iDeath of eVoldemort

Fairy tales and fantasy stories have long dispelled the myth about the invincibility of global storybook power brokers and villains (as for us, for more than 20 years we’ve been busting the very same myth in cyberspace). Every Voldemort relies on security of his diary, his ring, his snake, his… well, I guess you know all about the Horcruxes. And the success of your war on villainy, whether fairytale or virtual, depends on two key qualities: perseverance and intellect (meaning technology). Today I will tell you how perseverance and intellect, plus neural networks, machine learning, cloud security and expert knowledge — all built into our products — will keep you protected against potential future cyberthreats.

In fact, we have covered the technologies for protection against future cyberthreats before (more than once, a lot more than once, and even for laughs). Why are we so obsessed with them, you may wonder.

It’s because these technologies are exactly what makes robust protection different from fake artificial intelligence and products that use stolen information to detect malware. Identifying the code sequence using a known signature after the malware has already sneaked into the system and played its dirty tricks on the user? No one needs that. “A poultice on a wooden leg,” so to say.

But anticipating cybervillains’ patterns of thought, apprehending the vulnerabilities they’ll find attractive, and spreading invisible nets capable of automatic, on-the-spot detection — only a few industry players are capable of that, sad but true. In fact, very few, according to independent tests. WannaCry, the decade’s largest epidemic, is a case in point: Thanks to System Watcher technology, our products have proactively protected our users against this cyberattack.

The key point is: One cannot have too much future cyberthreat protection. There is no emulator or big-data expert analysis system able to cover all of the likely threat vectors. Invisible nets should cover every level and channel as much as they can, keeping track of all objects’ activities on the system, to make sure they have no chance ever to cause trouble, while maintaining minimum use of resources, zero “false positives,” and one hundred percent compatibility with other applications to avoid blue screens of death.

The malware industry keeps developing, too. Cybervillains have taught (and continue to teach) their creations to effectively conceal themselves in the system: to change their structure and behavior, to turn to “unhurried” action modes (minimize the use of computing resources, wake up on schedule, lie low right after penetrating the target computer, etc.), to dive deep into the system, to cover up their traces, to use “clean” or “near-clean” methods. But where there is a Voldemort, there are also Horcruxes one can destroy to end his malicious being. The question is how to find them.

A few years ago, our products beefed up their arsenal of proactive technologies for protection against advanced cyberthreats by adopting an interesting invention (patent RU2654151). It employs a trainable objects behavior model for high-accuracy identification of suspicious anomalies in the system, source localization and suppression even of the most “prudent” of worms.

Read on…

Dutch hacker, big cyber-politics, and the anatomy of ‘real’ fake news.

Almost 21 years ago, I embarked on a mission to make the world a safer, better place. Today, we’re proud to protect with our cybersecurity solutions the digital lives of over 400 million consumers and 270,000 organizations around the world. Like many other companies whose aim is enhancing people’s lives, we also know that the higher you go, the stronger the winds can be. For us these winds include false media reporting. And in today’s environment of ‘media-ocracy’ and fake news, the situation is getting worse.

For nearly four years now, certain U.S. media outlets have been printing outlandishly preposterous false stories about cyber-conspiracies concocted between secret service folks and Yours Truly against the ‘free world’.

Evidence suggests that a Dutch politician is behind a fake story about Kaspersky Lab in the biggest Dutch daily newspaper

These tales from the paranoid side about us all fit the same template. Accordingly, their basic structure and rhetoric are always identical:

  • Unnamed U.S. intelligence officials share certain ‘shocking details’ about [insert as applicable] with a select few representatives of a given media outlet;
  • Anonymous sources are mostly used; any ‘sources’ cited are incompetent/unqualified to be sources;
  • Zero evidence of any wrongdoing on our part is presented (logical: there is no wrongdoing);
  • Distortion of reality based on the Pareto principle (80% truth + 20% fiction = monstrous lie);
  • These media stories are then used as a basis for taking political decisions (proof).

Incidentally, you may be wondering why, if all the stories about us are indeed false, we’ve never taken legal action in the U.S. The short answer to that is that U.S. legislation makes establishing the truth of a media story very difficult. Meanwhile, we get a ‘media-ocracy’ – with ‘news’ that isn’t news at all, just a vehicle for instilling in readers’ minds images of an ‘enemy’, so as to influence the underlying opinions of the people reading those media. But it doesn’t stop there. This non-news is used to justify high-level political moves against the next-in-line-to-be-out-of-favor company. Yes, of late it’s not just KL being pinpointed; this is growing bigger and bigger every month, affecting other companies too.

Worryingly, this media-ocracy is very influential – and highly contagious; so much so that it can now be felt all around the world, not just in America. And that now includes even the Netherlands.

Media-ocracy: vehicle for instilling in readers’ minds images of an ‘enemy’ and using false allegations for taking political decisions. Alas, it’s highly contagious.

On February 3 of this year, the largest Dutch national daily newspaper, De Telegraaf, published a ‘sensational’ article about a hacker who, allegedly, had claimed to have hacked into the network of our Dutch office (from just outside the building) and managed to obtain a number of IP addresses – all as part of a supposed investigation to help uncover a leak in the Dutch parliament – a leak organized to help ‘the Russians’. Inevitable questions like why specifically we were hacked, why those particular IP addresses were obtained, etc. are left unanswered, but for us the key thing to be addressed was the claim that someone had breached our own highly secure corporate network.

So yes, we took the claims very seriously. We’re a cybersecurity company, remember?! So naturally we carried out an internal investigation. And guess what it showed. No hack occurred. But that’s only the start of this sorry tale.

Read on: It gets even more ridiculous…

Features you’d normally never hear about (ver. 2018): KFP – Keeps your Funds Preserved!

When it comes to choosing an item of clothing – the only thing that’s important for me is functionality. Nice packaging, a designer brand, status level and other stuff don’t matter to me one bit. Same with cars really: if one gets you from A to B in good time, safely, and in reasonable comfort (so, maybe with a/c.) that’s all that really matters.

The same ‘ignore the unimportant stuff’ principle should be applied when it comes to one’s choice of cybersecurity product too. One really should – though many don’t – make sure one doesn’t fall for the ‘other stuff’ (= marketing waffle) that has no relation to actual protection. For it turns out that in thorough independent testing, new glamorous ‘next-generation antivirus’ products are shown to contain under their hoods fake artificial intelligence, adopted AV detection, and ‘protection’ full of holes. Put another way: they’re placebos, nothing more. So, in order not to become a victim of shiny marketing based on unsound security, you need to lift the hood yourself to have a look at how things work.

Of course, not everyone has the time and patience and technical knowledge to be able to plough through technical documentation of a cybersecurity product and understand it. But even if someone did, there’s still a chance the developer is mostly spinning a yarn throughout all that techy jargon.

With us, on the other hand, it’s just the opposite: we’re proud of our technologies, openly publish their technical details (without the yarns) and consider that anyone can understand them if explained appropriately. Ultimately we’re the most transparent cybersecurity company around – even to the extent that we’re ready to share our source code for inspection.

But to add to the clarity and accessibility of some of our tech, seven years ago, I started a series of regular posts on this here blog with the technology tag, in which all the main points of our more complex tech features are explained in simple language (complex tech features ‘you’d normally never hear about’, much less – read about in the regular, for-geeks-only technical notes). These are the largely invisible – under-the-hood – features, but they’re the ones that happen to be the real nuts-and-bolts of our cyberprotection.

Ok. Intro over. Today’s post is about how banks recognize a hack into your bank account.

Let’s say that one day you get a message from your bank that goes along the lines of: ‘Suspicious activity has been detected on your account…’. The first thing you do is go over the last few days trying to recall everywhere you’ve been, where you withdrew cash and how much, what you bought in shops/cafes, etc. and/or online, and so on.

In my case, it may look like this: (i) withdrew Norwegian kroner from an ATM in Longyearbyen, Svalbard, Norway; (ii) bought a steak and a beer salad and a mineral water in Oslo Airport, Norway; (iii) bought the missus a present in Schiphol Airport in Amsterdam, Holland – plus another salad and mineral water for lucky me; (iv) somewhere in the vicinity of the Azores bought some airplane internet access time; (v) withdrew some balboas in Tocumen Airport in Panama; and (vi) paid for dinner for a large party in a village not far from Panama City. And that was all in just one day!

Now, of course, to a bank, that string of transactions with a credit card – registered in none of the countries mentioned – sure could look suspicious. Quite who starts the day in the northernmost town in the world, buys an expensive duty free item a while later in a European capital, and ends up in Panama in the evening and forks out for a banquet, but has never taken such an unusual route before ever?

Sure. But let’s face it, banks can’t keep track of their millions of clients. How many employees would they need to do so? No, instead, the bank has a smart automated system (like Kaspersky Fraud Prevention (KFP)) that recognizes fraud automatically and with a high degree of accuracy. Ok, let’s have a look under KFP’s hood and see how it protects your money.

Each client of a bank has a model of behavior: a mathematical graph that contains the devices (computers, smartphones, tablets) and accounts of the user, bank services used (e.g., internet banking), and also rules for interaction among all the just mentioned. The model is built on the basis of collected anonymized data about specific activity of the client on the internet and using mobile bank. Crucially, the system isn’t interested in concrete transactions, sums involved, invoice details, names and so on – banking secrecy remains banking secrecy. Threats are calculated based solely on technical metadata and analysis of anonymized actions.

Such an approach allows to automatically detect many different kinds of cyber-fraud.

Example 1: Citizen X uses his internet banking application on his home computer. To authenticate his identity he uses the USB token given him by the bank. But since for protection he’s installed a next-generation antivirus based on a ‘cutting-edge AI system’, one day a malicious Trojan gets through. That Trojan – assisted by the token being forgotten about and left in the USB port – starts to transfer money on the quiet from Citizen X’s account. But it’s not ‘on the quiet’ for the banking anti-fraud system, which detects the anomalous behavior quickly, blocks the operation and informs the bank’s security department.

KFP control panel

Read on…

Nǐ Hǎo, cyber-chief!

Ni Hao folks!

Last Friday we had the pleasure of receiving none other than Xu Lin, China’s chief of cybersecurity and internet policy. Naturally, it was time to roll out the red carpet.

We’ve been working in China now for more than 15 years. In that time we’ve come a long way: from literally nothing (zero market presence) to a well-recognized brand (Ka-Ba-Si-G; the whole naming thing in China is a whole other story – on for another day) and good contacts in high places. We meet with Chinese regulators regularly (funny, but I’m sure those two words are unrelated:), more often than not in Beijing, but sometimes also in Wuzhen. Well it was Moscow’s turn this time to host one of our meets.

Read on…

An open letter to the management of Twitter.

“When you tear out a man’s tongue, you are not proving him a liar, you’re only telling the world that you fear what he might say.”

Tyrion Lannister, Game of Thrones

Dear Mr. Dorsey and the rest of the senior management of Twitter,

I see that of late you’ve been having concerns about the ‘health’ of your social media platform, and how it can be used maliciously for spreading disinformation, creating social discord, and so on. As a long-time advocate of a safe and friendly internet, I share these concerns! Though I thought my company stood on the periphery of this social media storm, it turns out I was quite mistaken.

If this is a mistake please openly admit this. This would quash any doubts about potential political censorship on Twitter.

At the end of January of this year, Twitter unexpectedly informed us about an advertising ban on our official accounts where we announce new posts on our various blogs on cybersecurity (including, for example, Securelist and Kaspersky Daily) and inform users about new cyberthreats and what to do about them. In a short letter from an unnamed Twitter employee, we were told that our company “operates using a business model that inherently conflicts with acceptable Twitter Ads business practices.”

“OUR DETERMINATION THAT KASPERSKY LAB OPERATES USING A BUSINESS MODEL THAT INHERENTLY CONFLICTS WITH ACCEPTABLE TWITTER ADS BUSINESS PRACTICES”

Huh? I read this formulation again and again but still couldn’t for the life of me understand how it might relate to us. One thing I can say for sure is this: we haven’t violated any written – or unwritten – rules, and our business model is quite simply the same template business model that’s used throughout the whole cybersecurity industry: We provide users with products and services, and they pay us for them. What specific (or even non-specific) rules, standards and/or business practices we violated are not stated in the letter. In my view, the ban itself contradicts Twitter’s declared-as-adopted principle of freedom of expression. I’ll return to that point in a minute, but first let’s look at the others:

Read on: Common sense hasn’t died. It just appears to be having a gap year…

It’s a crypto-minefield out there.

Buzzwords of the 21st century. They come; some go – some stay. Example of the latter: synergy. Remember that one? It used to be bandied about in practically every business presentation given some 15 years ago (apart from mine; no thank you!). And do you recall the Y2K bug? Oh my goodness – that was 18 years ago already :). That too came and went (after having turned out to be much ado about nothing). Out of those that come and stay, there’s… hmmm… leverage, wellness, proactive, paradigm… But I digress.

Back to what I want to talk about today…: specifically tech buzzwords. Which ones spring to mind? Artificial intelligence? Big data? The internet of things? Quantum computing? Or maybe the uber-buzzy cryptocurrencies and bitcoins? These are among the most popular according to Google, too, btw.

Not all buzzwords are silly/nonsense/marketing hype/investor-and-consumer deceiving… sophistry (is that a buzzword? Sure sounds it, but…:). Blockchain is one example. For example, our business incubator is nurturing several blockchain ideas that will change the world for the better in their niches.

Not just to buy Bitcoins but also to sell them

But that’s not what this post is about. Today I want to share my thoughts on the influence of cryptocurrencies on global cybersecurity and how we help users protect themselves from new threats. I’ll also fantasize a little about the future of free internet services and options for monetization of software.

Read on…

B&B: Berlin & Bosch.

I’ve just got myself a +1 to my collection of German industrial exhibitions/conferences, which now runs to a grand total of three. It was Bosch Connected World – both a conference and exhibition that ‘celebrate the Internet of Things’. Hardware & software, robotics, stationary + mobile, automotive, cloud-based, AI… basically all the buzz words – and all here. But everything here is somehow Bosch-connected, either belonging thereto of partnering with it; therefore, it was rather smaller than the other two in my collection: Embedded World and Hannover Messe. The former is about all things cyber-digital-industrial-automotive, the latter – all things industrial in general, not just security.

If you’re already in the computer automation/robotics/smart-whatever field, or are planning on entering it soon, you need to get yourself here. We were here as we’ve decided to attend more vendor-themed events: they’re smaller scale, but more focused. So here we are: welcome to Bosch Connected World!…

Read on: Nice place, proper technology, business opportunities…

KL-2017: the proof of the pudding is in the preliminary financial results.

Hi folks!

Going against tradition just this once, this year we’ve decided not to wait for our official financial audit results, and instead publish preliminary sales results for last year straight away.

The most important business figure of the year is of course revenue. So, for all 12 months of 2017, our products, technologies and services were sold for US$698 million (in accordance with the International Financial Reporting Standards) – a 8% rise compared to the previous year.

Not a bad result at all, if I don’t mind saying so; a result that shows how the company is doing well and growing. What’s more, we have some real promising technologies and solutions that make sure we’ll keep on growing and developing into the future.

But here’s what is, to me, the most interesting thing to come out of the preliminary results: for the first time in the history of the company sales bookings of corporate solutions overtook those of our boxed products for home users – this riding on the back of a 30% increase in the corporate segment.

Another very pleasing fact: the good rate of growth of the business has come largely not from sales of our traditional endpoint products, but from emerging, future-oriented solutions like Anti Targeted Attack solutions, Industrial Cybersecurity, Fraud Prevention, and Hybrid Cloud Security. All together these grew 61%. Besides, forecast growth in sales of our cybersecurity services comes in at 41%.

Geographically, sales bookings in most of the regions overshot their annual targets. For example, in Russia and the CIS sales were up 34% on 2016. In META (Middle East, Turkey, Africa) sales skyrocketed up 31%; in Latin America – 18%; and in APAC – 11%. Japan demonstrated moderate growth (4%), while Europe was slightly below expectations (-2%).

The only region that didn’t do well was, as expected, North America, which saw a fall in sales of 8%. Hardly surprising this one, given that it was this region that was the epicenter of last year’s geopolitical storm, which featured both a disinformation campaign against us and an unconstitutional decision of the DHS. Nevertheless, despite the political pressure, we continue to operate in the market and are planning on developing the business further there.

It only remains for me to give huge thanks to all users, partners, and cybersecurity experts, and to anyone else (including most journalists and bloggers that covered us) for their support, and also a big up to all the KLers around the globe for their continued excellent work in these difficult times. Customer loyalty, impressive growth of the business, and high team morale are all clear indicators of our global success. Well done everybody!

More detailed info on the preliminary financial results can be found here.

7 200 000.

Hi folks!

Along with the snow and ice (at least in my home city), December brings with it an unbearable desire to take stock of the past 12 months, to be amazed at what’s been achieved, and to make plans for the future. Then, after a brief pause for festive fun and frolics, it’s time to get back at it (and them!) once again.

Now, to me, one of the most impressive KL projects of the year – among a whole host of them – was the global launch of our free antivirus. In just several months this product has demonstrated curiously extraordinary success, and it’s that success I want to tell you about here today.

Kaspersky FREE was pilot-launched almost two years ago after an intense public discussion about its functionality. For a year and a half we kept a close eye on how the product worked, also on the user feedback thereon, the effectiveness of the protection, competition with our paid products, and so on… and it all confirmed – we were doing things just right! Then, six months ago, we had the global rollout of our freebie!

Half a year: is that a short or a long time? Well, on an uninhabited island it’s a long time, I guess. But for a popular antivirus it’s no time at all. Still, what can you get done in such a short time? Turns out quite a bit, if you put your mind to it…

First off: back to the title of this post: 7.2 million.

7.2 million is the total number of installations of FREE up until December 1, 2017. Around four million of those are active users, which is a real good result for such a new product. In just November FREE was downloaded nearly 700,000 times: around 23,000 times a day. But what’s even more curiously surprising is the loyalty of the users of FREE: some 2.5 times higher than the trial versions of our paid products: 76% of users who install FREE stay with us for several months of more. Woah. That’s a nice fat figure for Christmas ).

Now a little about the effectiveness of FREE

Although the product is loaded with just the basic essentials of protection (for £39.99 you can get the full suite of protective whistles and bells, including VPN, Password Manager, Parental Control, mobile device protection, etc.), it works on the same anti-malware engine as our other consumer products. In 2017 FREE protected its users from almost 250 million cyberattacks, 65 million detections of which occurred thanks to our cloud-based KSN. In just a year the product detected 17.5 million unique malicious programs and ~50 million malicious websites/pages. No wonder then that FREE is regularly and deservedly in among the top ratings in tests and reviews all around the world with enviable regularity.

There are three more things I think will be interesting to you, dear reader.

Read on…