Last week, Kaspersky Lab was in the spotlight again in another ‘sensational’ news stream.

I say ‘again’ as this isn’t the first time we’ve been faced with allegations, ungrounded speculation and all sorts of other made-up things since the change of the geopolitical situation a few years ago. With the U.S. and Russia at odds, somehow, my company, its innovative and proven products as well as our amazing employees are repeatedly being defamed, given that I started the company in Russia 20 years ago. While this wasn’t really a problem before, I get it– it’s definitely not popular to be Russian right now in some countries.

For some reason the assumption continues to resonate that since we’re Russian, we must also be tied to the Russian government. But really, as a global company, does anyone seriously think we could survive this long if we were a pawn of ANY government? Our whole business is based on one thing – besides expertise – and that’s trust. Would we really risk our whole business by undermining our trustworthiness?

Especially given that the best non-Kaspersky Lab security researchers (hackers) are constantly scouring our code/products to find and report vulnerabilities. In fact, we even have a public bug bounty program, where we pay researchers to examine our products and search for any issues or possible security concerns. If there was anything suspicious or nefarious to find, they would have publicly shouted it to the roof tops by now.

Read on: Five destructive repercussions of a technology sanctions game…

Last fall, in our domestic market we turned to the Federal Antimonopoly Service with a complaint against Microsoft regarding its anti-trust legislation violations.

Despite the long silence on the airwaves, the matter was in fact slowly but surely being addressed. And don’t pay any attention to inaccurate reports about not filing similar claims with the EU Commission: that was off the back of an interview I gave in Germany in which it looks like a fact or two went astray – perhaps lost in translation. We are definitely not planning on ‘temporarily backing off’ filing our competition complaint with the EU Commission.

And anyway, instead of reading reports it’s always better hearing it from the horse’s mouth, as they say… So here I am with real news and confirmed details and plans that I can share at the moment compromising neither ethical nor legal norms.

Ok. Let’s begin…

First off, as was expected, Microsoft disagrees with our claims. ‘We did not create conditions…’, ‘we have not infringed…’, and even: ‘we do not dominate…’ But facts are stubborn things, and despite the formal denials, Microsoft has, in fact, taken a few crucial steps toward rectifying the situation. And it looks like our actions might have helped encourage Microsoft to do so. Of course, there’s still more that needs to be done, but this is at least a good start toward ensuring that consumers have the chance to choose the best cybersecurity solution for them specifically.

It appears Microsoft took a two-pronged approach: (i) formal denials (which is logical); and (ii) specific (although small) practical steps to meet both users and independent software developers half-way.

I’ll leave out the formal denials here, but in this post I want to tell you a bit about those ‘practical steps’ that were recently taken by Microsoft. Let’s have a look at three notable examples thereof:

Example No. 1: The Alarming Windows Defender PC Status Page.

One of the claims we made against Microsoft regarded the misleading Windows Defender PC status page, pictured below:

The good news is that Microsoft has changed the previously displayed status page in a recent update, addressing several of the confusing and misleading elements we described.

So, what was the original status page for and what were our objections?

Read on: the right direction…

Such is the way Homo Sapiens are: we’re constantly – even recklessly – looking to the future to try and work out what it might hold for us. Many say we should all live in the present – after all, the future never comes – but, well, that doesn’t work for everyone, and most of us do need to make at least some plans for our futures.

But there are different approaches to looking ahead.

There’s belief in fate, pure guessing, flipping a coin, and so on. There’s also not thinking about the future at all. But there’s a far superior, science-based approach too. This is doing the eastern spirituality thing a bit – not quite being in the present but carefully analyzing the present instead – to be able to predict the future as accurately as possible. And this is exactly what is done to predict the cyber-future; in particular – the security of the cyber-future. And that’s what we do – little by little every day, but also broadly and deeply and especially – and merrily – every year, when we bring together the world’s cybersecurity elite for a week-long pow-wow in a tropical seaside resort, which pow-wow we call the Security Analyst Summit (SAS):

Oops – wrong vid. Here u go…:

Dough! Nope. This one:

I don’t know quite how it’s done but every single year SAS just gets better. I mean, it’s always been GReAT, but the GReATness just keeps going up and up: more experts, better quality content, better and more original ideas, slicker, cooler, and more and more world scoops and exclusive material.

And it’s exclusive material that I’ll be writing about in this here post. Specifically, my Top-5 favorite presentations from SAS-2017. I’m not saying the others were no good or just so-so, it’s just I wasn’t physically able to see them all as they were running simultaneously in different halls. Also – everyone has their own taste; well here’s a guide to mine!…

Off we go!…

Read on: A Maze for a Penguin Under the Moonlight…

Human beings are a curious lot. It’s in their nature to try and get to the ‘whys’ and ‘hows’ of everything and anything. And this applies in cybersecurity too; in fact – doubly so: getting to the ‘whys’ and ‘hows’ of cyberthreats is the very basis upon which cybersecurity is built; thus, upon which KL is built.

Getting to the ‘whys’ and ‘hows’ for us means meticulously taking apart every cyberattack into its respective constituent pieces, analyzing it all and, if necessary, developing specific protection against it. And it’s always better to do this proactively, based on the mistakes of others, and not waiting until what we protect is attacked.

To solve this challenging task we’ve a slew of intelligence services for enterprises. In this collection of cyber-precision-tools there’s staff training, security intelligence services to come up with detailed information about discovered attacks, expert penetration-testing services, app-audits, incident investigations, and more.

Well now the ‘and more’ includes our new service – KTL (Kaspersky Threat Lookup) – the smart microscope for dissecting suspicious objects and uncovering the sources/tracking histories of cyberattacks, multivariate correlations, and degrees of danger for corporate infrastructure. Quite the X-ray for cyberthreats.

Actually, all our users already has the lite-version of this service. The security rating of a file can also be checked with our home products, but enterprise customers need a deeper, more thorough analysis of threats.

To begin with, KTL can be used to check not only files, but also URLs, IP addresses and domains. It can analyze objects for the hallmarks of targeted attacks, behavioral and statistical specifics, WHOIS/DNS data, file attributes, download chains, and others.

Read on: Special search engine…

If you’re a regular reader of this here blog of mine, you’ll know about our GReAT (Global Research and Analysis Team) – 40+ top-notch cybersecurity experts dotted all around the globe specializing in protecting our customers from the most sophisticated cyberthreats out there. GReATers like to compare their work to paleontology: exploring the deep web for the ‘bones’ of ‘cyber monsters’. Some may consider this an old-fashioned approach: what’s so special about analyzing the ‘bones’ of ‘creatures’ from the distant past when it’s protecting your networks from monsters that are alive now that’s key? Well, here’s a fresh story that proves that sometimes you won’t find today’s living monsters without looking at old ones…

Some of you will be aware of so-called wipers – a type of malware which, once installed on an attacked PC, completely wipes all data from it – leaving the owner of the computer with a completely clean, hardly operating piece of hardware. The most famous (and infamous) wiper is Shamoon – malware which in 2012 made a lot of noise in the Middle East by destroying data on 30,000+ endpoints at the world’s largest oil company – Saudi Aramco, and also hitting another energy  giant – Rasgas. Just imagine: 30,000+ pieces of inoperable hardware in the world’s largest  oil company…

Curiously, since it’s devastating campaign against the Saudi company in 2012, little has been heard of Shamoon, until it returned in 2016 as Shamoon 2.0, with several new waves of attacks – again in the Middle East.

Since the new waves of Shamoon attacks began, we’ve been tuning our sensors to search for as many versions of this malware as possible (because, let’s face it, we don’t want ANY of our customers to EVER be struck by malware like Shamoon). And we managed to find several versions – hurray! But together with our haul of Shamooners, our nets unexpectedly caught a completely new type of wiper malware, which we’ve named StoneDrill.

The code base of StoneDrill is different to that of Shamoon, and that’s why we think it’s a completely new malware family; it also utilizes some advanced detection avoidance techniques, which Shamoon doesn’t. So it’s a new player, for sure. And one of the most unusual – and worrying – things we’ve learned about this malware is that, unlike Shamoon, StoneDrill doesn’t limit the scope of its targets to Saudi Arabia or other neighboring countries. We’ve found only two targets of this malware so far, and one of them is based in Europe.

Why is this worrying? Because this finding indicates that certain malicious actors armed with devastating cyber-tools are testing the water in regions in which previously actors of this type were rarely interested.

Read on: more wipers!…

And now, boys and girls, woo-hoo! Today is a day when woo-hoo’ing seems the most appropriate thing to do. Like this: WOO-HOO!!!

Why, you say?

We’ve officially launched a secure operating system for network devices, industrial control systems, and the IoT. The OS was originally conceived on November 11; that’s why we refer to it by the code name 11-11. It was a very long development cycle, for sure: we worked on the project for 14 solid years and have even run a real-world pilot test roll-out. Now the OS is ready for consumption is available for deployment by all interested parties in a variety of scenarios.

I’ll spare you all the nerdy detail, but if you do want the techy info – here it is. I’d rather focus on the things we left out of that post, so I’ll answer some frequently asked questions and debunk some myths about our new OS.

Read on: literally not Linux…

Of course, I’m bound to get a lot of spam in my inbox – probably more than most. Decades of giving out my business card left, right and center; our domain included on presentation slides, in publications and catalogs and so on. Then there’s my email address’s simplicity. Sometimes employees’ blown email addresses we ‘leave out in the cold’ as spam honeypots while setting up new, slightly amended email addresses for the employee. But we can’t have that for me now can we? No. Because – first – I need to keep track of precisely who the enemy is, and – second – I want to personally be able to monitor the quality of our antispam protection. And I also don’t mind a few extra laughs now and again.

Much like entomologists with their butterflies, I file all incoming spam in a separate folder, check out the verdicts, and determine tendencies and false positives, while I forward missed samples to our antispam lab.

Curiously, since the beginning of the year the amount of spam has gone through the roof! And after studying its structure and style, it looks like most of it comes from one (1) source! Almost all the messages were in English (with just two in Japanese), and – main thing – 100% of this spam was detected by our products! I turned to our specialists… – and it was confirmed: it was a huge tsunami-like wave of a specific type of spam – snowshoe spam. This is unusual as normally around New Year spam activity falls in volume.

* Data for 1-10 January

And here’s the data on how the share of snowshoe spam changed on the most active day – January 7 – in the inboxes of our corporate domain:

So just what is this snowshoe when it’s at home, and how can it be protected against?

Read on: Snakeoil…

Hi folks!

Herewith, the next installment in my ‘Uh-oh Cyber-News’ column – the one in which I keep you up to date with all that’s scarily fragile and frailly scary in the digital world.

Since the last ‘Uh-oh’ a lot has piled up that really needs bringing to your attention. Yep, the flow of ‘Uh-ohs’ has indeed turned from mere mountain-stream trickle to full-on Niagara levels. And that flow just keeps on getting faster and faster…

As a veteran of cyber-defense, I can tell you that in times past cataclysms of a planetary scale were discussed for maybe half a year. While now the stream of messages is like salmon in spawning season: overload! So many they’re hardly worth mentioning as they’re already yesterday’s news before you can say ‘digital over-DDoSe’. “I heard how they hacked Mega-Corporation X the other day and stole everything; even the boss’s hamster was whisked away by a drone!”…

Anyway, since the stream of consciousness cyber-scandals is rapidly on the up and up, accordingly, the number of such scandals I’ll be writing about has also gone up. In the past there were three of four per blogpost. Today: seven!

Popcorn/coffee/beer at the ready? Off we go…

1) Infect a Friend and Get Your Own Files Unlocked for Free.

Read on: Effective Hacker Headhunting…

Recently, sharp-eyed users congratulated me with a ‘billion’ items in the Kaspersky Security Network. Thank you! Although, I need to explain what that ‘billion’ is.

First of all, don’t worry. This is not a billion something or other you don’t want on your computer; no, it’s something different, and it’s a little complicated. So let me start with some basic definitions.

Read on: How to get as close as poss to the ideas cybersecurity…

And so it’s come to pass: the abbreviation ‘DDoS‘ has entered the lexicon to such an extent that it often doesn’t get written out in full these days in the general interest newspapers. Well, some actually may still not know what it stands for, but everyone and their dog does know that a DDoS is very bad thing for a certain large target, with something very important suddenly not working, with employees twiddling their thumbs as the network’s down, and with their tech-support’s telephones requiring an ice bath as they’re so hot from ringing – and disgruntled clients swearing down them all the time. What’s more, everyone and their cat also knows that normally a DDoS attack gets carried out by unknown, mysterious – and just plain bad – cyber-enemies.

DDoS attacks have evolved very quickly, as you’ll find out reading this blogpost. They’ve grown much nastier and become a lot more technically advanced; from time to time the adopt utterly unusual attack methods; they go after fresh new targets; and break new world records in being the biggest and baddest DDoS’s ever. But, then, the world in which DDoS find themselves in has evolved very quickly too. Everything and the kitchen sink is online: the number of assorted ‘smart’ [sic] devices connected to the net now far outstrips the number of good old desktop and laptop computers.

The result of these two evolutions running in parallel – of DDoS’s themselves plus the digital landscape in which they dwell – has brought us equally evolved headlines: botnets made up of IP cameras and home Wi-Fi routers breaking DDoS records on size (Mirai), and massive DDoS attacks on Russian banks.

If, earlier, botnets were made up of zombie PCs, soon they’ll be made up of zombie refrigerators, vacuum cleaners, tumble dryers and coffee machines.

Read on: So what’s next?…