Around four years ago cybersecurity became a pawn used in geopolitical games of chess. Politicians of all stripes and nationalities wag fingers at and blame each other for hostile cyber-espionage operations, while at the same time – with the irony seemingly lost on them – bigging-up their own countries’ cyber weapons tools that are also used in offensive operations. And caught in the crossfire of geopolitical shenanigans are independent cybersecurity companies, who have the ability and gall guts to uncover all this very dangerous tomfoolery.

But, why? It’s all very simple…

First, ‘cyber’ is still really quite the cool/romantic/sci-fi/Hollywood/glamorous term it appears to have always been since its inception. It also sells – including newspapers online newspaper subscriptions. It’s popular – including to politicians: it’s a handy distraction – given its coolness and popularity – when distraction is something that’s needed, which is often.

Second, ‘cyber’ is really techy – most folks don’t understand it. As a result, the media, when covering anything to do with it, and always seeking more clicks on their stories, are able to print all manner of things that aren’t quite true (or completely false), but few readers notice. So what you get are a lot of stories in the press stating that this or that country’s hacker group is responsible for this or that embarrassing/costly/damaging/outrageous cyberattack. But can any of it be believed?

Generally, it’s hard to know if it can be believed or not. Given this, is it actually possible to accurately attribute a cyberattack to this or that nation state or even organization?

There are two aspects to the answer…

From the technical standpoint, cyberattacks possess an array of particular characteristics, but impartial system analysis thereof can only go so far in determining how much an attack looks like it’s the work of this or that hacker group. However, whether this or that hacker group might belong to… Military Intelligence Sub-Unit 233, the National Advanced Defense Research Projects Group, or the Joint Strategic Capabilities and Threat Reduction Taskforce (none of which exist, to save you Googling them:)… that is a political aspect, and here, the likelihood of manipulation of facts is near 100%. It turns from being technical, evidence-based, accurate conclusions to… palm or coffee grounds’ readings for fortune-telling. So we leave that to the press. We stay well away. Meanwhile, curiously, the percentage of political flies dousing themselves in the fact-based ointment of pure cybersecurity grows several-fold with the approach of key political events. Oh, just like the one that’s scheduled to take place in five months’ time!

So yes, political attribution is something we avoid. We stick to the technical side; in fact – it’s our duty and what we do as a business. And we do it better than anyone, I might modestly add ). We keep a close watch on all large hacker groups and their operations (600+ of them), and pay zero attention to what their affiliation might be. A thief is a thief, and should be in jail. And now, finally, 30+ years since I started out in this game, after collecting non-stop so much data about digital wrongdoing, we feel we’re ready to start sharing what we’ve got – in the good sense ).

Just the other day we launched a new awesome service aimed squarely at cybersecurity experts. It’s called the Kaspersky Threat Attribution Engine (KTAE). What it does is analyze suspicious files and determine from which hacker group a given cyberattack comes from. For knowing the identity of one’s attacker makes fighting it much easier: informed countermeasure decisions can be made, a plan of action can be drawn up, priorities can be set out, and on the whole an incident response can be rolled out smoothly and with minimal risk to the business.

So how do we do it?

Read on…

NB: With this post – about a place I visited before the lockdown – I want to bring you some positivism, beauty and the reassurance that we will all get a chance to see great different places again. Meanwhile, I encourage you not to violate the stay-at-home regime. Instead, I hope you’re using this time for catching up on what you never seemed to find the time to do… ‘before’ :).

Finally, the friends who accompanied me on my pre-lockdown Africa vacation have sent me their edited ‘greatest hits’ photos from the trip. Better late than never, no? But, I wonder – would they have been even tardier if not for the pandemic?! Just joking: they each did have probably terabytes of photos to choose from ).

Anyway, those terabytes of pics from (covering Namibia, Victoria Falls, and Madagascar) were whittled down to the very best, and then I had a go at even further editing them so that they’d ‘fit’ into this here blogpost without it getting ridiculously long. The result is the collection below. Some are mine, which I didn’t publish earlier. But most are my travel companions’ best shots. All righty. Let’s go…

First up: Namibian roads:

Stone fields along Skeleton Coast:

[Yawn]. “Ooh, do excuse me; I must have dozed off. What? Where? Walvis Bay, you say? Well, you’re on the right road. Just keep going, and you’ll come to it in half an hour!”

Pink salt lakes:

Cactii Aloe:

Unsorted unusualnesses:

Dunes, endless desert:

Deadvlei:

Windswept dunes:

Shadow on flying sand atop a dune’s ridge:

Oh my gorgeous!

Unsorted Namibia:

Zambia/Zimbabwe, Victoria Falls. No comment!…

Magic stone mushrooms in Madagascar. Gray tsingi at Ankarana:

Red tsingi – even more striking a thingy:

How cute? ‘Where are the bananas?!’

Night lemurs:

Unfed. Uninterested in anything but passing tourists and the food they give them:

Plenty portraits:

Ring-tailed lemurs:

Indri – the largest lemurs on Madagascar:

Unexpected, uninvited ‘guests’ – of Madagascan proportions:

Karma, karma, karma, karma chameleons: they come and go:

Oh my goodness. Just check out this miracle of nature:

Check out the independent eye movements!

“Who’s that back there?”

A whole new – literal – meaning to ‘I’ll have to keep my eye on you!’ ->

Smaller, subtler:

Oh my geckos!

As you can see – an amazing trip!

– The End –

PS: These pics were taken by (besides me): DZ, NI, OR, SS, and AD.

Thank-you to them, and thank-you too, dear readers, for your attention! Hope you liked the pics as much as we liked taking them!

Most folks around the world have been in lockdown now for around three months! And you’ll have heard mention of a certain movie over those last three months, I’m sure, plenty; but here’s a new take on it: Groundhog Day is no longer a fun film! Then there’s the ‘damned if you’re good, damned if you’re bad’ thing with the weather: it stays bad and wet and wintry: that’s an extra downer for everyone (in addition to lockdown); it gets good and dry and summery: that’s a downer for everyone also, as no one can go out for long to enjoy it!

Still, I guess that maybe it’s some consolation that most all of us are going through the same thing sat at home. Maybe. But that’s us – good/normal folks. What about cyber-evil? How have they been ‘coping’, cooped up at home? Well, the other week I gave you some stats and trends about that. Today I want to follow that up with an update – for, yes, the cyber-baddies move fast. // Oh, and btw – if you’re interested in more cyber-tales from the dark side, aka I-news, check out this archives tag.

First off, a few more statistics – updated ones; reassuring ones at that…

March, and then even more so – April – saw large jumps in overall cybercriminal activity; however, May has since seen a sharp drop back down – to around the pre-corona levels of January-February:

At the same time we’ve been seeing a steady decline in all coronavirus-connected malware numbers:

// By ‘coronavirus-connected malware’ is meant cyberattacks that have used the coronavirus topic in some way to advance its criminal aims.

So, it would appear the news is promising. The cyber-miscreants are up to their mischief less than before. However, what the stats don’t show is – why; or – what are they doing instead? Surely they didn’t take the whole month of May off given its rather high number of days-off in many parts of the world, including those for celebrating the end of WWII? No, can’t be that. What then?…

Read on…

Just in case you missed the first two, this is the third episode of my cyber-yesteryear chronicles. Since I’m in lockdown like most folks, I have more time on my hands to be able to have a leisurely mosie down cyberseKurity memory lane. Normally I’d be on planes jetting here, there and everywhere for business and tourisms – all of which normally takes up most of my time. But since none of that – at least offline/in person – is possible at the moment, I’m using a part of that unused time instead to put fingers to keyboard for a steady stream of personal / Kaspersky Lab / cyber-historical nostalgia: in this post – from the early to mid-nineties.

Typo becomes a brand

In the very beginning, all our antivirus utilities were named following the ‘-*.EXE’ template. That is, for example, ‘-V.EXE’ (antivirus scanner), ‘-D.EXE’ (resident monitor), ‘-U.EXE’ (utilities). The ‘-‘ prefix was used to make sure that our programs would be at the very top of a list of programs in a file manager (tech-geekiness meets smart PR moves from the get go?:).

Later, when we released our first full-fledged product, it was named ‘Antiviral Toolkit Pro’. Logically, that should have been abbreviated to ‘ATP’; but it wasn’t…

Somewhere around the end of 1993 or the beginning of 1994, Vesselin Bontchev, who’d remembered me from previous meet-ups (see Cyber-yesteryear – pt. 1), asked me for a copy of our product for testing at the Virus Test Center of Hamburg University, where he worked at the time. Of course, I obliged, and while zip-archiving the files I accidentally named the archive AVP.ZIP (instead of ATP.ZIP), and off I sent it to Vesselin unawares. Some time later Vesselin asked me for permission to put the archive onto an FTP server (so it would be publically available), to which I obliged again. A week or two later he told me: ‘Your AVP is becoming really rather popular on the FTP!’

‘What AVP?’, I asked.
‘What do you mean ‘What AVP’? The one you sent me in the archive file, of course!’
‘WHAT?! Rename it right away – that’s a mistake!’
‘Too late. It’s already out there – and known as AVP!’

And that was that: AVP we were stuck with! Mercifully, we (kinda) got away with it – Anti-Viral toolkit Pro. Like I say – kinda ). Still, in for a penny, in for a pound: all our utilities were renamed by dropping the ‘-‘ prefix and putting ‘AVP’ in its place – and it’s still used today in some of the names of our modules.

First business trips – to Germany for CeBIT

In 1992, Alexey Remizov – my boss at KAMI, where I first worked – helped me in getting my first foreign-travel passport, and took me with him to the CeBIT exhibition in Hannover in Germany. We had a modest stand there, shared with a few other Russian companies. Our table was half-covered with KAMI transputer tech, the other half – our antivirus offerings. We were rewarded with a tiny bit of new business, but nothing great. All the same, it was a very useful trip…

Our impressions of CeBIT back then were of the oh-my-grandiose flavor. It was just so huge! And it wasn’t all that long since Germany was reunified, so, to us, it was all a bit West Germany – computer-capitalism gone bonkers! Indeed – a cultural shock (followed up by a second cultural shock when we arrived back in Moscow – more on that later).

Given the enormity of CeBIT, our small, shared stand was hardly taken any notice of. Still, it was the proverbial ‘foot in the door’ or ‘the first step is the hardest’ or some such. For it was followed up by a repeat visit to CeBIT four years later – that time to start building our European (and then global) partner network. But that’s a topic for another day post (which I think should be interesting especially for folks beginning their own long business journeys).

Btw, even as far back as then, I understood our project was badly in need of at least some kind of PR/marketing support. But since we had, like, hardly two rubles to rub together, plus the fact that journalists had never heard of us, it was tricky getting any. Still, as a direct result of our first trip to CeBIT, we managed to get a self-written piece all about us into the Russian technology magazine ComputerPress in May 1992: home-grown PR!

Fee-fi-fo-fum, I smell the dollars of Englishmen!

My second business trip was in June-July of the same year – to the UK. One result of this trip was another article, this time in Virus Bulletin, entitled The Russians Are Coming, which was our first foreign publication. Btw – in the article ’18 programmers’ are mentioned. There were probably 18 folks working at KAMI overall, but in our AV department there were just the three of us.

London, June 1992

Read on…

Among the most common questions I get asked during these tough times is how the cyber-epidemiological situation has changed. How has cybersecurity been affected in general by the mass move over to remote working (or not working, for the unlucky ones, but also sat at home all the time). And, more specifically, what new cunning tricks have the cyber-swine been coming up with, and what should folks do to stay protected from them?

Accordingly, let me summarize it all in this here blogpost…

As always, criminals – including cybercriminals – closely monitor and then adapt to changing conditions so as to maximize their criminal income. So when most of the world suddenly switches to practically a full-on stay-at-home regime (home working, home entertainment, home shopping, home social interaction, home everything, etc.!), the cybercriminal switches his/her tactics in response.

Now, for cybercriminals, the main thing they’ve been taking notice of is that most everyone while in lockdown has greatly increased the time they spend on the internet. This means a larger general ‘attack surface’ for their criminal deeds.

In particular, many of the folks now working from home, alas, aren’t provided with quality, reliable cyber-protection by their employers. This means there are now more opportunities for cybercriminals hacking into the corporate networks the employees are hooked up to, leading to potentially very rich criminal pickings for the bad guys.

So, of course, the bad guys are going after these rich pickings. We see this evidenced by the sharp increase in brute-force attacks on database servers and RDP (technology that allows, say, an employee, to get full access to their work computer – its files, desktop, everything – remotely, e.g., from home) ->

Read on…

Brainteasers, riddles, conundrums – they come in all sorts of types: from easy to ~impossible, those requiring logic, math, geometry, and/or plenty of other skills and competencies. But those tricky types – requiring higher mathematics, complex space, and formulas several pages long – you won’t find any of those in this blogpost. Here, they range from real simple to average-hard, since the last one – the Sudoku – was rather tough. So, without further ado, here are the six…

Poser No. 1

You have two pieces of string of differing lengths. If burned from one end, they both burn for exactly one hour. The speed of the burning varies all the time: for example, half may burn in almost the full hour, then the other half burns up in minutes; or the other way round. You have at your disposal only the two lengths of string and one cigarette lighter, nothing else. What you need to do is determine when 45 minutes is up.

Poser No. 2

You have some graph paper with 10 by 10 squares on it. You cut out the square in the top left and top right corners; that is – one square from two opposing corners. Now the question: how do you cover the whole of the surface with 2×1 dominoes? That is, how do you place (100-2)/2 = 49 dominoes on the graph paper (with just one level of dominoes) so that everything is covered?

Poser No. 3

One night I dreamed of a number – a very unusual number. It was a 10-digit number. The first digit is equivalent to the number of zeros in the number. The second digit = the quantity of ones in the number, the third – the quantity of twos, … , and the last = the quantity of nines. Like I say, a very unusual number. The problem is – I forgot the number once I’d woken up! Question: what is the number?

Poser No. 4

This one’s to test the quickness of your wits. There’s symmetry here – almost:

30 – 33 = 3

One numeral needs to be moved to make the symmetry perfect. Which. And the ‘-‘ and ‘=’ don’t count. 

Poser No. 5

You have a cylinder, around which some thin wire is carefully wound. The wire was sufficient for four windings round the cylinder – from one end to the other – as in the pic. The length of the cylinder is 12 centimeters, the circumference of the cylinder is 4 centimeters. What is the length of the wire?

Poser No. 6. 

You have a huge cake for you and 100 of your colleagues (before/after lockdown). The colleagues line up for a slice. The first colleague takes a mere 1% slice, the second – a 2% slice: 2% of the remaining cake. The third – 3% of remaining cake, and so on, until, the last colleague – the 100^th – takes all that’s left. Question: who cut themselves the largest slice?

All these brainteasers are doable in your head. You can of course use a pen and pad, but they won’t really help.

All righty – good luck!

And the most precise, witty, unexpected and other ‘most, mostest’ answers will get a prize: some serious antivirus protection – a boxless (contactless) version ).

NB: with this post – about a place I visited before the lockdown – I want to bring you some positivism, beauty, and reassurance that we’ll all get a chance to see great different places again. Meanwhile, I encourage you not to violate the stay-at-home regime. Instead, I hope you’re using this time for catching up on what you never seemed to find the time to do… ‘before’ :).

Yes, I know: I wrote how yesterday’s post was the last on Tasmania. But I’d forgotten about all the video material my travel companion, OA, had taken along the way! Plenty of it too – two hours worth, all shot on his smartphone. So, herewith, an opportunity to get the popcorn in, dim the lights, and go over the whole trip once more enjoy a video version of the very ‘greatest hits’ of our Tasmanian road/walk/chopper tour!…

Oh those Tasmanian hairpin bends!

Read on…

NB: with this post – about a place I visited before the lockdown – I want to bring you some positivism, beauty, and reassurance that we’ll all get a chance to see great different places again. Meanwhile, I encourage you not to violate the stay-at-home regime. Instead, I hope you’re using this time for catching up on what you never seemed to find the time to do… ‘before’ :).

Tasmania – done, at least in terms or a road trip therearound, plus much trekking along its peninsulas. The only thing still not done – chopper ride!…

First up – Tasmanian forest. You can see here how a swathe had been cut down, then replanted. I bet this is something to do with the very active logging that goes on on the island – done wisely: cut down, then plant some more in their place.

Read on…

What? Bored? Surely not! Surely you’re reading those novels you kept putting off, that autobiography; fixing that faucet, finally getting round to that long-overdue spring clean, no?!

Ok, let’s say you’ve done all such things (or not). And now it’s back to ‘bored’. Well here’s something a bit different to end that boredom – at least for… a few days: a particularly tricky spot of Sudoku!

Now, before the knee-jerk groaning and eye-rolling, just let me explain. This isn’t your usual easy Sudoku you get in those Sudoku magazines. Oh no. This one was sent to me with the comment: ‘The most difficult Sudoku there is!’. Fine by me – the harder the better!

Thing is, I’d never done a Sudoku before. Talk about ‘in at the deep end’! Still, I had plenty of time to focus on it, and only it – on my long-haul flight from Australia in March after the Tasmanian tour. And I seemed to pick it up fairly quickly. Well, relatively: as I was an absolute beginner it actually took me… around the whole flight; i.e., about a day! So, be warned – this isn’t something you’ll get done in minutes, even hours. And for the beginners among you, I recommend reading up on the rules first, and then to do some simpler ones first to get some practice in and get up to speed.

Meanwhile, for you pros out there, here you go; knock yourself out! ->

NB: with this post – about a place I visited before the lockdown – I want to bring you some positivism, beauty, and reassurance that we’ll all get a chance to see great different places again. Meanwhile, I encourage you not to violate the stay-at-home regime. Instead, I hope you’re using this time for catching up on what you never seemed to find the time to do… ‘before’ :).

Onward we stroll, on the last day of our trek along Three Capes Track on the Tasman Peninsula. On today’s menu – getting to Cape Hauy. Over there… ->

At first it was the usual sturdy path with super views, but a bit later we entered a really strange wood…

Read on…