Human beings are a curious lot. It’s in their nature to try and get to the ‘whys’ and ‘hows’ of everything and anything. And this applies in cybersecurity too; in fact – doubly so: getting to the ‘whys’ and ‘hows’ of cyberthreats is the very basis upon which cybersecurity is built; thus, upon which KL is built.

Getting to the ‘whys’ and ‘hows’ for us means meticulously taking apart every cyberattack into its respective constituent pieces, analyzing it all and, if necessary, developing specific protection against it. And it’s always better to do this proactively, based on the mistakes of others, and not waiting until what we protect is attacked.

To solve this challenging task we’ve a slew of intelligence services for enterprises. In this collection of cyber-precision-tools there’s staff training, security intelligence services to come up with detailed information about discovered attacks, expert penetration-testing services, app-audits, incident investigations, and more.

Well now the ‘and more’ includes our new service – KTL (Kaspersky Threat Lookup) – the smart microscope for dissecting suspicious objects and uncovering the sources/tracking histories of cyberattacks, multivariate correlations, and degrees of danger for corporate infrastructure. Quite the X-ray for cyberthreats.

Actually, all our users already has the lite-version of this service. The security rating of a file can also be checked with our home products, but enterprise customers need a deeper, more thorough analysis of threats.

To begin with, KTL can be used to check not only files, but also URLs, IP addresses and domains. It can analyze objects for the hallmarks of targeted attacks, behavioral and statistical specifics, WHOIS/DNS data, file attributes, download chains, and others.

Read on: Special search engine…

If you’re a regular reader of this here blog of mine, you’ll know about our GReAT (Global Research and Analysis Team) – 40+ top-notch cybersecurity experts dotted all around the globe specializing in protecting our customers from the most sophisticated cyberthreats out there. GReATers like to compare their work to paleontology: exploring the deep web for the ‘bones’ of ‘cyber monsters’. Some may consider this an old-fashioned approach: what’s so special about analyzing the ‘bones’ of ‘creatures’ from the distant past when it’s protecting your networks from monsters that are alive now that’s key? Well, here’s a fresh story that proves that sometimes you won’t find today’s living monsters without looking at old ones…

Some of you will be aware of so-called wipers – a type of malware which, once installed on an attacked PC, completely wipes all data from it – leaving the owner of the computer with a completely clean, hardly operating piece of hardware. The most famous (and infamous) wiper is Shamoon – malware which in 2012 made a lot of noise in the Middle East by destroying data on 30,000+ endpoints at the world’s largest oil company – Saudi Aramco, and also hitting another energy  giant – Rasgas. Just imagine: 30,000+ pieces of inoperable hardware in the world’s largest  oil company…

Curiously, since it’s devastating campaign against the Saudi company in 2012, little has been heard of Shamoon, until it returned in 2016 as Shamoon 2.0, with several new waves of attacks – again in the Middle East.

Since the new waves of Shamoon attacks began, we’ve been tuning our sensors to search for as many versions of this malware as possible (because, let’s face it, we don’t want ANY of our customers to EVER be struck by malware like Shamoon). And we managed to find several versions – hurray! But together with our haul of Shamooners, our nets unexpectedly caught a completely new type of wiper malware, which we’ve named StoneDrill.

The code base of StoneDrill is different to that of Shamoon, and that’s why we think it’s a completely new malware family; it also utilizes some advanced detection avoidance techniques, which Shamoon doesn’t. So it’s a new player, for sure. And one of the most unusual – and worrying – things we’ve learned about this malware is that, unlike Shamoon, StoneDrill doesn’t limit the scope of its targets to Saudi Arabia or other neighboring countries. We’ve found only two targets of this malware so far, and one of them is based in Europe.

Why is this worrying? Because this finding indicates that certain malicious actors armed with devastating cyber-tools are testing the water in regions in which previously actors of this type were rarely interested.

Read on: more wipers!…

And now, boys and girls, woo-hoo! Today is a day when woo-hoo’ing seems the most appropriate thing to do. Like this: WOO-HOO!!!

Why, you say?

We’ve officially launched a secure operating system for network devices, industrial control systems, and the IoT. The OS was originally conceived on November 11; that’s why we refer to it by the code name 11-11. It was a very long development cycle, for sure: we worked on the project for 14 solid years and have even run a real-world pilot test roll-out. Now the OS is ready for consumption is available for deployment by all interested parties in a variety of scenarios.

I’ll spare you all the nerdy detail, but if you do want the techy info – here it is. I’d rather focus on the things we left out of that post, so I’ll answer some frequently asked questions and debunk some myths about our new OS.

Read on: literally not Linux…

Of course, I’m bound to get a lot of spam in my inbox – probably more than most. Decades of giving out my business card left, right and center; our domain included on presentation slides, in publications and catalogs and so on. Then there’s my email address’s simplicity. Sometimes employees’ blown email addresses we ‘leave out in the cold’ as spam honeypots while setting up new, slightly amended email addresses for the employee. But we can’t have that for me now can we? No. Because – first – I need to keep track of precisely who the enemy is, and – second – I want to personally be able to monitor the quality of our antispam protection. And I also don’t mind a few extra laughs now and again.

Much like entomologists with their butterflies, I file all incoming spam in a separate folder, check out the verdicts, and determine tendencies and false positives, while I forward missed samples to our antispam lab.

Curiously, since the beginning of the year the amount of spam has gone through the roof! And after studying its structure and style, it looks like most of it comes from one (1) source! Almost all the messages were in English (with just two in Japanese), and – main thing – 100% of this spam was detected by our products! I turned to our specialists… – and it was confirmed: it was a huge tsunami-like wave of a specific type of spam – snowshoe spam. This is unusual as normally around New Year spam activity falls in volume.

* Data for 1-10 January

And here’s the data on how the share of snowshoe spam changed on the most active day – January 7 – in the inboxes of our corporate domain:

So just what is this snowshoe when it’s at home, and how can it be protected against?

Read on: Snakeoil…

Hi folks!

Herewith, the next installment in my ‘Uh-oh Cyber-News’ column – the one in which I keep you up to date with all that’s scarily fragile and frailly scary in the digital world.

Since the last ‘Uh-oh’ a lot has piled up that really needs bringing to your attention. Yep, the flow of ‘Uh-ohs’ has indeed turned from mere mountain-stream trickle to full-on Niagara levels. And that flow just keeps on getting faster and faster…

As a veteran of cyber-defense, I can tell you that in times past cataclysms of a planetary scale were discussed for maybe half a year. While now the stream of messages is like salmon in spawning season: overload! So many they’re hardly worth mentioning as they’re already yesterday’s news before you can say ‘digital over-DDoSe’. “I heard how they hacked Mega-Corporation X the other day and stole everything; even the boss’s hamster was whisked away by a drone!”…

Anyway, since the stream of consciousness cyber-scandals is rapidly on the up and up, accordingly, the number of such scandals I’ll be writing about has also gone up. In the past there were three of four per blogpost. Today: seven!

Popcorn/coffee/beer at the ready? Off we go…

1) Infect a Friend and Get Your Own Files Unlocked for Free.

Read on: Effective Hacker Headhunting…

Recently, sharp-eyed users congratulated me with a ‘billion’ items in the Kaspersky Security Network. Thank you! Although, I need to explain what that ‘billion’ is.

First of all, don’t worry. This is not a billion something or other you don’t want on your computer; no, it’s something different, and it’s a little complicated. So let me start with some basic definitions.

Read on: How to get as close as poss to the ideas cybersecurity…

And so it’s come to pass: the abbreviation ‘DDoS‘ has entered the lexicon to such an extent that it often doesn’t get written out in full these days in the general interest newspapers. Well, some actually may still not know what it stands for, but everyone and their dog does know that a DDoS is very bad thing for a certain large target, with something very important suddenly not working, with employees twiddling their thumbs as the network’s down, and with their tech-support’s telephones requiring an ice bath as they’re so hot from ringing – and disgruntled clients swearing down them all the time. What’s more, everyone and their cat also knows that normally a DDoS attack gets carried out by unknown, mysterious – and just plain bad – cyber-enemies.

DDoS attacks have evolved very quickly, as you’ll find out reading this blogpost. They’ve grown much nastier and become a lot more technically advanced; from time to time the adopt utterly unusual attack methods; they go after fresh new targets; and break new world records in being the biggest and baddest DDoS’s ever. But, then, the world in which DDoS find themselves in has evolved very quickly too. Everything and the kitchen sink is online: the number of assorted ‘smart’ [sic] devices connected to the net now far outstrips the number of good old desktop and laptop computers.

The result of these two evolutions running in parallel – of DDoS’s themselves plus the digital landscape in which they dwell – has brought us equally evolved headlines: botnets made up of IP cameras and home Wi-Fi routers breaking DDoS records on size (Mirai), and massive DDoS attacks on Russian banks.

If, earlier, botnets were made up of zombie PCs, soon they’ll be made up of zombie refrigerators, vacuum cleaners, tumble dryers and coffee machines.

Read on: So what’s next?…

Ok. Let’s solve – not the trickiest – but still not the most trivial of tasks.

This year for Christmas I’d like a new laptop – a better, tougher one. I’ve only had the one I’ve got now a little over a year, but with my business schedule and the computer’s constant use and abuse, it’s on its last legs already. It looks tatty, and the keyboard feels like it’s going to fall apart. So, yes: I need an upgrade…

But what device should I get? Crikey. Where to start? Ah yes – at the beginning: with my requirements…

My user requirements aren’t too convoluted, but then again – they’re not mere email/ messenger/ Instagram/ Pokemon, either. Here they are:

• Office, email, browser, different editors and messengers;
• It needs to be able to withstand an intensive workload;
• I’d like a bigger screen than the norm (13″+);
• A full-size keyboard would be good too.

Straight away that rules out smartphones and tablets, and it looks like a mid-size laptop is the way to go.

But which operating system? Well, the list of options isn’t that long these days: Windows, Mac, Linux.

Every system is good – in its own way…

Read on: It turns out there is no choice…

At last – we’ve done it!

I’ve anticipated this day for ages – the day when the first commercially available mass market hardware device based our own secure operating system landed on my desk. And here she is, the beaut.

This unassuming black box is a protected layer 3 switch powered by Kaspersky OS and designed for networks with extreme requirements for data security.

And there’s plenty more in the pipeline where this came from too, meaning the tech will be applied in other Internet-connected bits of kit, aka the Internet of Things (IoT). Why? Because this OS just so happens to be ideal for applications where a small, optimized and secure platform is required.

Read on: Distinctive features…

Hi Folks!

Meet David, the magnificent masterpiece sculpted by Michelangelo at the start of the 16^th century. A photo of his face with that curious furrowed brow featured on our very first anti-cyber-vermin security product at the beginning of the 1990s. Some thought the pic was of me! I still don’t see why; I mean, have you EVER seen my face clean-shaven… and as white as a sheet? )

The choice of David for the retail box was far from random: we found we were kindred spirits – both very much underdogs. KL was a small young company from nowhere throwing down the gauntlet to global cyber-malice in an established international security market; David was the small young guy throwing down the gauntlet to the giant Goliath.

Throughout the years the boxes have changed, but one thing that hasn’t is our… Davidness.

Fate threw plenty of obstacles in our path that could have easily seen us off, but we persevered, hurdled those obstacles – often alone – and became stronger.

To everyone’s amazement we gave users the best protection in the world and became one of the leaders in the global market. We took it on ourselves to fight patent trolls practically alone, and are still successfully fighting them. (Most others prefer to feed them instead.) And despite the rise in parasites and BS-products, we continue to increase investment in true cybersecurity technologies (including true machine learning) for the protection of users from the cyberthreat avant-garde.

Thus, with just a ‘sling and stones’ we slowly but surely keep on killing Goliath ‘saving the world’: regardless of the geopolitical situation, and from any sort of cyberattacks – regardless of their origin or purpose.

And now, fate has brought us a new challenge. And not only us: this is also a challenge for all computer users and the entire ecosystem of independent developers for Windows.

Read on: David vs. Goliath, ver. 2016…