Security Experts

On the Frontline in the War Against Cybercrime

For the security professionals on the Norton STAR team, it’s a perpetual game of cat and mouse

Today’s cybercriminals are out to inflict real harm. They can be hired guns working for dishonest commercial entities to break into competitors’ records, or international crime rings that operate by stealing valuable data like credit card numbers and email passwords.

Ransomware, a type of malware that encrypts computer data and holds it hostage until a fee is paid, is also playing a greater role in the cybercriminal’s playbook. This is the next generation of malware, and alarmingly, it’s getting smarter.

With more and more players getting into this lucrative game, and developing increasingly sophisticated ways to break into computer systems, you need an army of cybersecurity pros, whose sole purpose is to stay one step ahead of the fast-moving threat landscape.

Some protect the digital world; others exploit it

Internet security is a cat-and-mouse game with malware writers and cybercriminals on one side, and security firms on the other. And it’s a game of ever-increasing sophistication.

The mouse has become much more dangerous; he is faster, smarter and more agile. His motivations have evolved too, from hacking into systems to gain notoriety and praise to silently and anonymously stealing information for financial gain or even worse.

The seasoned team of security experts in the Norton Security Technology and Response (STAR) team is battling at the forefront of this dangerous and complex cat-and-mouse game in an effort to stay a move or two ahead of the world’s most sophisticated Internet criminals.

“Viruses don’t sleep, and neither do we”

At STAR, the technology hub for Norton products, leading security experts join forces with highly skilled engineers in an effort to get ahead of attackers by analyzing trends and building the technology to combat them.

“In this sense, they have to be smarter than the best of the attackers,” says Jordan Blake, Senior Product Manager for Norton Security.

Top-talent and high-energy, the security experts in STAR are constantly pushing the boundaries with new technology to achieve the best detection, best performance, and best user experience in the marketplace.

STAR, made up of 550 security engineers, virus hunters, threat analysts and researchers, is one of the largest civilian teams of security experts in the world. With nine response centers strategically located throughout the world, the STAR team operates a follow-the-sun-model to deliver around-the-clock protection to the tens of millions of Norton customers, 365 days a year.

“We have response centers in different parts of the world,” explains Hon Lau, Senior Security Response Manager at the Security Response Centre in Dublin, “so that experts in different time zones are always available to jump on important threats. We then hand them off to each other like relay runners.

“This means that at least one of our centers is always active and monitoring malware and cybercriminal activity on behalf of our customers. Viruses don’t sleep, and neither do we,” he adds.

As the most sophisticated and talented organization of its kind, the Norton STAR team keeps a finger on the pulse of the Internet security threat landscape. In addition to driving much of the Norton security protection capabilities, the STAR team is regularly fighting at the forefront of investigations into well-known cyberattack campaigns.

Stuxnet: A new, real-world era in warfare

One such cyberattack involved the Stuxnet virus, which security experts at STAR spent many months dissecting and studying in great detail to discover its true purpose. Stuxnet was a computer worm, but it was designed to target Iran’s nuclear plant in Natanz, and its devastating impact sent tremors around the computer world.

The highly sophisticated virus, which entered the country's nuclear industry system by spreading from computer to computer using a series of previously unknown software vulnerabilities, caused centrifuges used in uranium enrichment to spin out of control.

Unlike the millions of worms and viruses that turn up on the Internet every year, this one was not trying to steal passwords, identities or money. Stuxnet showed, for the first time, that a cyberattack could cause significant physical damage to a facility. It was the first computer virus designed specifically to cause damage in the real world, as opposed to the virtual. A new era of warfare had begun.

The STAR team also regularly assists the FBI and law enforcement agencies in major operations against botnets such as Ramnit and Gameover ZeuS.

Ramnit is a worm that spreads through removable drives. The worm also functions as a back door allowing a remote attacker to access the compromised computer.

Working with intelligence analysts from STAR, the FBI seized a large amount of infrastructure owned by the cybercrime network behind the financial fraud Trojan Gameover ZeuS, which attackers used to intercept thousands of victims’ online banking sessions.

Staying one step ahead of cybercriminals

Malware increased 26 percent in 2014. In fact, there were more than 317 million new pieces of malware created in 2014, alone.

“We are seeing one million new threats around the globe per day,” says Kevin Haley, Director of Product Management of the Norton STAR team.

“As cybercriminals up their game with more advanced technology and tricks, it may seem like attackers are overwhelming us at every angle, but as the bad guys persist and evolve, so do we.”

In the latest iteration of this game comes the CryptoLocker ransomware. This one is just about as bad as it gets. Why? Because it encrypts your files and makes them useless.

Ransomware attacks, or holding encrypted files for ransom, are not entirely new, but getting the ransom paid was previously problematic for the crooks, who always find ways to up the ante.

With the expansion of electronic payment systems such as Bitcoin, ransomware makers have found convenient and anonymous avenues for the payment of their reward.

Just days after the FBI and international law enforcement agencies teamed up to kill CryptoLocker, which had infected over 300,000 computers, another pernicious program, Cryptowall, popped up and began spreading rapidly.

So it seems the bad guys are constantly adapting to carry on their malicious activity, regardless. “The nature of computer-based security is that it’s always going to be a chase game. The cybercriminals looking to exploit systems are writing new viruses all the time to penetrate our defenses. Conversely, our STAR team is working tirelessly to create defenses against new viruses,” concludes Haley.

For the army of cybersecurity experts on the frontline at STAR, they are ready to deploy at any moment for any security threat. It will always be a game of escalation, with new threats being blocked as they emerge, while the cybercriminals work out ever more complex ways around detection and blocking strategies. But STAR will always be there, surveying the threat landscape to keep us safe.

Heritage & Reputation

We have an extensive security history and our pioneering spirit continues today. Our digital world is constantly changing, so at Norton we never rest. We’ve protected our customers and their data for 25 years — and we’re going to keep doing just that.

Service & Support

With a team of over 1,700 customer care experts dotted around the globe, Norton ensures easily accessible support no matter your location. In fact, we’re so confident in our award-winning protection and quality support services that we offer a money-back guarantee. 

Technology Leadership

Over the last 25 years, we’ve built a rich and widespread intelligence network, constantly gathering data on threats from over 40 million endpoints in over 150 countries. That data is what drives our protection, enabling it to stop even emerging threats that nobody’s ever seen before.


Follow us for all the latest news, tips and updates.