«Cyber intelligence is a chance to help people who are not as aware of the dangers»
On the eve of CyberCrimeCon, Daniel Molina and Tarek Kuzbary have kindly agreed to answer our questions
Our international team is growing! We are delighted to announce that Daniel Molina and Tarek Kuzbari have joined Group-IB for international activities. In their new roles, they will be responsible for the expansion of Group-IB's products and solutions into international markets, regional channel development and brand enhancement.

Both of them will be attending our annual conference CyberCrimeCon/17 on October 10. The event will bring together leading threat researchers and top executives from around the world to discuss the latest cybercrime trends and advanced technologies for proactive cyber defence, as well as best practices of incident response and investigation.

On the eve of CyberCrimeCon, Daniel and Tarek have kindly agreed to answer our questions.
Daniel Molina
Managing Director LATAM/NA
Daniel Molina is an internationally recognized information security expert and evangelist. He is the co-author of "Blackhatonomics: An Inside Look at the Economics of Cybercrime".
Daniel was born on December 19, 1968. He studied Political Science and Psychology at the University of Southern California and Economics at the University of Texas, Arlington.
Daniel was formerly Director of Advanced Solutions at McAfee. He also spent several years as a Principal Systems Architect for Q1 Labs, Channel Sales Director for Latin America and the Caribbean at Kaspersky Lab, and as an Enterprise Consultant with Entex Information Services overseeing infrastructure and Y2K project implementations for companies such as GTE, Nextel and The Coca-Cola Company.
Tarek Kuzbari
Managing Director MEA & South Asia
Tarek Kuzbari was born on October 13, 1982. He holds an MBA from London Business School (LBS) and B.Eng in Computer engineering from the University of Jordan.
Tarek served as Managing Director Middle East, Africa & Turkey at Saba Software (USA) and Managing Director at Kaspersky Lab Middle East and Turkey.
Mr. Kuzbari has been selected as Top '30 under 30' Power List by Gulf Business Magazine. He has also been ranked among 'The Top 25 Most Powerful Executives in the Middle East" by Arabian Computer News and 'Top Executive in the Security Industry in the Middle East' by Network Middle East.
How did it start your career in cyber security? What attracted you to this field and what do you like most about it? What accomplishments are you most proud of?
Tarek Kuzbari: I still remember one night in 1992, my father prohibited me from playing games on PC for 12 months. He has discovered that with my reckless PC usage the device was infected with a malware called Michelangelo. That was a big deal for me. And from that day, viruses were my biggest enemy. As a result, I got a computer engineering degree, and I focused on the technology field. Frankly speaking, I was more inclined to business within technology than the technical part. So, I have started within System Integration company in a business development role focusing on introducing cyber security solution to the region. After a couple of years, we partnered with Kaspersky Lab to sell their products and services. Within 12 months, Kaspersky Lab headhunted me to join them and build their Middle East operations from scratch. That was a big success.

During my career, I have been exposed to many fields, but still, cyber security is my favorite, the reason is that most of the people in this area tend to be smart, active, and want to make a difference in the world.

As for accomplishments, I believe it was getting an MBA from London Business School while working and having a child. It was one of the most challenging time I had. Even though the industry has recognized me with many awards during my job such as: Selected as Top '30 under 30' Power List by Gulf Business Magazine Ranked among 'The Top 25 Most Powerful Executives in the Middle East" by Arabian Computer News. Ranked among 'Top Executive in the Security Industry in the Middle East' by Network Middle East
Daniel Molina: My career in cyber security started almost by coincidence. In 1999, while consulting for a client in Atlanta, after a vendor meeting with people from Internet Security Systems (ISS), they approached me about joining their team. At that time I barely knew what a firewall was, much less the intricacies of the deep web.

What attracted me to the opportunity was the chance to truly help customers. This was the beginning of recommence, and customers were scared about embarking on this new endeavor.

To this day, that continues to motivate me. I ask myself daily "What am I doing today to make it a better world for everyone with whom interact?" Cyber intelligence is a chance to help people who are not as aware of the dangers. By evangelizing the possible dangers and the way we help, we help them make batter decisions and faster decisions.

After my daughter, my proudest accomplishment is having co-authored a book on the econometrics of CyberCrime, "Blackhatonomics" ( which you can find on Amazon or iBooks, by the way ;)
Tell us about your region. What are the major cyber threats actually facing the region? What are the key targets of cyberattacks? Are there any local hacker groups? Could you give us a couple of examples of high-profile cases?
Т. K.: Half of the world's population growth is likely to occur in this region by 2024. It has countries with the highest income per capita such as Qatar with US $ 130,000 as well as the poorest countries such as Somalia with US $ 400 income per capita. And by 2022 we expect to have the world cup in this region.

From a cyber security point of view, it's a very active region, with lots of high-profile attacks. I would recall the first time when I have managed to help undercover the Stuxnet malware with lots of insights during the process; this was the first target attack known in the region with much more to follow it. Most of the attacks are politically driven than financially. And not to forget that a recent hack on TV has sparked the middle east's diplomatic crises between Qatar and other GCC countries that were about to start a war in the region.

Some of the well-known groups would include the Syrian Electronic Army, Gaza Hacker Team, Moonlight group and others.
D. М: Having the privilege to cover the americas for Group IB is a great treat. But also a fun challenge. There are 47 countries in the region, and they each have their peculiarities and intricacies.

The challenges in the US market at this point are more political than technical. Being a very connected country in the urban areas, it also makes it a prime target from a global perspective. Massive banking infrastructure and a relatively formalized economy is balanced with a lot of ignorance and misplaced trust.

Brazil, on the other hand, has a different culture and set of challenges, since it has a separate language, separate tax philosophy and deep digital penetration. In Brazil, generally we say that "Carioca ataca a Carioca" meaning that there are very well developed cyber-criminals that focus on the highly developed online banking and e-commerce infrastructure that exists there.

Moving on to Mexico, there we have a great informal economy that is still driven by cash, and where people don't generally trust online transactions.

As you can see, there isn't one single answer for the Americas, or even for Latin America.
You have recently joined our team, which means you can take a fresh, unbiased look at our processes. What advantages, in your opinion, does Group-IB have over its competitors, and what needs improvement?
Т. K.: With just one month on board, it is still early to provide feedback on processes, but what I have observed so far is passion, willingness to change, and the desire of the company to be the market leader in its segment. And with such a spirit I do believe we can achieve miracles. What I can say so far is that I first came to know about Group IB in 2012 and I did an analysis on the company, and now I say a huge change and improvement on how the company was and how it's evolving.
D.M : Group IB is a small, dedicated team of professionals that are focused on solving customer problems by shining a light on the darkest parts of the internet, and helping the customers understand what is happening outside of their four walls that impacts them. By providing them with intelligence of what is happening, we help them better prepare for attacks.
Which of the Group-IB's products will be most in demand (or are already in demand) in your region? Who are our major competitors locally? Does Group-IB already have large clients there (banks, government organizations)?
Т. K. : The region I am responsible for is very diverse in nature and development stage. As a result, there is no one favorite product over other. I do see a potential of most of our products, all that we need to do is to position it right, address the right audience and use the proper channel to reach the prospect in need of these solutions.

As for competition, major players are here; some are local vendors other are multinationals, with local offices, large operations as well as big budgets. But I am very optimistic, with our technologies, flexibilities and start-up teamwork spirit, there is a high potential for us to penetrate the market and be able to be market leaders in our segments within the next couple of years.

For large clients, Group-IB has managed to do couple projects in the region. Some related to Threat Intelligence, others related to penetration testing. But we need to add more new logos to our portfolio and make a difference in the region.
D. М : Threat Intelligence and Anti-Fraud are the two key battle horses we are pushing in the region.

Based in part on a "Blue Ocean" strategy, we are focusing on what is not currently covered by the competition. This provides us better opportunities to help customers with innovative solutions they had not previously considered or tried.

The market is also moving quickly to demand digital brand protection, and Group-IB's offering here is superior to what we have seen out in the market.
https://2017.group-ib.com/What made the recent WannyCry and NotPetya ransomware attacks so successful is that the hackers used new distribution methods and powerful NSA hacking tools, which the world was not ready for. This topic will be discussed at our conference CyberCrimeCon on October 10 and covered by Group-IB's annual Cybercrime Trends Report. In the meantime, we would be happy to hear your forecast: what cybersecurity challenges will governments and businesses face in the near future?
Т. K. : The recent WannaCry has proved that we still have more challenges than what we have thought before. It showed that organization with high capabilities and sophisticated protection capabilities were victims of this malware, mainly because of misconfigured endpoint protection. It revealed that the attacking tactics are changing, and now we see more focus on the threat of publishing confidential information than other methods. Also, it proved that paying the ransom will not guarantee that you will get your data back. As a result, security specialist and Organization need to work more closely than before.

Governments, within the last three years, have increased their investment in building offensive capabilities tremendously. As a result, I do expect to see more tools, such as NSA tools, being developed and improved. These tools still have a high probability to leak out, and this would put individuals and organization at greater risk than what did we see.
D. М : Interestingly enough, WannaCry 2, which was released on May 12, in my opinion was a lucky break for the attackers. The same attack was seen in February, but has extremely limited impact. However, when married with EternalBlue, the impact was amplified logarithmically. A lucky "copy / paste" job by a lucky threat actor.

While rudimentary, the fact that there was an available patch for almost 58! Days highlights the fact that most entities are ill prepared to tackle today's cyber security challenges.

We have a long way to go in security, but I believe that implementing threat intelligence will truly help customers to guide their limited resources to focus on what truly matters.

I see it similar to how armies around the world leverage intelligence to focus their special forces to have the most impact. The correct intelligence, in the correct hands at the correct time makes all the difference to being able to properly defend.