Skip to content

Tag Archives: software

Cybernews from the dark side – June 4, 2014.

True to my word, herewith, the second installment of my new weekly (or so) series, ‘dark news from the cyber-side’, or something like that…

Today the main topic will be about the security of critical infrastructure; in particular, about the problems and dangers to be on the watch for regarding it. Things like attacks on manufacturing & nuclear installations, transportation, power grid and other industrial control systems (ICS).

Actually, it’s not quite ‘news’ here, just kinda news – from last week: fortunately critical infrastructure security issues don’t crop up on a weekly basis – at least, not the really juicy bits worthy of a mention. But then, the reason for that is that probably that most issues are kept secret (understandable, but worrying all the same) or simply no one is aware of them (attacks can be carried out on the quiet – even more worrying).

So, below, a collection of curious facts to demonstrate the current situation and trends as regards critical infrastructure security issues, and pointers to what needs to be done in face of the corresponding threats.

Turns out there are plenty of reasons to be bowled over by critical infrastructure issues…

If ICS is connected to the Internet, it comes with an almost 100% guarantee of its being hacked on the first day

The motto of engineers who make and install ICS  is ‘ensure stable, constant operation, and leave the heck alone!’ So if a vulnerability in the controller is found through which a hacker can seize control of the system, or the system is connected to the Internet, or the password is actually, really, seriously… 12345678 – they don’t care! They only care about the system still running constantly and smoothly and at the same temperature!

After all, patching or some other interference can and does cause systems to stop working for a time, and this is just anathema to ICS engineers. Yep, that’s still today just the way it is with critical infrastructure – no seeing the gray between the black and the white. Or is it having heads firmly stuck in the sand?

In September last year we set up a honeypot, which we connected to the Internet and pretended was an industrial system on duty. The result? In one month it was successfully breached 422 times, and several times the cyber-baddies got as far as the Programmable Logical Controllers (PLC) inside, with one bright spark even reprogramming them (like Stuxnet). What our honeypot experiment showed was that if ICS is connected to the Internet, that comes with an almost 100% guarantee of its being hacked on the first day. And what can be done with hacked ICS… yes, it’s fairly OMG. Like a Hollywood action movie script. And ICS comes in many different shapes and sizes. For example, the following:

Nuclear malware

Read on: absence of light will only be the result of burned out bulbs and nothing else…

All Mouth, No Trouser.

“All animals are equal, but some are more equal than others.” Thus spake Napoleon, the head-hog in Orwell’s dystopian classic.

The genius of this phrase lies in its universality – a small addition turns the truth inside out. Alas, this witty paradox [sic.] is met not only in farmer-revolutionary sagas, but also in such (seemingly very distant) themes as – and you won’t believe this – antivirus tests! Thus, “All published AV-test results are equal, but some are more equal than others.” Indeed, after crafty marketing folk have applied their magic and “processed” the results of third-party comparative AV tests, the final product – test results as published by certain AV companies – can hardly be described as equal in value: they get distorted so much that nothing of true value can be learned from them.

Let’s take an imaginary antivirus company – one that hardly distinguishes itself from its competitors with outstanding technological prowess or quality of protection, but which has ambitions of global proportions and a super-duper sales plan to fulfill them. So, what’s it gonna first do to get nearer its plan for global domination? Improve its antivirus engine, expand its antivirus database, and/or turbo charge its quality and speed of detection? No, no, no. That takes faaaar too much time. And costs faaaar too much money. Well, that is – when you’re in the Premiership of antivirus (getting up to the First Division ain’t that hard). But the nearer the top you get in the Champions League in terms of protection, the more dough is needed to secure every extra hundredth of a real percent of detection, and the more brains it requires.

It’s much cheaper and quicker to take another route – not the technological one, but a marketing one. Thus, insufficient technological mastery and quality of antivirus detection often gets compensated by a cunning informational strategy.

But how?

Indirectly; that’s how…

Now, what’s the best way to evaluate the quality of the protection technologies of an antivirus product? Of course it’s through independent, objective opinion by third parties. Analysts, clients and partners give good input, but their impartiality naturally can’t be guaranteed. Comparative tests conducted by independent, specialized testing labs are where the real deal’s at. However, testers are peculiar beasts: they concentrate purely on their narrow trade – that’ll be testing – which is good, as testing done well – i.e., properly and accurately – is no easy task. But their results can often come across as… slightly dull, and could do with a bit of jazzing up. Which is where testing marketing done by those who order the testing kicks in: cunning manipulation of objective test results – to make the dirty-faced appear as angels, and/or the top-notchers appear as also-rans. It all becomes reminiscent of the ancient Eastern parable about the blind men and the elephant. Only in this case the marketing folk – with perfect eyesight – “perceive” the results deliberately biasedly. The blind men couldn’t help their misperceptions.

blind people and elephant

More: Nine tricks to put the wool over your eyes…

Kaspersky Lab Developing Its Own Operating System? We Confirm the Rumors, and End the Speculation!

Today I’d like to talk about a not-so-glamorous future of mass cyber-attacks on critically important installations. We are working on developing technologies for a secure operating system aimed at protecting precisely these same critical IT systems. Quite a few rumors about this project have appeared already on the Internet, so I guess it’s time to lift the curtain (a little) on our secret project and let you know (a bit) about what’s really going on …

More: Kaspersky Lab Developing Its Own Operating System? We Confirm the Rumors, and End the Speculation!. . .

Is Microsoft Planning to Take Over the Security Market with Its New Windows 8 Features? – Alexey Polyakov in the Spotlight

Windows 8 is coming! In line with its tendency to introduce high-profile security features in each new version of its operating system, Microsoft is unleashing some pretty interesting new protection technologies with its next OS release.Let’s see what one of the key people behind the new Windows 8 security framework can tell us about what to expect from Windows 8 from the security standpoint, and how this might change the security market …

More: Is Microsoft Planning to Take Over the Security Market with Its New Windows 8 Features? – Alexey Polyakov in the Spotlight. . .

Number of the Month: 70K per Day.

One of the most frequently asked questions we get is: “How many viruses do you find every day?”. I thought that the answer was the much bandied about figure that we’ve had for a while – 35,000 viruses a day. But since for several months now the answer to this question has normally been followed up by further enquiries seeking clarifications, as it is thought that this figure is too small, we decided to get to the bottom of this once and for all. We got down to some sums and, well, were rather astonished at what we discovered. The result necessitated an update: 70,000 daily …

More: Number of the Month: 70K per Day.. . .

The Holy Grail of AV Testing, and Why It Will Never Be Found

My recent post on AV performance test caused more than a bit of a stir. But that stir was not so much on the blog but in and around the anti-malware industry. In short, it worked – since the facts of the matter are now out in the open and being actively discussed. But that’s not all: let’s hope it won’t just stimulate discussion, but also bring the much-needed change in the way AV tests are done, which is years overdue, and is also what I’ve been “campaigning” for for years. So, how should AV be tested? …

More: The Holy Grail of AV Testing, and Why It Will Never Be Found. . .

V8, or, If the Road Is Long and Hard, the Journey’s Normally Worth It

I’ve a superstitious belief. If a journey isn’t easy (starting with getting a visa at the consulate, if necessary) and various hindrances arise all along it – it normally means that what goes on at the destination at the end of the journey is mega-worthwhile and effective. And that, gladly, is how things turned out this time too.

More: V8, or, If the Road Is Long and Hard, the Journey’s Normally Worth It. . .

Benchmarking Without Weightings: Like a Burger Without a Bun.

With the help of my colleagues I’ve been slowly but surely getting up and running a series of posts about key technologies – to introduce them to the public, judge the reaction, and then gather ideas. But besides singing the praises here, I’d also like to give you my opinions on comparative tests – those that inform the public how efficient these technologies are. Alas, there are not that many tests I trust and can recommend …

More: Benchmarking Without Weightings: Like a Burger Without a Bun.. . .

Features You’d Normally Never Hear About – Part Two.

We continue to bring to light different tasty technological morsels from the lesser known nooks and crannies of our products. Today we’ll get into the nitty-gritty of a thing we call Safe Run. So, what’s the nature of this beast? And does it come with rice or French fries? Maybe couscous? …

More: Features You’d Normally Never Hear About – Part Two.. . .

Features You’d Normally Never Hear About.

For different reasons, announcements of new products often never go into the finer details of those products, and leave out info on the slightly less significant though still immensely useful features that go towards making a product complete. However, thanks to our press releases and press conferences, we get the chance to delve into the tasty, lesser-known, more introverted features that might normally pass you by. First up out of these small but irreplaceable vita-features is System Watcher, whose main function is monitoring applications’ activity on a computer…

More: Features You’d Normally Never Hear About.. . .