There’s no stopping – not even a slowing down of – the passing of time, no matter how much we might want it. So we don’t waste… time, energy and nerves on fighting the inevitable. But what do we do instead? Well, I reckon that if you pump the time you have on the planet with meaningful and useful goals, events, achievements, excitement, and assorted other positive, busy “content” (though I do so dislike that term:), then said time we have will leave two-dimensional linearity and inevitability and blossom into a multi-dimensional world of energy and vigor to give life meaning. Yep – you know me: always positive – no matter what )…

Routine screws up memories, while the passing of time steadily nullifies the memory cells that store those memories. Life imperceptibly turns into an expressionless mass of vague sensations, and after renewing your passport two or three times – there can be emptiness. Note – “can” be. But life is what you make it: you can instead live as “correctly” as possible. And for me, included in my list of living maximally “correct” come my annual reviews! To stop, duck out of the routine, think, remember, write, think again, and be amazed. And out of the fog of the passing year an outline of experiences, events and achievements becomes distinguishable. Then, emboldened by pride, I find myself fully ready for new endeavors in the New Year.

In the oh-so tricky year of 2022, the chances of losing oneself all the more in the fog were through the roof: geopolitics gets in the way of all that’s good. But at the same time this makes summarizing the results of last year all the more a correct and necessary endeavor. So this time I’ve split up my reviews to make sure we don’t miss vital detail: I’ve already shared my mostly-personal annual review, and also my patent review.

What remains is the concluding third part – which is what I’ll be giving you today in this here post: about our product-and-tech achievements – our “bread and butter” that makes up our whole raison d’être: protecting the world from cyber-evil. And there were plenty such achievements – a lot more than might be expected given the difficult circumstances throughout the year… All righty – enough “intro”; let’s get to it (after all, it’s February already, like – tomorrow!!)…

// Btw – that’s the cover of our Midori Kuma 2023 calendar – simply to brighten up this here text ). As per, it can be downloaded – here.

Ok – sit  down. Better – fasten your seatbelt too! For this number is a shocker – in the good sense: last year we launched more than 750 releases! No, no typo there folks. Really: seven hundred fifty releases! By that I mean new products, updates, patches, and assorted other localizations/customizations. // And some folks still think we just do antivirus?!!

Out of that huge bulk, here are a few I want to highlight…

Read on…

Inventing cutting-edge new technology is only the half of it. Wait – no: let’s not be so categorical…

Cutting-edge new technology that’s oh-my groundbreaking sets in motion a life-cycle that’s probably a lot more complex and long-winded than might at first be imagined by many. Of course, without the invention in the first place there’d be nothing, but without the life-cycle that comes after it, even the most amazing revolutionary technology risks going belly up before it’s even gotten off the ground, never to help humankind in the way it could have. Alternatively, the invention could be at risk of falling into the hands of so-called consumer champions or patent trolls.

Among the many business functions that go into the mentioned life-cycle of new technology is that of patenting. For, alas, the system works whereby, if the new tech’s not patented, you don’t have any rights to it – even though you invented it! And history is full of such examples: the karaoke machine, magnetic stipes on plastic cards, fidget spinners, and a whole load more.

So – patenting. It happens to be by far not the simplest or most accessible of business processes, and it requires lots of expertise and lots of money – especially when you’re global. But that doesn’t make it any less necessary. And since our business at K has always been founded upon new technology, as soon as our bottom line allowed it – we straight away got into patent protection: in 2008 we got our very first patent. Ever since, little by little, we’ve been steadily growing our own patent expertise as much as we could allow ourselves down the years. And quite right too!…

The more successful the business became and the more we expanded around the world – all the more often patent trolls would come after us looking for the easy money. Also – unscrupulous competitors, despite having tech that could hardly compete with us on quality, still weren’t happy allowing customers use our products. Altogether, we were hit with 10 patent actions; nine we won; one is currently being considered. Because we never give in. We fight back – and win!

Overall picture.

The pandemic years and current geopolitical turmoil have of course negatively affected our business on the whole, and that has had a knock-on effect on our patent work – also down. And both past and current events look likely to echo into the future for years. However, that’s no reason to lie low until things get better; just the opposite – it warrants hitting the gas stepping on the proverbial accelerator all the harder! And that’s just what we did in 2022 (2021, btw, is here), despite everything. Let me tell you how…

We finished last year with a portfolio of 1367 patents and 330 patent applications in different countries (including the U.S., the EU, Russia, and China). In 2022 we obtained 123 new patents (including in the U.S. – 51; Russia – 37; China – 24; the EU – 9), and submitted 58 patent applications. But let’s not concentrate just on quantity. Check out the quality too: we’ve been granted patents to ~98% of all our patent applications (in some countries – 100%!), while the world average for companies is somewhere around 50%. Go us!

Our overall patent picture looks like this:

Read on…

I’ve been saying it often – for years: antivirus is dead.

Such a statement might at first seem strange – especially from someone who’s been a mover and shaker since the very earliest days in all things viruses and anti-virus in the late eighties and early nineties. However, if you dig a little deeper into the AV (RIP) topic and consult some authoritative sources in the (former:) field, then the statement quickly becomes quite logical: first, “antivirus” has turned into protective solutions “against everything”; second, viruses – as a particular species of malicious program – have died out. Almost. And it’s that seemingly harmless, negligible almost that causes problems for cybersecurity still to this day – at the back end of the year 2022! And that almost is the basis of this here blogpost today…

So. Viruses. Those Red-Listed last remaining few – where are they these days, and what are they up to?…

It turns out they tend to reside in… one of the most conservative sub-fields of industrial automation: that of operational technology (that’s OT – not to be confused with IT). OT is “hardware and software that detects or causes a change through the direct monitoring and/or control of industrial equipment, assets, processes and events” (– Wikipedia). Basically, OT relates to an industrial control systems (ICS) environment – sometimes referred to as “IT in the non-carpeted areas”. OT = specialized control systems in factories, power plants, transportation systems, the utilities sector, and the extraction, processing and other heavy industries. Yes – infrastructure; yes – often critical infrastructure. And yes again – it’s in this industrial/critical infrastructure where “dead” computer viruses are found today alive and kicking: around 3% of cyber incidents involving OT-computers these days are caused by this type of malware.

How so?

Read on…

Naming products and services – and also their many different functions and features – in the infosec domain is, in a word, tricky. Why? Complexity…

Cybersecurity: it’s not a one-dimensional object like, say, a boat. There are different sized boats, different types of boats, but a boat is mostly always a boat. But in infosec, a modern system of enterprise cybersecurity does a great many technically complex things, and the question arises: how can it all be labeled simply and catchily (if that’s at all possible) so as to be reasonably easy to understand? And how can you differentiate one security system from another? Often it’s difficult explaining such differences in a long paragraph – let alone in the name of a product or service. Like I say: tricky.

Maybe that’s why Kaspersky is still associated by some with “antivirus software”. But actually, detecting and neutralizing malware based on an antivirus database is today just one of our security technologies: over a quarter century we’ve added to it a great many others. The word antivirus today is more of a metaphor: it’s known, understood, and thus is a handy (if not too accurate or up-to-date) label.

But what are we supposed to do if we need to tell folks about complex, multifunctional protection for enterprise IT infrastructure? This is when strange sets of words appear. Then there are all the abbreviations that come with them, whose original idea was simplification (of those strange sets of words) but which often just add to the confusion! And with every year the number of terms and abbreviations grows, and memorizing them all becomes increasingly… tricky! So today, let me take you on a brief excursion of all this gobbledygook  some of these complex but necessary names, terms, descriptions and abbreviations – so that, hopefully, we achieve the thing the abbreviations themselves struggle with: bringing clarity.

Read on…

In my review of 2021, I gave a few teasing clues about some upcoming ‘super releases’ of our desktop and mobile products, going so far as promising that this year’s newbie-upgrades will be nothing short of being head-spinningly, show-stoppingly staggering. Well today, finally, in this here post – I’ll be announcing what’s what with all this super-release talk…

Actually, the word ‘super’ isn’t just me bigging up our new and improved tech and products; for we’ve gone and come up with a dedicated cybersecurity super-app for our users in which they can access, control, and tweak all their cyber-protection (plus computer hygiene) needs! No, you’re not having a dream. This is real folks!

All righty. I’ve got your attention, I hope. Now let’s dive in!…

First, as per, a spot of background-history…

Read on…

Hi folks!

For those still sweating it out in the office, not lucky enough to have left for some serious digital detox vacationing, herewith, to keep your mind off the heat, some juicy iNews, aka Dark (and Light) Tales from the Cyber Side – yet more extraordinary, hard-to-believe stories from the world of cybersecurity.

Crypto-decrepito

The gaming community will no doubt recall how, this spring, Axie Infinity, the online crypto-game (perhaps most notable for permitting virtual winnings to be exchanged into real money), suffered one of the largest robberies of all time. It appears highly likely that North Korean hackers broke into the Ronin blockchain that controls the game, and proceeded to steal around $625 million (the exact figure varies depending on the source) from users’ accounts! The incident went unannounced for a time, highlighting the vulnerability of the game’s security system, and putting the reputation of its developer behind – Sky Mavis – on the line too.

Oh my gigantic sum! But wait – that’s not all; there’s more!…

Earlier this month it was revealed precisely how the hackers managed to break into the blockchain. Are you sitting down?!…

Several months ago fake employees of a fake company on LinkedIn sent info about fake job vacancies to employees of Sky Mavis. A senior Axie Infinity developer decided to apply. He even got through several rounds of (fake) interviews, after which he was offered an extremely attractive (fake) salary and benefits package. Basically, he was made an offer he couldn’t refuse.

Said offer eventually arrived in the developer’s inbox in the form of a pdf document, which he had no qualms about downloading and opening on his work computer. And that was that – the bad guys were in. Henceforth it was all just a matter of technique: an espionage program infiltrated Ronin, via which they were able to seize four of the nine validators that protect the network. Access to the fifth validator (needed to complete the hack and then steal all the money) was gained by the hackers via the Axie Decentralized Autonomous Organization – a group set up to support the gaming ecosystem. Result – bingo; jackpot!

Read on…

When the past is studied carefully, a detailed and precise picture of the present can be formed; then, the expert’s analytical mind (better – lots of experts’ analytical minds) can warn about – even predict – the foreseeable future. This is precisely how we here at K can often guess predict accurately how the upcoming evolution of digital maliciousness will pan out. It’s also how we keep abreast of the latest cyberattack trends, which allows us to timely develop the corresponding technologies needed in the fight against the cyber-unpleasantnesses around the corner. There’ve been times when we were mistaken in this expertise-based cyber-prophecy of ours: some types of cyber-awfulness is pretty hard to predict at all – but those instances have always been the exception to the rule; more often than not we’ve been bang on the money.

So how do we manage it? Is it just bearded geeky super-brainy types who do all this analysis and cyber-prophesizing? Actually – no. A lot of it is automated. And that’s to be applauded: a human – no matter how brainy – can’t compete with today’s computing power and algorithms and robots and AI machine-learning. The brainy human is still needed, of course; but why do all the heavy-lifting alone?

It’s the heavy-lifting that I’ll be telling you about today in this post. Technological, science-based heavy-lifting that allows us to predict the future (no mystical fortune-telling à la Baba Vanga:).

Let me start off by telling you about the evolution of our Threat Intelligence Platform (TIP).

I’ll break it down just like in the title: how we analyze the past, test the present, and then we crystal ball predict the future…

Read on…

Hi folks!

We all know perfectly well that the internet is awash with all kinds of malware – from the primitive amateur-grade to the sophisticated pro-grade. And over the last three months things have gotten a lot worse. The cyberswine are becoming all the more daring, and their methods – all the more advanced and refined. And though battling the cyber-baddies is both worthy and wholly necessary, prevention is always better than cure.

That is, being able to recognize cyber-evil for what it is and in good time is a task of vital strategic importance; all the more so when we’re talking not simply about protecting businesses, but about protecting critical infrastructure – the kit that provides us with the safe, comfortable and stable conditions in which to live.

Accordingly, educating employees how to spot cyberattacks on corporate networks is real important. And yes, we’re the world’s biggest fans of such cyber-enlightenment: we regularly conduct trainings of all different kinds – and also formats: both online (including in real time) and offline, and all under the caring and attentive gaze of our experts.

Not so long ago I wrote on this here blog of mine about our training programs on identifying cyberattacks based on sets of malware characteristics (you can read more about YARA rules here). But here at K, we never stand still, so we’ve gone and upgraded, and today I want to tell you about our new course, which has just been added to our educational portfolio of online training for experts.

So here it is folks – introducing… training on how to respond to (Windows OS) incidents (including ransomware) – the Kaspersky Windows Incident Response course. Btw, earlier this course existed only in offline format and was the most popular among our customers; however, it’s intended for internal teams just as much as for independent cybersecurity specialists who want to further improve their knowledge and raise their qualifications.

Now, according to recent research, top managers of (non-IT) companies, and also owners of businesses seem to overestimate their ability to deal with ransomware – especially if they’ve never come across the problem. And ~73% of companies aren’t able to cope with a ransomware attack even with the help of their IT service contractors. Yes – that’s plenty!

Read on..

It’s been a while since my last post on new/updated products, so here’s making up for that…

Our Kompany mission is to protect any and all citizens of the digital world – anywhere and any-when – against all cyber-evil in all its many flavors, stripes and categories. And that protection of course includes protection of the world’s most vulnerable internet users – children.

We firmly believe in advising kids on how to recognize potential threats on the internet, as well as how to conduct oneself properly on the internet in general. Then, hopefully, there’s nothing embarrassing or even painful accompanying a child online for the rest of his/her life; after all, whatever’s put on the internet stays there – forever. We do our bit in this in various ways; for example: with webinars, public speaking appearances, joint educational projects, books, cartoons, videos and research.

And we also provide protection for kids with our parental-controls app – Kaspersky Safe Kids.

Up and running several years already, the app is constantly improved and fine-tuned so as to better suit the particular needs of children and their parents when it comes to using digital devices safely.

But it hasn’t always been plain sailing for us: a couple years ago we had to… – get this: “fight for the right to protect children” with our app. Eh?! Indeed, we had to resort to legal action in connection with a certain famous apple-emblazoned company to prevent its using unfair competitive advantages for its own parental-controls function included in its mobile operating system. Still, as is our wont with legal battles, we won the antitrust case, and the functionality that wasn’t permitted before was enabled; fairness, common sense and justice prevailed! Interested in how the Federal Antimonopoly Service case went? Then check out this, this and this.

Ok – back to our fully-functional Safe Kids app. I think I’ve already mentioned that we constantly improve it. Well let me tell you about the latest improvements…

In the very latest version of the app for iOS we’ve expanded the functionality for parents – adding more features for supervising their offsprings’ online activity. Thus, parents (or guardians) can now more thoroughly filter undesirable online content as per specific categories, learn more about the preferences and interests of their children (in particular, by monitoring what YouTube videos are watched), and set screen-time limits.

Here are a few screenshots of the interface for parents:

Read on…

Hi boys and girls!

It’s been a while since my last installment of iNews, aka – uh-oh cyber-news, aka – cyber-tales from the dark side, so here’s reviving the series to get back on track in giving you highlights of jaw-dropping cyber-astonishments you might not hear about from your usual sources of news…

In this installment – just one iNews item for you, but it’s plenty: an added item might have watered down the significance of this one (hardly appropriate when there’s ‘watershed’ in the title:)…

Briefly about the iNews: after lengthy legal proceedings in the U.S., a court has ruled in favor of big-pharma company Merck against its insurer for a payout of US$1.4 billion (!!) to cover the damages Merck suffered at the grubby hands of NotPetya (aka ExPetr or simply Petya) in 2017.

Quick rewind back to 2017…

In June of that year, all of a sudden a viciously nasty and technologically advanced encryptor worm – NotPetya – appeared and spread like wildfire. It initially targeted Ukraine, where it attacked victims via popular accounting software – affecting banks, government sites, Kharkov Airport, the monitoring systems of the Chernobyl Nuclear Power Plant (!!!), and so on and so on. Next, the epidemic spread to Russia, and after that – all around the world. Many authoritative sources reckon NotPetya was the most destructive cyberattack ever. Which looks about right when you count the number of attacked companies (dozens of which each lost hundreds of millions of dollars), while overall damage to the world economy was estimated at a minimum 10 billion dollars!

One of the most notable victims of the global cyberattack was the U.S. pharmaceuticals giant Merck. It was reported 15,000 of its computers were zapped within 90 seconds (!) of the start of the infection, while its backup data-center (which was connected to the main network), was lost almost instantly too. By the end of the attack Merck had lost some 30,000 workstations and 7,500 servers. Months went into clearing up after the attack – at a cost of ~1.4 billion dollars, as mentioned. Merck even had to borrow vaccines from outside sources for a sum of $250 million due to the interruptions caused to its manufacturing operations.

Ok, background out the way. Now for the juiciest bit…

Read on…