A Matter of Triangulation.

Hi all,

I’ve some big news about a cyber-incident we’ve uncovered…

Our experts have discovered an extremely complex, professional targeted cyberattack that uses Apple’s mobile devices. The purpose of the attack is the inconspicuous placing of spyware into the iPhones of employees of at least our company – both middle and top management.

The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on a device and installs spyware. The deployment of the spyware is completely hidden and requires no action from the user. The spyware they quietly transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation, and data about a number of other activities of the owner of the infected device.

Despite the attack being carried out as discreetly as possible, the infection was detected by the Kaspersky Unified Monitoring and Analysis Platform (KUMA) – a native SIEM solution for security information and event management; the system detected an anomaly in our network coming from Apple devices. Further investigation by our team showed that several dozen iPhones of senior employees were infected with new, extremely technologically sophisticated spyware we’ve dubbed “Triangulation”.

Read on…

Here’s how we should approach artificial intelligence.

I’m a bit tired by now of all the AI news, but I guess I’ll have to put up with it a bit longer, for it’s sure to continue to be talked about non-stop for at least another year or two. Not that AI will then stop developing, of course; it’s just that journalists, bloggers, TikTokers, Tweeters and other talking heads out there will eventually tire of the topic. But for now their zeal is fueled not only by the tech giants, but governments as well: the UK’s planning on introducing three-way AI regulation; China’s put draft AI legislation up for a public debate; the U.S. is calling for “algorithmic accountability“; the EU is discussing but not yet passing draft laws on AI, and so on and so forth. Lots of plans for the future, but, to date, the creation and use of AI systems haven’t been limited in any way whatsoever; however, it looks like that’s going to change soon.

Plainly a debatable matter is, of course, the following: do we need government regulation of AI at all? If we do — why, and what should it look like?

Read on…

Flickr photostream

  • Saudi Arabia / Sep 2023
  • Saudi Arabia / Sep 2023
  • Saudi Arabia / Sep 2023
  • Saudi Arabia / Sep 2023

Instagram photostream

There’s the famous inflation-indicating “basket of goods”. Much better – the “K basket of goods”! Another annual review…

There’s no stopping – not even a slowing down of – the passing of time, no matter how much we might want it. So we don’t waste… time, energy and nerves on fighting the inevitable. But what do we do instead? Well, I reckon that if you pump the time you have on the planet with meaningful and useful goals, events, achievements, excitement, and assorted other positive, busy “content” (though I do so dislike that term:), then said time we have will leave two-dimensional linearity and inevitability and blossom into a multi-dimensional world of energy and vigor to give life meaning. Yep – you know me: always positive – no matter what )…

Routine screws up memories, while the passing of time steadily nullifies the memory cells that store those memories. Life imperceptibly turns into an expressionless mass of vague sensations, and after renewing your passport two or three times – there can be emptiness. Note – “can” be. But life is what you make it: you can instead live as “correctly” as possible. And for me, included in my list of living maximally “correct” come my annual reviews! To stop, duck out of the routine, think, remember, write, think again, and be amazed. And out of the fog of the passing year an outline of experiences, events and achievements becomes distinguishable. Then, emboldened by pride, I find myself fully ready for new endeavors in the New Year.

In the oh-so tricky year of 2022, the chances of losing oneself all the more in the fog were through the roof: geopolitics gets in the way of all that’s good. But at the same time this makes summarizing the results of last year all the more a correct and necessary endeavor. So this time I’ve split up my reviews to make sure we don’t miss vital detail: I’ve already shared my mostly-personal annual review, and also my patent review.

What remains is the concluding third part – which is what I’ll be giving you today in this here post: about our product-and-tech achievements – our “bread and butter” that makes up our whole raison d’être: protecting the world from cyber-evil. And there were plenty such achievements – a lot more than might be expected given the difficult circumstances throughout the year… All righty – enough “intro”; let’s get to it (after all, it’s February already, like – tomorrow!!)…

// Btw – that’s the cover of our Midori Kuma 2023 calendar – simply to brighten up this here text ). As per, it can be downloaded – here.

Ok – sit  down. Better – fasten your seatbelt too! For this number is a shocker – in the good sense: last year we launched more than 750 releases! No, no typo there folks. Really: seven hundred fifty releases! By that I mean new products, updates, patches, and assorted other localizations/customizations. // And some folks still think we just do antivirus?!!

Out of that huge bulk, here are a few I want to highlight…

Read on…

Enter your email address to subscribe to this blog

2022 review: patents coming on strong too!

Inventing cutting-edge new technology is only the half of it. Wait – no: let’s not be so categorical…

Cutting-edge new technology that’s oh-my groundbreaking sets in motion a life-cycle that’s probably a lot more complex and long-winded than might at first be imagined by many. Of course, without the invention in the first place there’d be nothing, but without the life-cycle that comes after it, even the most amazing revolutionary technology risks going belly up before it’s even gotten off the ground, never to help humankind in the way it could have. Alternatively, the invention could be at risk of falling into the hands of so-called consumer champions or patent trolls.

Among the many business functions that go into the mentioned life-cycle of new technology is that of patenting. For, alas, the system works whereby, if the new tech’s not patented, you don’t have any rights to it – even though you invented it! And history is full of such examples: the karaoke machine, magnetic stipes on plastic cards, fidget spinners, and a whole load more.

So – patenting. It happens to be by far not the simplest or most accessible of business processes, and it requires lots of expertise and lots of money – especially when you’re global. But that doesn’t make it any less necessary. And since our business at K has always been founded upon new technology, as soon as our bottom line allowed it – we straight away got into patent protection: in 2008 we got our very first patent. Ever since, little by little, we’ve been steadily growing our own patent expertise as much as we could allow ourselves down the years. And quite right too!…

The more successful the business became and the more we expanded around the world – all the more often patent trolls would come after us looking for the easy money. Also – unscrupulous competitors, despite having tech that could hardly compete with us on quality, still weren’t happy allowing customers use our products. Altogether, we were hit with 10 patent actions; nine we won; one is currently being considered. Because we never give in. We fight back – and win!

Overall picture.

The pandemic years and current geopolitical turmoil have of course negatively affected our business on the whole, and that has had a knock-on effect on our patent work – also down. And both past and current events look likely to echo into the future for years. However, that’s no reason to lie low until things get better; just the opposite – it warrants hitting the gas stepping on the proverbial accelerator all the harder! And that’s just what we did in 2022 (2021, btw, is here), despite everything. Let me tell you how…

We finished last year with a portfolio of 1367 patents and 330 patent applications in different countries (including the U.S., the EU, Russia, and China). In 2022 we obtained 123 new patents (including in the U.S. – 51; Russia – 37; China – 24; the EU – 9), and submitted 58 patent applications. But let’s not concentrate just on quantity. Check out the quality too: we’ve been granted patents to ~98% of all our patent applications (in some countries – 100%!), while the world average for companies is somewhere around 50%. Go us!

Our overall patent picture looks like this:

Read on…

The antidote to operational technology conservatism.

I’ve been saying it often – for years: antivirus is dead.

Such a statement might at first seem strange – especially from someone who’s been a mover and shaker since the very earliest days in all things viruses and anti-virus in the late eighties and early nineties. However, if you dig a little deeper into the AV (RIP) topic and consult some authoritative sources in the (former:) field, then the statement quickly becomes quite logical: first, “antivirus” has turned into protective solutions “against everything”; second, viruses – as a particular species of malicious program – have died out. Almost. And it’s that seemingly harmless, negligible almost that causes problems for cybersecurity still to this day – at the back end of the year 2022! And that almost is the basis of this here blogpost today…

So. Viruses. Those Red-Listed last remaining few – where are they these days, and what are they up to?…

It turns out they tend to reside in… one of the most conservative sub-fields of industrial automation: that of operational technology (that’s OT – not to be confused with IT). OT is “hardware and software that detects or causes a change through the direct monitoring and/or control of industrial equipment, assets, processes and events” (– Wikipedia). Basically, OT relates to an industrial control systems (ICS) environment – sometimes referred to as “IT in the non-carpeted areas”. OT = specialized control systems in factories, power plants, transportation systems, the utilities sector, and the extraction, processing and other heavy industries. Yes – infrastructure; yes – often critical infrastructure. And yes again – it’s in this industrial/critical infrastructure where “dead” computer viruses are found today alive and kicking: around 3% of cyber incidents involving OT-computers these days are caused by this type of malware.

How so?

Read on…

Introducing: KEDR Optimum. Superior enterprise-cybersecurity – with no fluff.

Naming products and services – and also their many different functions and features – in the infosec domain is, in a word, tricky. Why? Complexity…

Cybersecurity: it’s not a one-dimensional object like, say, a boat. There are different sized boats, different types of boats, but a boat is mostly always a boat. But in infosec, a modern system of enterprise cybersecurity does a great many technically complex things, and the question arises: how can it all be labeled simply and catchily (if that’s at all possible) so as to be reasonably easy to understand? And how can you differentiate one security system from another? Often it’s difficult explaining such differences in a long paragraph – let alone in the name of a product or service. Like I say: tricky.

Maybe that’s why Kaspersky is still associated by some with “antivirus software”. But actually, detecting and neutralizing malware based on an antivirus database is today just one of our security technologies: over a quarter century we’ve added to it a great many others. The word antivirus today is more of a metaphor: it’s known, understood, and thus is a handy (if not too accurate or up-to-date) label.

But what are we supposed to do if we need to tell folks about complex, multifunctional protection for enterprise IT infrastructure? This is when strange sets of words appear. Then there are all the abbreviations that come with them, whose original idea was simplification (of those strange sets of words) but which often just add to the confusion! And with every year the number of terms and abbreviations grows, and memorizing them all becomes increasingly… tricky! So today, let me take you on a brief excursion of all this gobbledygook  some of these complex but necessary names, terms, descriptions and abbreviations – so that, hopefully, we achieve the thing the abbreviations themselves struggle with: bringing clarity.

Read on…

Goodbye antivirus. Hello new cybersecurity super-app!

In my review of 2021, I gave a few teasing clues about some upcoming ‘super releases’ of our desktop and mobile products, going so far as promising that this year’s newbie-upgrades will be nothing short of being head-spinningly, show-stoppingly staggering. Well today, finally, in this here post – I’ll be announcing what’s what with all this super-release talk…

Actually, the word ‘super’ isn’t just me bigging up our new and improved tech and products; for we’ve gone and come up with a dedicated cybersecurity super-app for our users in which they can access, control, and tweak all their cyber-protection (plus computer hygiene) needs! No, you’re not having a dream. This is real folks!

All righty. I’ve got your attention, I hope. Now let’s dive in!…

First, as per, a spot of background-history…

Read on…

Cyber-tales from the dark (and light) side: audacious crypto hack, K goes neuromorphic, and how to enter a data-center via a… toilet!

Hi folks!

For those still sweating it out in the office, not lucky enough to have left for some serious digital detox vacationing, herewith, to keep your mind off the heat, some juicy iNews, aka Dark (and Light) Tales from the Cyber Side – yet more extraordinary, hard-to-believe stories from the world of cybersecurity.

Crypto-decrepito

The gaming community will no doubt recall how, this spring, Axie Infinity, the online crypto-game (perhaps most notable for permitting virtual winnings to be exchanged into real money), suffered one of the largest robberies of all time. It appears highly likely that North Korean hackers broke into the Ronin blockchain that controls the game, and proceeded to steal around $625 million (the exact figure varies depending on the source) from users’ accounts! The incident went unannounced for a time, highlighting the vulnerability of the game’s security system, and putting the reputation of its developer behind – Sky Mavis – on the line too.

Oh my gigantic sum! But wait – that’s not all; there’s more!…

Earlier this month it was revealed precisely how the hackers managed to break into the blockchain. Are you sitting down?!…

Several months ago fake employees of a fake company on LinkedIn sent info about fake job vacancies to employees of Sky Mavis. A senior Axie Infinity developer decided to apply. He even got through several rounds of (fake) interviews, after which he was offered an extremely attractive (fake) salary and benefits package. Basically, he was made an offer he couldn’t refuse.

Said offer eventually arrived in the developer’s inbox in the form of a pdf document, which he had no qualms about downloading and opening on his work computer. And that was that – the bad guys were in. Henceforth it was all just a matter of technique: an espionage program infiltrated Ronin, via which they were able to seize four of the nine validators that protect the network. Access to the fifth validator (needed to complete the hack and then steal all the money) was gained by the hackers via the Axie Decentralized Autonomous Organization – a group set up to support the gaming ecosystem. Result – bingo; jackpot!

Read on…

Big-league cybersecurity’s 3 ingredients: analyzing the past, testing the present, and predicting the future. Any extra ingredients = filler.

When the past is studied carefully, a detailed and precise picture of the present can be formed; then, the expert’s analytical mind (better – lots of experts’ analytical minds) can warn about – even predict – the foreseeable future. This is precisely how we here at K can often guess predict accurately how the upcoming evolution of digital maliciousness will pan out. It’s also how we keep abreast of the latest cyberattack trends, which allows us to timely develop the corresponding technologies needed in the fight against the cyber-unpleasantnesses around the corner. There’ve been times when we were mistaken in this expertise-based cyber-prophecy of ours: some types of cyber-awfulness is pretty hard to predict at all – but those instances have always been the exception to the rule; more often than not we’ve been bang on the money.

So how do we manage it? Is it just bearded geeky super-brainy types who do all this analysis and cyber-prophesizing? Actually – no. A lot of it is automated. And that’s to be applauded: a human – no matter how brainy – can’t compete with today’s computing power and algorithms and robots and AI machine-learning. The brainy human is still needed, of course; but why do all the heavy-lifting alone?

It’s the heavy-lifting that I’ll be telling you about today in this post. Technological, science-based heavy-lifting that allows us to predict the future (no mystical fortune-telling à la Baba Vanga:).

Let me start off by telling you about the evolution of our Threat Intelligence Platform (TIP).

I’ll break it down just like in the title: how we analyze the past, test the present, and then we crystal ball predict the future…

Read on…

Cyber-enlightenment: how to effectively catch out the wolves in sheep’s clothing; or – it’s never too late to learn.

Hi folks!

We all know perfectly well that the internet is awash with all kinds of malware – from the primitive amateur-grade to the sophisticated pro-grade. And over the last three months things have gotten a lot worse. The cyberswine are becoming all the more daring, and their methods – all the more advanced and refined. And though battling the cyber-baddies is both worthy and wholly necessary, prevention is always better than cure.

That is, being able to recognize cyber-evil for what it is and in good time is a task of vital strategic importance; all the more so when we’re talking not simply about protecting businesses, but about protecting critical infrastructure – the kit that provides us with the safe, comfortable and stable conditions in which to live.

Accordingly, educating employees how to spot cyberattacks on corporate networks is real important. And yes, we’re the world’s biggest fans of such cyber-enlightenment: we regularly conduct trainings of all different kinds – and also formats: both online (including in real time) and offline, and all under the caring and attentive gaze of our experts.

Not so long ago I wrote on this here blog of mine about our training programs on identifying cyberattacks based on sets of malware characteristics (you can read more about YARA rules here). But here at K, we never stand still, so we’ve gone and upgraded, and today I want to tell you about our new course, which has just been added to our educational portfolio of online training for experts.

So here it is folks – introducing… training on how to respond to (Windows OS) incidents (including ransomware) – the Kaspersky Windows Incident Response course. Btw, earlier this course existed only in offline format and was the most popular among our customers; however, it’s intended for internal teams just as much as for independent cybersecurity specialists who want to further improve their knowledge and raise their qualifications.

Now, according to recent research, top managers of (non-IT) companies, and also owners of businesses seem to overestimate their ability to deal with ransomware – especially if they’ve never come across the problem. And ~73% of companies aren’t able to cope with a ransomware attack even with the help of their IT service contractors. Yes – that’s plenty!

Read on..