How I would love to just visit Singapore as a tourist! To stay here for a week, wander around the city … But not running, running, gunzo-shigoto-arbeiten, meetings-presentations-more meetings and other work-trabajo-labor and so on in various other languages. Alas, not this time. It was more like this…

You wake up in the morning after the Starmus conference and realize that you can only dream of a bit of peace and quiet. From a sweltering Switzerland we immediately head (you could say without regaining consciousness) east for an equally hot Singapore. That’s where the INTERPOL World 2019 exhibition/conference is being held. It’s an event that brings together representatives of state, non-government and private sectors from INTERPOL member countries.

I talk a lot about the importance of international cooperation between law enforcement agencies and private cybersecurity organizations. Cybercrime knows no geographical boundaries, which is why it’s necessary to act together to fight it. It’s just that there’s a bit of a worldwide problem nowadays with this “together” thing. So, any real, ongoing initiatives aimed at international cooperation are worth their weight in gold! And we’re proud of our many years of work with INTERPOL. Since 2014, we’ve been a strategic partner, signed our first cooperation agreement and supported the opening in Singapore of the Digital Crime Center as part of the special IGCI (INTERPOL Global Complex for Innovation) unit dealing with cybercrime investigations. This center is where the technical side of INTERPOL’s investigations are conducted.

And, so, on July 3 in Singapore, we extended the cooperation agreement with INTERPOL for five years. Good work chaps!

The only chance to win the fight against cybercrime is #cybersecurity experts and law enforcement to act together. Just the way we do with @INTERPOL_HQ https://t.co/VLxfbuOiZ3 https://t.co/oJWXGmJWzo

— Eugene Kaspersky (@e_kaspersky) July 3, 2019

Read on…

Hi folks!

Herewith, the next in my series of occasional iNews, aka cyber-news from the dark side updates – this one based on some of the presentations I saw at our annual Security Analyst Summit in Singapore last month.

One of the main features of every SAS is the presentations given by experts. Unlike other geopolitically-correct conferences, here the analysts up on stage share what they’ve discovered regarding any cyberthreat, no matter where it may come from, and they do this based on principle. After all, malware is malware and users need to be protected from all of it, regardless of the declared virtue of the intentions of those behind it. Just remember the boomerang effect.

And if certain media outlets blatantly lie about us in response to this principled position, so be it. And it’s not just our principles they attack – for we practice what we preach: we’re way ahead of the competition when it comes to the numbers of solved cyberespionage operations. And we’re not planning on changing our position in any way to the detriment of our users.

So here are a few synopses of the coolest investigations talked about at SAS by the experts behind them. The most interesting, most shocking, most scary, most OMG…

1. TajMahal

Last year, we uncovered an attack on a diplomatic organization from Central Asia. Of course, that an organization like that is interesting to cybercriminals should come as no surprise. The information systems of embassies, consulates and diplomatic missions have always been of interest to other states and their spy agencies or generally any bad guys with sufficient technical ability and financial wherewithal. Yes, we’ve all read spy novels. But here was something new: here a true ‘TajMahal’ was built for the attacks – an APT platform with a vast number of plugins used (we’ve never seen so many used on one APT platform – by far) for all sorts of attack scenarios using various tools.

The platform consists of two parts: Tokyo and Yokohama. The former is the main backdoor, which also fulfils the function of delivery of the latter malicious program. The latter has very broad functionality: stealing cookies, intercepting documents from the printer queue, recording VoIP calls (including WhatsApp and FaceTime), taking screenshots, and much more. The TajMahal operation has been active now for at least five years. And its complexity would suggest that it’s been built with more than one target in mind; the rest remain for us to find…

Details of this APT-behemoth you can find here.

Read on…

Hi folks!

You’ll no doubt already know – but just in case, here’s me telling you – that each year we put on a mega international cybersecurity conference – SAS (Security Analyst Summit) – every late-winter/early-spring. Well, it’s spring already (though there was snow again last night in Moscow!) once again, so let me tell you about this year’s event… – woah – which is only three weeks away!…

This event is unique in a full three ways:

First, it’s at SAS where both KL’s top experts plus our world-renowned expert-guests report on their latest investigations, newest findings, and most curious other cyber-news.

Second, SAS always avoids the typical / typically boring hotels or conference centers in world capitals, instead always opting for totally non-boring exotic resort venues with lots of sun, sea, sand, surf, sangria… Singapore Slings, etc.

Third, there’s always one thing that can be counted on every year at SAS – the event is overflowing with fun, despite the seriousness of the cybersecurity theme!

SAS-2018 (Cancun)

It’s fair to say that SAS is best-known for the hot – often sensational – investigative reports shared at the event. Sometimes some folks don’t like this: they think we select findings based on geography or on possible attribution, or they’d prefer if we didn’t publicize such scandalous and potentially embarrassing findings (indicating probable government financing, cyber-espionage, cyber-sabotage, etc.) and should just sweep them under the rug instead. Er, nope. That’s not going to happen. Just in case you missed the memo: we share details of any cybercrime we find. Where it may originate from or what language it may speak: it doesn’t matter. Publicizing details of large cyber-incidents and targeted attacks is the only way to make the cyberworld – and that means the world itself – safer. It’s for this reason that SAS was the platform used to divulge findings on ‘Stuxnet’s cousin’ Duqu (which secretly collected information on European industrial systems), Red October (a cyber-spy carrying out espionage on diplomatic missions in Europe, the U.S., and former Soviet republics), and OlympicDestroyer (a sophisticated APT that attempted to sabotage the Olympic Games in South Korea in 2018). And I know that this year’s SAS won’t be any different: cyber-buzz causing a huge stir – coming right up!…

SAS-2016 (Tenerife)

SAS has been put on in Croatia, Cyprus, Malaga, Cancun, Tenerife, Puerto Rico, the Dominican Republic and Saint Martin (i.e., including some repeats at our fave venues).

This year, seeing that SAS is all grown-up (this will be the 11^th event), we thought a few organizational adjustments might be appropriate, and here they are:

First, this year SAS will be put on… in a metropolis! But it’s not your dull city in any way: it’s still beside the seaside and it happens to be a ‘garden city’, no less . Yep, this year it’ll be in Singapore folks. Yeh! I’m very happy about that. I have a more than just a soft-spot for Singapore ).

Second, we’ve decided to open up SAS to a wider audience than usual. Normally it’s an invite-only, exclusive world-cyber-expert get-together. This time though – in line with our transparency drive – we’re making part of the conference open to anybody who may wish to participate. And we call it SAS Unplugged. Like MTV Unplugged – only SAS ).

Presentations, training sessions, workshops from leading experts – all included. So students, cybersecurity rookies, in fact – cybersecurity old-hands too – anyone who has a great interest in fighting cyberbaddies – get registering! And be quick about it – already some of the training sessions are fully booked up.

PS: I’ve been permitted to give you a teaser about one of the confirmed presentations. It’s by one of our own experts, Sergey Lozhkin, and it’s for sure going to be a corker. Curiously, it’s about one of the oldest forms of cybercrime, but old doesn’t mean irrelevant. Just the opposite. For the crooks engaging in it today are earning billions of dollars a year from it! What is it? Financial fraud, plain and simple – actually, not so simple, as Sergey will tell us. He’ll also tell us how it has evolved over the years, what digital identity theft is, how much a digital identity costs on the Darknet, what a ‘carder’ is, and more…

PPS: I can’t wait. I enjoyed last year’s SAS ever so much. So here’s looking forward to an even better SAS this year!

Welcome to SAS-2019!…

21 years old – this used to be (and in some religions/countries still is) the age when a young person became an adult – aka came of age. A real ‘milestone’ as it were – a biggie; a special birthday, a jubilee…

Well guess who turned from being a minor into an adult just the other day?…

You guessed right: KL!

And a KL b-day – as probably everyone knows by now – means it’s time to party: with a capital ‘P’. All we needed was good weather to allow the party to really rock. Well this year we were in luck:

A monster b-day blowout, in addition to the good weather also needs a monster venue. Check!

What else is needed? I could list the ingredients; showing you the pics thereof is a lot more satisfying:

Read on: 50 inflatable unicorns…

St. Petersburg when the sun’s come out to play is to me the best city to be in in Europe. And I’m not alone in declaring such a bold sentiment – I’ve heard it from many others from many different countries too. But why ‘in Europe’? That’s just so as to be able to compare meaningfully. It’s difficult comparing Russia’s second city with, say, Hong Kong or Singapore, as they’re just so different on so many levels. But I digress. So, about StP!…

Read on: nostalgic!…

Many different cyber-professional events take place around the world every year. Out of all of them I have one special favorite – our own special one for cybersecurity analysts: SAS (Security Analyst Summit). And every year they just get better and better and bigger and bigger. This time we had 320 guests from 30+ countries – mostly from the Americas and Europe, but also seven experts from Australia, and participants from Singapore, Japan, Taiwan, Malaysia and Saudi Arabia. Representatives of large companies were in strong attendance as usual (from Microsoft, Google, Apple, Cisco, Sony, Honeywell, Cloudflare, Pfizer, SWIFT, Chevron, Citibank and others), but there were also folks from the cyber-police of different countries, plus government agencies and departments from the UK, Netherlands, Canada, France, China, South Korea, Switzerland, Austria, Romania and Kazakhstan. There were non-commercial and educational organizations (like, among others, the Electronic Frontier Foundation and the University of Texas, respectively). And a big thanks to our conference partners and sponsors, namely: Qintel, Avast, Telstra, Microsoft, ThreatBook, Talos, Security Week and Threatpost. In short, folks from all over and from diverse fields, demonstrating the degree of trust in and respect for our company.

Like me, SAS likes to travel the world, avoiding the large Congress centers of big boring cities, preferring instead stunning exotic locations with a warm climate and in the immediate vicinity of warm ocean.

SAS has been held in Croatia, Cyprus and Malaga on the Mediterranean; in Mexico’s Cancun in 2012 and 2015; on the Spanish island of Tenerife; and the Dominican Republic, Puerto Rico and St. Maarten in the Caribbean. And here we are once again back in Cancun for this, our 10^th SAS! Hooray!

It all began in the year 2009. 60 guests – 55 of which were KL staff! – each sharing their notes on research and experience in cybersecurity. Those humble beginnings quickly grew into large-scale industry events with more than 300 high-level delegates (only ~30% of which were from KL). This year’s event was extra special because of the jubilee, and the participants didn’t seem disappointed…

Read on…

I’ve just got myself a +1 to my collection of German industrial exhibitions/conferences, which now runs to a grand total of three. It was Bosch Connected World – both a conference and exhibition that ‘celebrate the Internet of Things’. Hardware & software, robotics, stationary + mobile, automotive, cloud-based, AI… basically all the buzz words – and all here. But everything here is somehow Bosch-connected, either belonging thereto of partnering with it; therefore, it was rather smaller than the other two in my collection: Embedded World and Hannover Messe. The former is about all things cyber-digital-industrial-automotive, the latter – all things industrial in general, not just security.

If you’re already in the computer automation/robotics/smart-whatever field, or are planning on entering it soon, you need to get yourself here. We were here as we’ve decided to attend more vendor-themed events: they’re smaller scale, but more focused. So here we are: welcome to Bosch Connected World!…

Read on: Nice place, proper technology, business opportunities…

Hi folks!

Today’s post is from Munich; specifically – from one of its fine museums, and then from a conference I was speaking at…

All righty. The museum: the Deutsches Museum, the world’s largest science and technology museum!

In a word, this place: ‘WHOAH!’

How can I best describe it? Ok, how about this:

Imagine you’re in a market – a massive one. There are rows of stalls selling fruit and vegetables, eggs, nuts, knick-knacks… whatever. Well, here – it’s just like that, only the stalls feature cars, planes, computers and all sorts of other tech, from the ancient to the modern-day – lots of it too: 28,000 exhibits! Oh my grandiose!

Read on…

Just last week I went all volcanic with a blogpost, even though I haven’t seen a volcano in the flesh for quite a while. So, why? Well, it was an appetizer, for there’s a spot of volcanism on the horizon. But more on that later. All in good time…

Meanwhile in Moscow…

…And indeed practically all over the planet, preparations are being made for New Year and, for many, Christmas celebrations.

Advent calendar? Check.

Christmas tree up and decorated? Check.

Flashing lights up on a window or two? Check.

Presents bought. Not yet, come on; on the to-do list.

Year-end work party? Check! Already! A little earlier than usual (for example, in 2016, 2015, 2014 and so on:).

(Btw, all these pics: courtesy of Roman Rudakov)

This year has been… different, for one thing. Well our year-end prom was a bit lot different too. Different format, and not one, not two, but a full three headliner bands on!

Usually the format goes like this: (i) our awards ceremony (best crew, best project, etc., etc.); (ii) a big variety show put on by KLers; and (iii) a quick headliner at the end plus a disco. And all sat down at tables (for some of the time:).

This year… not that there was anything wrong with the usual format, but, well, it was our jubilee (20 years!) too, so we just had to do something very different and special this year…

Read on…

Hi folks!

The other week we had our annual conference on industrial security – our fifth: our first jubilee. Hurray!

This year it was a truly international event, with many of the speakers giving their presentations in English (since they knew no Russian:). In all there were ~300 participants from 170 companies! Thanks to all sponsors and partners, especially:

• SAP – general partner
• Rostelecom – IoT partner
• MARSH – cyber-insurance partner

And thanks to everyone else too whose names you can find at the above link.

Read on: Most interesting bits…