We SOCked it 2 ’em – and passed the SOC 2 audit!

Last year I told you how, as part of our Global Transparency Initiative, we had plans to undergo an independent audit to receive SOC 2 certification. Well, finally, we can announce that we did undergo this third party audit… and passed! Hurray! And it wasn’t easy: it took a lot of work by a great many of our K-folks. But now that’s all behind us, and I’m very proud that we’ve done it!

So what does this mysterious SOC abbreviation stand for, and (whatever it may be) why is it needed?

Ok. The abbreviation stands for Service Organization Controls, and SOC 2 is a report based on the ‘Trust Services principles and criteria’ of the American Institute of CPAs (AICPA) [CPA: Certified Public Accountants], which evaluates an organization’s information systems relevant to security, availability, processing integrity, and confidentiality/privacy. Put another way, this is a (worldwide recognized) standard for audits of information risk control systems. Its main aim is to provide information on how effective a company’s control mechanisms are (so other companies can assess any risks associated with working therewith).

We decided to seek SOC 2 to be able to confirm the reliability of our products and prove to our customers and partners that our internal processes correspond to the highest of international standards and that we’ve nothing to hide. The audit for us was conducted by one of the Big Four accounting firms (I can’t tell you which as per the respective contract’s terms and conditions, in case you were wondering). Over the past year different K-departments have been working closely with the auditors sharing with them all the information they’ve needed, and that includes R&D, IT, Information Security, and our internal audit team.

The final report, which we received this week, confirms the soundness of the internal control mechanisms used for our automatic AV database updates, and also that the process of developing and launching our antivirus databases is protected against unauthorized access. Hurray!

And if you’re a customer, partner or state regulator, please get in touch if you’d like to see a copy of the report.

That’s all for today folks, but I’ll be back tomorrow with a quick rewind back to STARMUS and some more detail of the presentations thereat.

Meanwhile, privyet, from…

Cyber-news from the dark side – cyber-hypocrisy, an eye for a Mirai, GCHQ-watching-you, and keeping BlueKeep at bay.

Hi folks!

Let’s kick off with some good news….

‘Most tested, most awarded’ – still ).

Just recently, the respected independent test lab AV-Comparatives released the results of its annual survey. Taking place at the end of 2018, the survey, er, surveyed 3000 respondents worldwide. Of the 19 questions asked of each, one was ‘Which desktop anti-malware security solution do you primarily use?‘. And guess which brand came top in the answers for Europe, Asia, and South/Central America? Yes: K! In North America we came second (and I’m sure that’s only temporary). In addition, in Europe we were chosen as the most frequently used security solution for smartphones. We’re also at the top of the list of companies whose products users most often ask to test, both in the ‘home’ segment and among antivirus products for business. Great! We like tests, and you can see why! Btw – here’s more detail on the independent tests and reviews that our products undergo.

“Thou hypocrite, first cast out the beam out of thine own eye;
and then shalt thou see clearly to cast the speck out of thy brother’s eye.”
Matthew 7:5

In May, yet another backdoor with features reeeaaal useful for espionage was discovered. In whose tech was the backdoor found? Russia’s? China’s? Actually – Cisco‘s (again)! Was there a hullabaloo about it in the media? Incessant front-page headlines and discussion about threats to national security? Talk of banning Cisco equipment outside the U.S., etc.? Oh, what, you missed it too?! Yet at the same time, Huawei’s international lynching is not only in full swing – it’s in full swing without such backdoors, and without any convincing evidence thereof whatsoever.

source

Read on…

Flickr photostream

Instagram photostream

The pig is back!

Hi folks!

Once upon a time, long, long ago, we had a pet pig. Not a real one – and it didn’t even have a name – but its squeal became a famous one. Now, those of you who’ve been using Kaspersky Lab products for decades will no doubt know what I’m referring to. For the relative newbies among you, let me let you in on the joke…

In the cyber-antiquity of the 1990s, we added a feature to our AV product: when it detected a virus, it gave out a loud piggy-squeal! Some folks hated it; others loved it!

source

But after a while, for one reason or another, eventually the piggy squeal disappeared; incidentally – as did the ‘K’ icon in the tray, replaced by a more modern and understandable symbol.

Now, any good company has a circle of devoted fans (we even have an official fan club), and we’re no exception. And many of these fans down the years have written to me imploring us to ‘Bring back the pig!’ or asking ‘Where’s the ‘K’ in the Taskbar gone?!’

Well not long ago, we figured that, if that’s what folks want, why not give it to them? And since these days customizing products is really simple… that’s just what we did. So, herewith, announcing…

the return of the piggy! :)

Right. So how do you actually go about activating its squeals and bringing back the ‘K’? Here’s how:

In one of the most recent versions of our personal products was added an update (19.0.0.1088(e), which, btw, internally is codenamed ‘K icon and pig’!). And the update works for all our personal products: KFA, KAV, KIS, KTS, KSC and KSOS.

All this talk of piggies and Ks… but might they affect the quality/ speed/ efficiency/ effectiveness/ whatever of our products? Simple answer: no – in no way at all. Nice. Right – back to all this talk of piggies and Ks…

Here are the instructions:

  1. Make sure you have update 19.0.0.1088(e) or later, with the default settings applied;
  2. Make sure you have Windows 7 or older (for example XP) (sorry folks, this doesn’t work on Windows 10);
  3. Right-click on the product’s icon in the Taskbar, choose ‘About’, and here we apply some magic…
  4. Now type IDKFA (in caps, like here);
  5. Next – download a test file (a file that pretends to be a virus): eicar test file;
  6. The file won’t download though (the product blocks it in the browser), and instead of the download window opening – you guessed it: piggy squeal;
  7. There’s another way of doing it: pause the protection. Bingo!

You can change the icon in exactly the same way, only you need to type IDDQD instead of IDKFA. Btw: if you type it a second time, the icon will revert back to the standard one.

And if you’re wondering why on earth you need to type IDDQD or IDKFA, check this out ).

So there you have it. The pig is back. As is the K! Well, we had to make up for the ‘Lab’ being dropped, right? )

 

Enter your email address to subscribe to this blog

Hey startups, want to become a global company?

About five years ago we launched an interesting project – our own Business Incubator . Why? Because there are a lot of great ideas out in the wild that need nurturing to grow and develop into something great. And we have the resources to help them do this! So we’ve been scouting for cool innovative ideas and giving startups ‘wings’ to fly.

One of the most successful examples of projects from our Business Incubator is Polys, launched in 2017. It’s an online platform for electronic voting based on blockchain. I’ve already mentioned it in this blog. But briefly: it’s safe, anonymous, unhackable, and what I think is more important – very easy to use and suitable for any kind of voting. I personally believe that the future of voting is indeed online and blockchain. Polys has already been officially used by Russian political parties, student bodies, and regional government organizations. And I’m sure that these are just the first steps of this KL nestling.

We’ve another up-and-coming Incubator project on board – Verisium. This is an IoT platform for customer engagement and product authentication. Especially needed in the fashion industry, it helps fight the counterfeiting of luxury products, and gives brands the ability to track product lifecycles and gain marketing insights into how products ‘live’ and perform. Verisium has already launched a number of joint projects with Russian designer brands – involving clothes with NFC chips on blockchain.

source

However, though it’s doing really well, the Incubator wasn’t enough for us. So we decided to scale-up the way we work with startups and innovative companies, while focusing on something we know rather well… cybersecurity!

At the end of May (so, in a matter of days) we’re launching a new program that will run globally – the Kaspersky Open Innovations Program. We’re doing it to build an ecosystem that allows for transparent conversation and fruitful collaboration between businesses and innovative cybersecurity companies around the globe.

To start-off, we’re launching a global startup challenge. We’ll be looking for startups that already have products, or MVPs, or even prototypes; we’ll be looking for those who already have something to sell, or already have had some sales and now need more. Since we’ll be neither investing in these companies, nor acquiring them, we’ll keep the focus on finding solutions that can truly benefit from being embedded with our technologies or integrated with them to maximize protection capabilities.

Another goal will be to take the results of our collaboration with startups – and their many new innovative products, solutions, services, etc. – to companies of different sizes around the world.

So, if we’re not investing and not acquiring, what are we actually offering? As a global company, we’ll help startups scale up globally by supporting their further product and business development. But probably most importantly, we’ll be providing an opportunity for startups to build a partnership with us and a chance to sit at the same table with the big guys and global companies.

Join now and take your business worldwide!

source

Cyber-news from the dark side – ver. SAS-2019.

Hi folks!

Herewith, the next in my series of occasional iNews, aka cyber-news from the dark side updates – this one based on some of the presentations I saw at our annual Security Analyst Summit in Singapore last month.

One of the main features of every SAS is the presentations given by experts. Unlike other geopolitically-correct conferences, here the analysts up on stage share what they’ve discovered regarding any cyberthreat, no matter where it may come from, and they do this based on principle. After all, malware is malware and users need to be protected from all of it, regardless of the declared virtue of the intentions of those behind it. Just remember the boomerang effect.

And if certain media outlets blatantly lie about us in response to this principled position, so be it. And it’s not just our principles they attack – for we practice what we preach: we’re way ahead of the competition when it comes to the numbers of solved cyberespionage operations. And we’re not planning on changing our position in any way to the detriment of our users.

So here are a few synopses of the coolest investigations talked about at SAS by the experts behind them. The most interesting, most shocking, most scary, most OMG…

1. TajMahal

Last year, we uncovered an attack on a diplomatic organization from Central Asia. Of course, that an organization like that is interesting to cybercriminals should come as no surprise. The information systems of embassies, consulates and diplomatic missions have always been of interest to other states and their spy agencies or generally any bad guys with sufficient technical ability and financial wherewithal. Yes, we’ve all read spy novels. But here was something new: here a true ‘TajMahal’ was built for the attacks – an APT platform with a vast number of plugins used (we’ve never seen so many used on one APT platform – by far) for all sorts of attack scenarios using various tools.

The platform consists of two parts: Tokyo and Yokohama. The former is the main backdoor, which also fulfils the function of delivery of the latter malicious program. The latter has very broad functionality: stealing cookies, intercepting documents from the printer queue, recording VoIP calls (including WhatsApp and FaceTime), taking screenshots, and much more. The TajMahal operation has been active now for at least five years. And its complexity would suggest that it’s been built with more than one target in mind; the rest remain for us to find…

Details of this APT-behemoth you can find here.

Read on…

SAS-2019: a lot more – in Singapore.

Hi folks!

My April journeying continues. It’s already seen me visit such charming cities as Hanover, Baku and Dubai (reports thereon coming soon). Next stop – Singapore. The garden city, the island wonder – one of my fave cities on the planet, if not the fave. But oh it’s hot. And, oh, it’s humid. But it still remains the city of the future. Maybe that’s why I like it so much?…

First, a few ok pics (mine), and some really good pics (not mine; I still need practice) of this wonder-city – by day, by night, of the ships waiting in line for access to the port:

So why was I here (as if I needed a reason)? Because the annual Security Analyst Summit was being held here – the eleventh! And it was… hmmm – I’ll get to that in a bit…

First – how does one go about gauging the success of a SAS? How do you measure it? Was it totally awesome, or just so-so, or something else? Well, IMHO, you can tell if it was totally awesome if, afterward, you have a strange, somewhat paradoxical feeling: on the one hand you have nothing but positive emotions – a euphoric aftershock that just won’t go away. On the other – you’re already aware that something’s sadly lacking in your life, and will stay lacking for another year – the buzz of a SAS! And on the other – third?! – hand, you feel a little… afraid – when you wonder just how on earth next year’s event will be made even better than this year’s! But then you remember how every year after a SAS you think the same thing – and the following year’s event does turn out even better, and you start to feel better again. All these psychological symptoms together should really be called ‘post-event syndrome’. Must remember that term for next time…

Oops. I’ve digressed. Let me get back to ‘was it good?’. It was, as I hope the previous paragraph indicates. But also – have a look at all the comments, links, likes…

If you’re a new reader here, and maybe SAS is new to you too, briefly, SAS is: an annual event bringing together experts (and the press, bloggers) from all over the world to basically talk to each other, in an informal setting, all about cybersecurity. Announcements, presentations, achievements, challenges, industrial CTF, etc., etc. For a bit more on the SAS template, go here.

Next up: where, why, how, who, from where…

SAS-2019 brought on a ferocious bout of post-event syndrome, whose intensity was all the more acute due to fears that some folks might pull out due to geopolitical reasons. But in the cybersecurity industry folks think with their heads and aren’t swayed by sensational headlines. After all, battling the cyber-baddies is only effective when done together, exchanging information, and telling each other about our victories over the computer underground. Cybercriminals know no borders. And the cyber-goodies shouldn’t be limited by them either. And I’m so glad that our colleagues and competitors in the industry feel the same way.

So, there we were fearing no-shows, but in the end not only did everyone turn up but even more did than we expected! But that figures really – for who doesn’t want to get better acquainted with the company that’s being targeted because it takes a principled stand on protecting users from any cyber-vermin, no matter who may be responsible for it and no matter how much it roils certain very powerful cyberwar-mongers. SAS-2019 broke all its own records: 500+ guests, 100+ contributors, 34 countries represented, ~70 presentations, ~10 workshops and training sessions, and more coverage on social media and in the press than ever before.

Right, where did it all start this year. Ah yes, like every year – it all starts actually months in advance when a countdown clock starts showing the number of days, hours and minutes there are left until the event. Fast forward to the morning of the first day, and those clocks have just minutes left, and the anticipation is hitting fever pitch… All the kit and chairs are in place, microphones fully charged, lighting and visual effects all set up, cameras ready (prepare to flash)…

One minute left…

And we’re off!

After a short welcoming speech, I was pinged to get up on the stage. Of course I obliged, gave a very warm warm-up speech, and also took some pics of the audience from the stage. Why should the audience have all the happy-snapping fun, eh? )

After me it was expert after expert sharing their stories – each one fascinating…

This year the number of presentations was the highest it’s been, as mentioned above, but the diversity of types of presentations was real wide too: some were very technical; others were more business-oriented; there were special training sessions on reverse engineering and other methods for pursuing the cyber-swine; a mini-exhibition; an open presentation room for rooky specialists, and a new feature called SAS Unplugged… As to the best of the best content – that will be coming up shortly in a separate cyber-news-from-the-dark-side post.

This year’s SAS brought us for the first time the following:

  • Separate cybersecurity white-hat hacking streams;
  • A small exhibition of participating companies;
  • Industrial topics;
  • Lots of other stuff, but I can’t quite remember it all.

Come the evening, though everyone was no doubt tired trying to take in all the new information of the day, we all headed to a super seafood restaurant I always visit when in town. Yeh! Yum!

And that was that – almost. Time left only for the final few mega-presentations that are traditionally saved till last. They really were something. If interested – have a search for them on the internet.

Then it was my turn again up on stage. ‘Thank you all for coming’, and the obligatory back-at-you pic:

PS: A big thank-you to Roman Rudakov. His ‘masterpiece button’ provided most of the photos in this post.

PPS: Briefly about where we held this year’s SAS – the Swissotel Stamford, where I’d stayed before, and which I only had negative recollections of. Not that I’m fussy when it comes to hotels. I’m comfortable up a mountainside in the cold and spending the night in a tent, but if a hotel says it’s a 5* hotel on the tin, I expect that’s what’s inside it too. Here, back in 2017 that wasn’t the case. However, this year I was very pleased with the place. Everything seemed to be in fully working order, everything seems to have been renovated, with everything shiny and new somehow. The one thing that they haven’t gotten round to is providing decent Wi-Fi, but that’s all:

Yes, I know – I still use Far Manager! I’m used to it, that’s all ).

Well that’s it for today folks, but I’ll be back with more tomorrow…

All the pics form SAS-2109 are here.

Auto-future – today.

Having recently been in Maranello to see the unveiling of the new Ferrari F1 racing car, I want to return to the automotive theme for this post. Because coming up there’s a new chapter in the ~250-year history of the automobile. It’s a biggie in itself, but there’s a security aspect of this new chapter that’s even bigger. But I’m getting ahead of myself. Time to engage reverse, and go over this biggie first…

Of late, the headlines have been pretty interesting regarding the modern automobile– plus what one will look like in a few years to come. Examples: California will legalize the testing of self-driving cars on public roads, Swedish gravel trucks will load up, drive for miles and unload with no driver at the wheel, and KAMAZ has come up with a driver-less electric mini-bus. Google, Yandex, Baidu, and who knows how many other companies from different spheres and countries are developing driverless projects. Of course, some of the headlines go against the grain, but these are mere exceptions it seems.

And just recently I was at the food processing plant of Barilla (our client, btw) in Italy, and saw more automation than you can shake a spatula at: the automated conveyor delivers up tons of spaghetti; robots take it, package it, and place it into boxes; and driverless electric cars take it to and load it into trucks – which aren’t yet automated but soon will be…

So, self-controlled/self-driving vehicles – they’re here already, in some places. Tomorrow, they’ll be everywhere. And without a trace of sarcasm, let me tell you that this is just awesome. Why? Because a transportation system based on self-driving vehicles that operate strictly to a set of rules, has a little chance of degradation of productivity. Therefore, cars won’t only travel within the prescribed speed limits, they’ll do so faster, safely, comfortably, and of course – automatically. At first there’ll be special roads only for driverless vehicles, later – whole cities, then countries will be driverless. Can you imagine the prospects for the upgrade market for old driver-driven cars?

That out the way, now comes the interesting bit – the reason for so many words in this here blogpost. Let’s go!…

Read on…

New transparency – in Madrid!

Hola, amigos!

Toward the end of last year we opened our first Transparency Center and a Data Center in Zurich, Switzerland, dedicated to processing data for our customers in Europe. Though that’s just short of five months ago, it’s become clear that this large-scale project reflects perfectly the current concerns regarding the cybersecurity industry in today’s geopolitical climate.

Both the business community and government agencies are reeeaaaal keen on one thing at the moment: crystal clear transparency. And no wonder! In times when any company can be accused at the highest official level of whatever digressions can be thought up – with zero evidence (are you following the Huawei saga?) – both business and state regulators all over the world are left with no other option than to conduct their own analysis and seek out the actual facts (and also use something that is alarming lacking of late: common sense).

It was for this reason that our first Transparency Center has turned out to be both very timely and very useful: it’s visited regularly by our partners and European officials. And I’m very pleased that we’ve become pioneers in the cybersecurity industry with our global openness initiative.

And on the back of the early successes of our Zurich centers, to continue the meet the needs of the market we’re opening another Transparency Center – in Madrid. Hola, amigos! Besides, by the end of the year we’ll open yet another – in Asia.

The function of the new centers will be the same: accessing both our source code and updates. And in Spain colleagues will be on hand to tell visitors about the finer details of our technologies, products and services – in the showroom there.

So, soon, expect to see the pics from the grand opening – right here on this blog. Stay tuned!

Kaspersky Lab’s Data Center in Zurich

And just in, some more news on the theme of ‘demolishing myths’…

We’re publishing some research findings of a respected independent expert on Russian legal matters – Prof. Dr. Kaj Hobér of Uppsala University, Sweden. The professor has been studying the intricacies of the Russian legal system now for more than 30 years. He started this back when Russia was still in the Soviet Union, having lived for several years in Moscow. And he’s been an arbiter in over 400 arbitration cases. In short, a very impressive CV and a very impressive individual, whose utmost professionalism it’d be hard to doubt.

His research concerns three Russian laws relating to the processing and storage of data. Now, some ‘experts’ and journalists often make reference to these laws when they write about KL. But doing so is just soooo off the mark! This independent analysis proves how we (KL) aren’t bound by any of the three laws – for one simple reason: we aren’t an internet service provider or mobile phone company! For it’s only internet providers and mobile operators that are bound by the three laws. We aren’t. And that’s that! So, let’s take, say, the Yarovaya law: it’s not our headache at all, as it doesn’t affect us at all!

So please, dear experts and journalists and bloggers, please base your judgements on facts, logic, and now independent irrefutable expert analysis – not on the country a company may hail from or on the sensationalist false allegations serving the current geopolitical agenda.

 

Industry, infrastructure and IoT – we protect the lot.

Hi people!

Many folks still think we’re just an anti-malware company. Wrong!

Many folks think we’re an anti-malware company that protects their computers and smartphones from any and all kinds of cyber-evil better than anyone else. Right!

Thing is, we’re not just an anti-malware company anymore; far from it. For years already we’ve been providing broader cybersecurity faced with the broader and broader spectrum of cyber-bad that the world is coming up against. This includes protection against: cyberattacks on both the Internet of Things and industrial facilities.

We’ve been warning about the potential for cyberattacks on industrial objects and critical infrastructure for more years than I can remember now. We were banging on about it even before Hollywood got wind of this alarming potential, and that was in the mid-2000s. And we weren’t just banging on about it either; we were busy at work on serious protection technologies to fight it. I’ve mentioned these before, but, briefly: industrial cybersecurity, transportation cybersecurity, IoT protection, and our own secure operating system. And you won’t find many cybersecurity companies around the world that offer a range of products and technologies as wide as that.

All the same, still, today – in 2019! – we’re ‘that anti-malware company’ to a great many. However, very slowly, how we are perceived is changing. And that’s not just what I see myself – there are figures that prove it. Example: global sales of our industrial infrastructure solutions (KICS – industrial ‘antivirus’ :) ) grew in 2018 by 162%! And such growth was seen across nearly all regions – Europe, Latin America, the Middle East and Africa, Asia-Pacific, and Russia. We’ve already completed 80+ projects worldwide for a wide range of industries from power generation, mining and oil refinery, to beverage production.

Both the scale and complexity of threats in the industrial sphere are on the up; what’s more, at stake here is critically important infrastructure like… nuclear power plants. I’m sure I don’t have to tell you how serious that is. On the brighter side, thankfully, our industrial/infrastructure customers understand that protecting their kit requires an individual, tailored approach to each facility and each of its automated industrial control systems (ICS).

Btw, in 2018 our KICS was given as an example in four subsections of multifaceted ‘Operational Technology Security’ in a study by Gartner, the global research and advisory company. To me this shows one thing: that we’re the recognized leaders in the industrial cybersecurity market. Ahhh, that feels satisfying. All that work and investment hasn’t been for nothing!

But besides cutting-edge industrial security, we also have other new services and products. For example, Blockchain Security; specifically, Crypto-Exchange Security and ICO Security (ICO being ‘initial coin offering‘; like an IPO, only with cryptocurrencies, and mostly for startup companies). And we already have some successful projects under out belt! Which is nice to know since Gartner reckons that the blockchain market, come 2030, will be worth more than… three trillion dollars! Already today crypto-exchange turnover comes to more than 300 billion dollars, out of which around 1.2 billion was stolen… in just 11 hacker attacks. Looks like we’ve got our work cut out for us. Oh well. No rest for the wicked awesome ).

So what else have we in our box of tricks? Ah yes…

Now, you’ll know how the whole world these days buys, sells, and generally does business mostly online, right? What you may not know about is our solution to protect all that online business – our Fraud Prevention. It’s made up of all sorts of very cool security technologies, including behavioral biometry and machine learning (details here and here).

Another must-have for business is our DDoS Protection. This uses special sensor software that gets installed on a company’s server. It monitors traffic to collect data for behavioral analysis; it builds up this data to continually improve its ability to detect even the most subtle of behavior anomalies that are characteristic of the start of a DDoS attack. The service is full-on all-inclusive too: notifications are sent immediately about possible attacks, and there’s an option for all the traffic of a company to be redirected to KL’s Cleaning Centers and for only ‘clean’ traffic to be returned to the company. And after an attack a full report on its detailed analysis is sent to the company.

It’s all very well having all this super-duper cyber-tech, but what good is it if the human element isn’t taken into account? In crisis situations, often the PR people of an attacked company take by far not the best decisions, since they don’t really know what’s going on or what to do. Instead of minimizing damage, they make it worse with ill-advised announcements or – worse – not announcing anything to customers/the public. Therefore, we have KACIC – a set of anti-crisis communications tools backed by the whiz kids in our PR team, who understand better than most all the reputational risks of an attack on IT infrastructure. Forewarned is forearmed!

As the Fourth Industrial Revolution continues to develop and the IoT market grows and grows to change every sector of the economy (manufacturing, agriculture, commerce, urban infrastructure, transportation…), we’re putting lots of time and investment into transportation cybersecurity and protection of IoT devices; so much so I think our next breakthrough tech solutions will be in these fields. That time and investment runs parallel with my frequent calls for a thing I call ‘cyber-immunity’, which needs to replace what we have now – ‘cybersecurity’. This means a protective layer at the very core of system architecture, not placing one on top of essentially un-secure systems based on outdated technologies. We’ve already learned how to do this for IoT gadgets; next up – well, the sky is the limit!…