their devices and business. In order to protect from potential cyber attacks, people have to take basic measures like:

  • Securing the Wi-Fi connection and monitoring the connected devices;
  • Using VPN to access business infrastructure;
  • Securing the endpoint device – laptops, tablets, mobile phones;
  • Being aware of phishing emails and other possible cyber attacks.

“In cyber security, there is a saying that the employees are actually the weakest possible link in the security chain within an organization. I don’t really think so. My idea is that we have to look at the emloyees as a firewall.”, says Lyubomir

According to him, raising awareness among employees about cyber security is important for business because if they are well educated on the topic, they can become a ‘human firewall‘ that protects the company from within.

How To Recognize A Phishing Email

“Usually, the phishing emails are giving a sense of urgency. This is because hackers do not want you to have enough time to think about it carefully.”

He explains that there are three types of phishing emails depending on their content:

  • With attachments;
  • With a phish link;
  • With a text that requires you to send valuable information.
Cyber-Security-Email

“Usually, the phishing emails are giving a sense of urgency. This is because hackers do not want you to have enough time to think about it carefully.”

He explains that there are three types of phishing emails depending on their content:

  • With attachments;
  • With a phish link;
  • With a text that requires you to send valuable information.

If you receive an email with an attachment, Tulev advises to download it, check it with some publicly available software for virus scanning, and then finally open it.

If there is a link that you are instructed to follow, do not click on it, instead hover the mouse over it. In the bottom left corner of the browser you will see the address this link will take you, and compare if the destination matches the one stated in the email.

The last possible scenario is receiving a malicious email with just text. In this case, open the email header and check – if you reply, does it go back to the same address it says it came from? If there is a third party listed there, this email is probably phishing.

Common Types Of Cyber Attacks

“If we are talking about businesses, the most common cyber attack is the ransomware. It is vast majority of cases that we are dealing with.”, shares Lyubomir.

The ransomware encrypts all available files on the attacked device. The hacker then wants a certain amount of money to decrypt the files. However, there is no guarantee that they will do it after you pay the ransom. This is why having a backup stored remotely is so important.

Cyber-Security-Password

He adds that, “Other cyber attacks that happen to businesses and people are usually related to their credentials. Be very careful with your passwords. They are an object of many types of attacks like credential harvesting, password spraying, and brute forcing.

We, as cyber security professionals, always have to think about three elements of the information: confidentiality, integrity, availability.”

Lyubomir further explains what this means:

  • Confidentiality – to protect the data at any stage, make a remote backup, and set up access control;
  • Integrity – to not let a hacker modify the information and to protect the backend to avoid SQL injections;
  • Availability – to make sure the data is available when needed and use cloud storage.

To Be Aware Is To Be Protected

Lyubomir stresses: “Be aware what the attackers may use in order to take advantage of you. Train your people and yourself on what attack vectors are and how to recognize them in order to protect yourselves better.”

He adds that there are more examples of social engineering attack vectors like USB flash drives, smishing (SMS), and vishing (voice-using frauds).

How To Become A Cybersecurity Expert

Lyubomir has some advice for everyone interested in becoming a cybersecurity specialist: “When you put a lot of effort to improve yourself in one specific field of cyber security, you will become an expert only in this field, not in the cyber security generally. If you want to become an expert on cyber security you have to put a lot of effort in different fields like cyber forensics, penetration testing and consultancy.”.

“Businesses are now thinking more and more about digitalizing. This means that they will need the consultancy of cyber security experts. So, yes, I definitely foresee that the demand of cyber securty professionals will grow in the next couple of years.”, says Lyubomir.

Leave a Comment

Recent Posts

About SoftUni

SoftUni provides high-quality education, profession and job to people who want to learn coding.

The SoftUni Global “Learn to Code” Community supports learners with free learning resources, mentorship and community help.

Tags

Categories