Cyber-news from the dark side – ver. SAS-2019.

Hi folks!

Herewith, the next in my series of occasional iNews, aka cyber-news from the dark side updates – this one based on some of the presentations I saw at our annual Security Analyst Summit in Singapore last month.

One of the main features of every SAS is the presentations given by experts. Unlike other geopolitically-correct conferences, here the analysts up on stage share what they’ve discovered regarding any cyberthreat, no matter where it may come from, and they do this based on principle. After all, malware is malware and users need to be protected from all of it, regardless of the declared virtue of the intentions of those behind it. Just remember the boomerang effect.

And if certain media outlets blatantly lie about us in response to this principled position, so be it. And it’s not just our principles they attack – for we practice what we preach: we’re way ahead of the competition when it comes to the numbers of solved cyberespionage operations. And we’re not planning on changing our position in any way to the detriment of our users.

So here are a few synopses of the coolest investigations talked about at SAS by the experts behind them. The most interesting, most shocking, most scary, most OMG…

1. TajMahal

Last year, we uncovered an attack on a diplomatic organization from Central Asia. Of course, that an organization like that is interesting to cybercriminals should come as no surprise. The information systems of embassies, consulates and diplomatic missions have always been of interest to other states and their spy agencies or generally any bad guys with sufficient technical ability and financial wherewithal. Yes, we’ve all read spy novels. But here was something new: here a true ‘TajMahal’ was built for the attacks – an APT platform with a vast number of plugins used (we’ve never seen so many used on one APT platform – by far) for all sorts of attack scenarios using various tools.

The platform consists of two parts: Tokyo and Yokohama. The former is the main backdoor, which also fulfils the function of delivery of the latter malicious program. The latter has very broad functionality: stealing cookies, intercepting documents from the printer queue, recording VoIP calls (including WhatsApp and FaceTime), taking screenshots, and much more. The TajMahal operation has been active now for at least five years. And its complexity would suggest that it’s been built with more than one target in mind; the rest remain for us to find…

Details of this APT-behemoth you can find here.

Read on…

Finally, SAS in Singapore – the venue it couldn’t ignore!

Hi folks!

You’ll no doubt already know – but just in case, here’s me telling you – that each year we put on a mega international cybersecurity conference – SAS (Security Analyst Summit) – every late-winter/early-spring. Well, it’s spring already (though there was snow again last night in Moscow!) once again, so let me tell you about this year’s event… – woah – which is only three weeks away!…

This event is unique in a full three ways:

First, it’s at SAS where both KL’s top experts plus our world-renowned expert-guests report on their latest investigations, newest findings, and most curious other cyber-news.

Second, SAS always avoids the typical / typically boring hotels or conference centers in world capitals, instead always opting for totally non-boring exotic resort venues with lots of sun, sea, sand, surf, sangria… Singapore Slings, etc.

Third, there’s always one thing that can be counted on every year at SAS – the event is overflowing with fun, despite the seriousness of the cybersecurity theme!

SAS-2018 (Cancun)

It’s fair to say that SAS is best-known for the hot – often sensational – investigative reports shared at the event. Sometimes some folks don’t like this: they think we select findings based on geography or on possible attribution, or they’d prefer if we didn’t publicize such scandalous and potentially embarrassing findings (indicating probable government financing, cyber-espionage, cyber-sabotage, etc.) and should just sweep them under the rug instead. Er, nope. That’s not going to happen. Just in case you missed the memo: we share details of any cybercrime we find. Where it may originate from or what language it may speak: it doesn’t matter. Publicizing details of large cyber-incidents and targeted attacks is the only way to make the cyberworld – and that means the world itself – safer. It’s for this reason that SAS was the platform used to divulge findings on ‘Stuxnet’s cousin’ Duqu (which secretly collected information on European industrial systems), Red October (a cyber-spy carrying out espionage on diplomatic missions in Europe, the U.S., and former Soviet republics), and OlympicDestroyer (a sophisticated APT that attempted to sabotage the Olympic Games in South Korea in 2018). And I know that this year’s SAS won’t be any different: cyber-buzz causing a huge stir – coming right up!…

SAS-2016 (Tenerife)

SAS has been put on in Croatia, Cyprus, Malaga, Cancun, Tenerife, Puerto Rico, the Dominican Republic and Saint Martin (i.e., including some repeats at our fave venues).

This year, seeing that SAS is all grown-up (this will be the 11th event), we thought a few organizational adjustments might be appropriate, and here they are:

First, this year SAS will be put on… in a metropolis! But it’s not your dull city in any way: it’s still beside the seaside and it happens to be a ‘garden city’, no less . Yep, this year it’ll be in Singapore folks. Yeh! I’m very happy about that. I have a more than just a soft-spot for Singapore ).

Second, we’ve decided to open up SAS to a wider audience than usual. Normally it’s an invite-only, exclusive world-cyber-expert get-together. This time though – in line with our transparency drive – we’re making part of the conference open to anybody who may wish to participate. And we call it SAS Unplugged. Like MTV Unplugged – only SAS ).

Presentations, training sessions, workshops from leading experts – all included. So students, cybersecurity rookies, in fact – cybersecurity old-hands too – anyone who has a great interest in fighting cyberbaddies – get registering! And be quick about it – already some of the training sessions are fully booked up.

PS: I’ve been permitted to give you a teaser about one of the confirmed presentations. It’s by one of our own experts, Sergey Lozhkin, and it’s for sure going to be a corker. Curiously, it’s about one of the oldest forms of cybercrime, but old doesn’t mean irrelevant. Just the opposite. For the crooks engaging in it today are earning billions of dollars a year from it! What is it? Financial fraud, plain and simple – actually, not so simple, as Sergey will tell us. He’ll also tell us how it has evolved over the years, what digital identity theft is, how much a digital identity costs on the Darknet, what a ‘carder’ is, and more…

PPS: I can’t wait. I enjoyed last year’s SAS ever so much. So here’s looking forward to an even better SAS this year!

Welcome to SAS-2019!…

Flickr photostream

Instagram photostream

KL comes of age.

21 years old – this used to be (and in some religions/countries still is) the age when a young person became an adult – aka came of age. A real ‘milestone’ as it were – a biggie; a special birthday, a jubilee…

Well guess who turned from being a minor into an adult just the other day?…

You guessed right: KL!

And a KL b-day – as probably everyone knows by now – means it’s time to party: with a capital ‘P’. All we needed was good weather to allow the party to really rock. Well this year we were in luck:

A monster b-day blowout, in addition to the good weather also needs a monster venue. Check!

What else is needed? I could list the ingredients; showing you the pics thereof is a lot more satisfying:

Read on: 50 inflatable unicorns…

Enter your email address to subscribe to this blog

Peter: Picture-perfect for KL-partner-conf.

St. Petersburg when the sun’s come out to play is to me the best city to be in in Europe. And I’m not alone in declaring such a bold sentiment – I’ve heard it from many others from many different countries too. But why ‘in Europe’? That’s just so as to be able to compare meaningfully. It’s difficult comparing Russia’s second city with, say, Hong Kong or Singapore, as they’re just so different on so many levels. But I digress. So, about StP!…

Read on: nostalgic!…

10 years of sensational SAS.

Many different cyber-professional events take place around the world every year. Out of all of them I have one special favorite – our own special one for cybersecurity analysts: SAS (Security Analyst Summit). And every year they just get better and better and bigger and bigger. This time we had 320 guests from 30+ countries – mostly from the Americas and Europe, but also seven experts from Australia, and participants from Singapore, Japan, Taiwan, Malaysia and Saudi Arabia. Representatives of large companies were in strong attendance as usual (from Microsoft, Google, Apple, Cisco, Sony, Honeywell, Cloudflare, Pfizer, SWIFT, Chevron, Citibank and others), but there were also folks from the cyber-police of different countries, plus government agencies and departments from the UK, Netherlands, Canada, France, China, South Korea, Switzerland, Austria, Romania and Kazakhstan. There were non-commercial and educational organizations (like, among others, the Electronic Frontier Foundation and the University of Texas, respectively). And a big thanks to our conference partners and sponsors, namely: Qintel, Avast, Telstra, Microsoft, ThreatBook, Talos, Security Week and Threatpost. In short, folks from all over and from diverse fields, demonstrating the degree of trust in and respect for our company.

Like me, SAS likes to travel the world, avoiding the large Congress centers of big boring cities, preferring instead stunning exotic locations with a warm climate and in the immediate vicinity of warm ocean.

SAS has been held in Croatia, Cyprus and Malaga on the Mediterranean; in Mexico’s Cancun in 2012 and 2015; on the Spanish island of Tenerife; and the Dominican Republic, Puerto Rico and St. Maarten in the Caribbean. And here we are once again back in Cancun for this, our 10th SAS! Hooray!

It all began in the year 2009. 60 guests – 55 of which were KL staff! – each sharing their notes on research and experience in cybersecurity. Those humble beginnings quickly grew into large-scale industry events with more than 300 high-level delegates (only ~30% of which were from KL). This year’s event was extra special because of the jubilee, and the participants didn’t seem disappointed…

Read on…

B&B: Berlin & Bosch.

I’ve just got myself a +1 to my collection of German industrial exhibitions/conferences, which now runs to a grand total of three. It was Bosch Connected World – both a conference and exhibition that ‘celebrate the Internet of Things’. Hardware & software, robotics, stationary + mobile, automotive, cloud-based, AI… basically all the buzz words – and all here. But everything here is somehow Bosch-connected, either belonging thereto of partnering with it; therefore, it was rather smaller than the other two in my collection: Embedded World and Hannover Messe. The former is about all things cyber-digital-industrial-automotive, the latter – all things industrial in general, not just security.

If you’re already in the computer automation/robotics/smart-whatever field, or are planning on entering it soon, you need to get yourself here. We were here as we’ve decided to attend more vendor-themed events: they’re smaller scale, but more focused. So here we are: welcome to Bosch Connected World!…

Read on: Nice place, proper technology, business opportunities…

The world’s first ever bytes.

Hi folks!

Today’s post is from Munich; specifically – from one of its fine museums, and then from a conference I was speaking at…

All righty. The museum: the Deutsches Museum, the world’s largest science and technology museum!

In a word, this place: ‘WHOAH!’

How can I best describe it? Ok, how about this:

Imagine you’re in a market – a massive one. There are rows of stalls selling fruit and vegetables, eggs, nuts, knick-knacks… whatever. Well, here – it’s just like that, only the stalls feature cars, planes, computers and all sorts of other tech, from the ancient to the modern-day – lots of it too: 28,000 exhibits! Oh my grandiose!

Read on…

www.luzhniki-2017.

Just last week I went all volcanic with a blogpost, even though I haven’t seen a volcano in the flesh for quite a while. So, why? Well, it was an appetizer, for there’s a spot of volcanism on the horizon. But more on that later. All in good time…

Meanwhile in Moscow…

…And indeed practically all over the planet, preparations are being made for New Year and, for many, Christmas celebrations.

Advent calendar? Check.

Christmas tree up and decorated? Check.

Flashing lights up on a window or two? Check.

Presents bought. Not yet, come on; on the to-do list.

Year-end work party? Check! Already! A little earlier than usual (for example, in 2016, 2015, 2014 and so on:).

(Btw, all these pics: courtesy of Roman Rudakov)

This year has been… different, for one thing. Well our year-end prom was a bit lot different too. Different format, and not one, not two, but a full three headliner bands on!

Usually the format goes like this: (i) our awards ceremony (best crew, best project, etc., etc.); (ii) a big variety show put on by KLers; and (iii) a quick headliner at the end plus a disco. And all sat down at tables (for some of the time:).

This year… not that there was anything wrong with the usual format, but, well, it was our jubilee (20 years!) too, so we just had to do something very different and special this year…

Read on…

5th industrial.

Hi folks!

The other week we had our annual conference on industrial security – our fifth: our first jubilee. Hurray!

This year it was a truly international event, with many of the speakers giving their presentations in English (since they knew no Russian:). In all there were ~300 participants from 170 companies! Thanks to all sponsors and partners, especially:

  • SAP – general partner
  • Rostelecom – IoT partner
  • MARSH – cyber-insurance partner

And thanks to everyone else too whose names you can find at the above link.

Read on: Most interesting bits…

An Elevator in the Internet vs. the Internet in an Elevator.

I have a very high opinion of Schindler, the world’s leading manufacturer of elevators and escalators. (Next time you use these modes of transport, take note of the manufacturer’s logo.) In my view, this company deserves lots of respect and its business practices are worthy of study and emulation. However, when I see the company’s booth at an exhibition, replete with slogans like this, it sends a shiver down my spine, I start feeling uncomfortable about the world around me, and my left eye starts to twitch. Why?

There were three slogans that I had a particular problem with:

– How can I turn my elevator into a digital native?
– What is your elevator doing while you sleep?
– Can you meet your elevator online?

If you take a closer look, you can see them in this photo:

It may not bother everyone, but it makes me a little apprehensive. Of course, you understand… An elevator in the Internet is not as dangerous as the Internet in an elevator! OK, that’s tonight’s nightmares taken care of. No, I’m not trying to scare you. And I certainly wouldn’t want anyone to dream about the elevator from this cartoon!

The venue is Hannover Messe, the yearly mega-exhibition of industrial solutions. It’s all about automation, manufacturing, the energy industry, all sorts of robots, the rarest spare parts and other types of modern industrial magic.

Read on: Pretty interesting!…