ROMAD’s Genetic Sequencing of Malware Families Offers Unique Prevention and Detection Capabilities

Igor Volovich, the CEO and Co-Founder of ROMAD Cyber Systems talks about enabling genetic sequencing of entire malware families to deny cybercriminals the ability to exploit the inherent shortcomings of traditional security solutions.

Understanding the business of cybercrime is very important, said Volovich. It is necessary to understand the value chains of the criminals, and how their monetization happens in that space. This is something that the industry has consistently neglected, and we have only started to talk about them very recently. Law enforcement agencies have their eyes on the ball, but do not have the necessary tools.

Taking this approach and scaling it is a difficult thing for the industry – the industry has never tried to eradicate the malware problem. That’s exactly what ROMAD was created to solve. That is also how the concept of malware genetics was born. ROAMD scientists realized that they were able to repeatedly, consistently and reliably map the genetic profile of entire malware families, as opposed to individual viruses or strains.

At the basic level, malware genetics is based on the extraction of immutable characteristics – those behavioral traits that never change over time, within entire malware families. Once a malware family is genetically sequenced, all subsequent variants of that family that emerge in the wild can be detected and blocked in real time.

We deny cybercriminals the opportunity to monetize malware in the wild, while the industry struggles to catch up to their latest released strains. There are approximately 150 million new samples of malware per year, and even if we are moving at quantum computer speeds, the speed at which the bad guys generate malware and the volume is just too prohibitive.

As long as the industry stays reactive – and basically every solution out there is reactive or response-based – you will not make much of an impact. Malware genetics allows enterprises to be predictive, by denying the cyber criminals the opportunity to reuse same families to create never-ending streams of new virus strains that evade detection.

The expensive part for a malware creator is the creation of a new family. They have to spend money on research, months to figure out the exploits, and to weaponize and get them out there. Once you get the malware into the hands of the script kiddies, it becomes commercialized and commoditized, and that’s the easy part.

The criminals replicate malware at the rate of multiples per second, outrunning the security industry’s limited ability to keep up and respond. When you strip everything down, there are less than a hundred malware families that we track today, and they are responsible for those 150 million samples coming out each year.

If we attack the families, then all those derivative samples become completely completely obsolete and powerless to compromise. That is where we get the concept of virtual herd immunity. The more users take advantage of this evolutionary concept, the more disruption is meted out to the the criminal infrastructure.

IoT Applicability

ROMAD is highly applicable to IoT because of the ability to run for a long period of time – that sustainability factor that is totally lacking in most IoT solutions. Once the malware family is sequenced, the prevention and detection capability remains highly effective even in isolated industrial environments where traditional requirements for signature updates render legacy antivirus technologies obsolete in a matter of hours. When enterprises are forced to constantly manage, update and supervise. If you have to constantly manage, update and supervise your security solutions, even when they are not really solving anything, and are only giving you more information to look at – more events and alerts – it only leaves you with more questions than answers.

ROMAD’s technology relies on Malware Genetics and genetic sequencing of threats—once you single out a sequence, then all of its variants and subsequent derivatives become completely visible, detectable, and stoppable. There is hardly any need to manage a platform based on this type of technology, an almost “fire-and-forget” solution in a market where an average enterprise manages more than 50 individual security platforms. With very low bandwidth and no need to supervise updates, ROMAD’s technology can continue to provide a great deal of protection in autonomous and low-connectivity deployment scenarios.

Stuxnet-Type Attacks

Stuxnet is a very specific type of attack. It is a custom, bespoke attack that is widely believed to have been developed and deployed by nation-state actors, an intelligence community organizations who not only possess the charter and expertise to deliver this type of offensive cyber capability, but the virtually infinite resources of major sovereign states to bring it to fruition. Had they not been successful with disrupting Iranian nuclear capabilities with this cyberattack, there were other tools in the tool bag. The eventual result would have been similar, the same or even worse.

The cyberattack was perpetrated because it was possible. Stuxnet is not something that your average enterprise would be worried about. The complexity of the attack is not the question, it was a low-level attack, but it was very effective. The main thing is the holistic system, the available layers and how to protect it. The focus is on what you have in place to reliably protect your system from cyber threats that are common, very accessible, and easy to use and monetize.

The important thing to understand is that the commoditization of an attack vector is the overarching theme here. The attacks that we should be worried about are the ones with a large volume, which are increasingly easily available. Stuxnet doesn’t belong to that category, and to be honest, I would say that nobody could protect against a Stuxnet-type of attack. They would have found a way to get in, since no system is perfect. Worrying about Stuxnet-type attacks in an average enterprise, compared to the common ones, is counterproductive.

We must increase the work factor and the cost to the adversaries in order to tip the scales against them. That means attacking the commoditization of malware, accessibility and ease of use. Malware is now no longer limited to creative minds, but is accessible to just about anyone on Dark Web marketplaces. Most of them come with full instructions and incredible customer service.

When somebody purchases a piece of malware and it’s guaranteed to be undetectable for a week, the purchaser can go back if that fails and get a refund or new sample. They are very good at what they do.

When we think about how to tip the scales in a massive, global way, the question always comes down to who the perpetrators are. In most cases, so-called hackers are merely consumers of code created by the true hackers. Our proposal is to stop chasing after those consumers, but rather to deny them the ability to use those malicious codes that are so easily available. We could probably find the creators – the guys seating at the top of the food chain, but this remains very difficult, time-consuming, and hard to prosecute. Instead of playing “whack-a-mole” with an endless supply of cybercriminals, ROMAD proposes to disrupt the entire economic model upon which they rely to monetize their offensive tradecraft.

Real-World Outcomes

ROMAD researchers and developers have spent close to seven years in stealth mode inventing and perfecting the Malware Genetics™ technology. The firm has recently been awarded a US Patent for their innovative approach to malware detection and response, and is currently entering the US market. Since winning the Security Shark Tank event in Cupertino, CA in October, where ROMAD’s technology received high marks for innovation and vision by sixteen leading industry CISO’s, the firm has landed a number of pilot customers, with new ones coming on board as the technology is introduced to market. ROMAD is also planning to give their revolutionary technology out to the world to help make malware as we know it a thing of the past. ROMAD continues to work with enterprises to perfect their technology’s application in the fields of the Internet of Things (IoT), industrial automation, energy and vehicle security.



Igor Volovich is the CEO and Co-Founder of ROMAD Cyber Systems, an
innovative cybersecurity startup with a simple mission: to rid the world
of malware as we know it. ROMAD’s team of scientists and researchers have
developed a revolutionary approach to malware detection and response,
ushering in a new era of “malware disruption” using its patented Malware
GeneticsT technology. Instead of chasing after individual strains and
variants, ROMAD’s technology enables genetic sequencing of entire malware
families, denying cybercriminals the ability to exploit the inherent
shortcomings of traditional security solutions.

romad-logoAbout ROMAD Cyber Systems

ROMAD was built for one purpose: to eradicate the global malware epidemic. They set out to find a better way to deal with the root cause, rather than the mere symptoms of the problem. Their patented  Malware Genetics™ technology allows ROMAD-powered solutions to reliably and sustainably disrupt entire threat categories, instead of endlessly chasing after the latest variants
to sample and analyze. Their unique capability enables them to detect emerging
threats before they exist. Ahead of the threat. Before the compromise.
Turning 0-day into just an ordinary day. ROMAD makes it possible.