SAS-2019: a lot more – in Singapore.

Hi folks!

My April journeying continues. It’s already seen me visit such charming cities as Hanover, Baku and Dubai (reports thereon coming soon). Next stop – Singapore. The garden city, the island wonder – one of my fave cities on the planet, if not the fave. But oh it’s hot. And, oh, it’s humid. But it still remains the city of the future. Maybe that’s why I like it so much?…

First, a few ok pics (mine), and some really good pics (not mine; I still need practice) of this wonder-city – by day, by night, of the ships waiting in line for access to the port:

So why was I here (as if I needed a reason)? Because the annual Security Analyst Summit was being held here – the eleventh! And it was… hmmm – I’ll get to that in a bit…

First – how does one go about gauging the success of a SAS? How do you measure it? Was it totally awesome, or just so-so, or something else? Well, IMHO, you can tell if it was totally awesome if, afterward, you have a strange, somewhat paradoxical feeling: on the one hand you have nothing but positive emotions – a euphoric aftershock that just won’t go away. On the other – you’re already aware that something’s sadly lacking in your life, and will stay lacking for another year – the buzz of a SAS! And on the other – third?! – hand, you feel a little… afraid – when you wonder just how on earth next year’s event will be made even better than this year’s! But then you remember how every year after a SAS you think the same thing – and the following year’s event does turn out even better, and you start to feel better again. All these psychological symptoms together should really be called ‘post-event syndrome’. Must remember that term for next time…

Oops. I’ve digressed. Let me get back to ‘was it good?’. It was, as I hope the previous paragraph indicates. But also – have a look at all the comments, links, likes…

If you’re a new reader here, and maybe SAS is new to you too, briefly, SAS is: an annual event bringing together experts (and the press, bloggers) from all over the world to basically talk to each other, in an informal setting, all about cybersecurity. Announcements, presentations, achievements, challenges, industrial CTF, etc., etc. For a bit more on the SAS template, go here.

Next up: where, why, how, who, from where…

SAS-2019 brought on a ferocious bout of post-event syndrome, whose intensity was all the more acute due to fears that some folks might pull out due to geopolitical reasons. But in the cybersecurity industry folks think with their heads and aren’t swayed by sensational headlines. After all, battling the cyber-baddies is only effective when done together, exchanging information, and telling each other about our victories over the computer underground. Cybercriminals know no borders. And the cyber-goodies shouldn’t be limited by them either. And I’m so glad that our colleagues and competitors in the industry feel the same way.

So, there we were fearing no-shows, but in the end not only did everyone turn up but even more did than we expected! But that figures really – for who doesn’t want to get better acquainted with the company that’s being targeted because it takes a principled stand on protecting users from any cyber-vermin, no matter who may be responsible for it and no matter how much it roils certain very powerful cyberwar-mongers. SAS-2019 broke all its own records: 500+ guests, 100+ contributors, 34 countries represented, ~70 presentations, ~10 workshops and training sessions, and more coverage on social media and in the press than ever before.

Right, where did it all start this year. Ah yes, like every year – it all starts actually months in advance when a countdown clock starts showing the number of days, hours and minutes there are left until the event. Fast forward to the morning of the first day, and those clocks have just minutes left, and the anticipation is hitting fever pitch… All the kit and chairs are in place, microphones fully charged, lighting and visual effects all set up, cameras ready (prepare to flash)…

One minute left…

And we’re off!

After a short welcoming speech, I was pinged to get up on the stage. Of course I obliged, gave a very warm warm-up speech, and also took some pics of the audience from the stage. Why should the audience have all the happy-snapping fun, eh? )

After me it was expert after expert sharing their stories – each one fascinating…

This year the number of presentations was the highest it’s been, as mentioned above, but the diversity of types of presentations was real wide too: some were very technical; others were more business-oriented; there were special training sessions on reverse engineering and other methods for pursuing the cyber-swine; a mini-exhibition; an open presentation room for rooky specialists, and a new feature called SAS Unplugged… As to the best of the best content – that will be coming up shortly in a separate cyber-news-from-the-dark-side post.

This year’s SAS brought us for the first time the following:

  • Separate cybersecurity white-hat hacking streams;
  • A small exhibition of participating companies;
  • Industrial topics;
  • Lots of other stuff, but I can’t quite remember it all.

Come the evening, though everyone was no doubt tired trying to take in all the new information of the day, we all headed to a super seafood restaurant I always visit when in town. Yeh! Yum!

And that was that – almost. Time left only for the final few mega-presentations that are traditionally saved till last. They really were something. If interested – have a search for them on the internet.

Then it was my turn again up on stage. ‘Thank you all for coming’, and the obligatory back-at-you pic:

PS: A big thank-you to Roman Rudakov. His ‘masterpiece button’ provided most of the photos in this post.

PPS: Briefly about where we held this year’s SAS – the Swissotel Stamford, where I’d stayed before, and which I only had negative recollections of. Not that I’m fussy when it comes to hotels. I’m comfortable up a mountainside in the cold and spending the night in a tent, but if a hotel says it’s a 5* hotel on the tin, I expect that’s what’s inside it too. Here, back in 2017 that wasn’t the case. However, this year I was very pleased with the place. Everything seemed to be in fully working order, everything seems to have been renovated, with everything shiny and new somehow. The one thing that they haven’t gotten round to is providing decent Wi-Fi, but that’s all:

Yes, I know – I still use Far Manager! I’m used to it, that’s all ).

Well that’s it for today folks, but I’ll be back with more tomorrow…

All the pics form SAS-2109 are here.

Auto-future – today.

Having recently been in Maranello to see the unveiling of the new Ferrari F1 racing car, I want to return to the automotive theme for this post. Because coming up there’s a new chapter in the ~250-year history of the automobile. It’s a biggie in itself, but there’s a security aspect of this new chapter that’s even bigger. But I’m getting ahead of myself. Time to engage reverse, and go over this biggie first…

Of late, the headlines have been pretty interesting regarding the modern automobile– plus what one will look like in a few years to come. Examples: California will legalize the testing of self-driving cars on public roads, Swedish gravel trucks will load up, drive for miles and unload with no driver at the wheel, and KAMAZ has come up with a driver-less electric mini-bus. Google, Yandex, Baidu, and who knows how many other companies from different spheres and countries are developing driverless projects. Of course, some of the headlines go against the grain, but these are mere exceptions it seems.

And just recently I was at the food processing plant of Barilla (our client, btw) in Italy, and saw more automation than you can shake a spatula at: the automated conveyor delivers up tons of spaghetti; robots take it, package it, and place it into boxes; and driverless electric cars take it to and load it into trucks – which aren’t yet automated but soon will be…

So, self-controlled/self-driving vehicles – they’re here already, in some places. Tomorrow, they’ll be everywhere. And without a trace of sarcasm, let me tell you that this is just awesome. Why? Because a transportation system based on self-driving vehicles that operate strictly to a set of rules, has a little chance of degradation of productivity. Therefore, cars won’t only travel within the prescribed speed limits, they’ll do so faster, safely, comfortably, and of course – automatically. At first there’ll be special roads only for driverless vehicles, later – whole cities, then countries will be driverless. Can you imagine the prospects for the upgrade market for old driver-driven cars?

That out the way, now comes the interesting bit – the reason for so many words in this here blogpost. Let’s go!…

Read on…

New transparency – in Madrid!

Hola, amigos!

Toward the end of last year we opened our first Transparency Center and a Data Center in Zurich, Switzerland, dedicated to processing data for our customers in Europe. Though that’s just short of five months ago, it’s become clear that this large-scale project reflects perfectly the current concerns regarding the cybersecurity industry in today’s geopolitical climate.

Both the business community and government agencies are reeeaaaal keen on one thing at the moment: crystal clear transparency. And no wonder! In times when any company can be accused at the highest official level of whatever digressions can be thought up – with zero evidence (are you following the Huawei saga?) – both business and state regulators all over the world are left with no other option than to conduct their own analysis and seek out the actual facts (and also use something that is alarming lacking of late: common sense).

It was for this reason that our first Transparency Center has turned out to be both very timely and very useful: it’s visited regularly by our partners and European officials. And I’m very pleased that we’ve become pioneers in the cybersecurity industry with our global openness initiative.

And on the back of the early successes of our Zurich centers, to continue the meet the needs of the market we’re opening another Transparency Center – in Madrid. Hola, amigos! Besides, by the end of the year we’ll open yet another – in Asia.

The function of the new centers will be the same: accessing both our source code and updates. And in Spain colleagues will be on hand to tell visitors about the finer details of our technologies, products and services – in the showroom there.

So, soon, expect to see the pics from the grand opening – right here on this blog. Stay tuned!

Kaspersky Lab’s Data Center in Zurich

And just in, some more news on the theme of ‘demolishing myths’…

We’re publishing some research findings of a respected independent expert on Russian legal matters – Prof. Dr. Kaj Hobér of Uppsala University, Sweden. The professor has been studying the intricacies of the Russian legal system now for more than 30 years. He started this back when Russia was still in the Soviet Union, having lived for several years in Moscow. And he’s been an arbiter in over 400 arbitration cases. In short, a very impressive CV and a very impressive individual, whose utmost professionalism it’d be hard to doubt.

His research concerns three Russian laws relating to the processing and storage of data. Now, some ‘experts’ and journalists often make reference to these laws when they write about KL. But doing so is just soooo off the mark! This independent analysis proves how we (KL) aren’t bound by any of the three laws – for one simple reason: we aren’t an internet service provider or mobile phone company! For it’s only internet providers and mobile operators that are bound by the three laws. We aren’t. And that’s that! So, let’s take, say, the Yarovaya law: it’s not our headache at all, as it doesn’t affect us at all!

So please, dear experts and journalists and bloggers, please base your judgements on facts, logic, and now independent irrefutable expert analysis – not on the country a company may hail from or on the sensationalist false allegations serving the current geopolitical agenda.

 

Enter your email address to subscribe to this blog
(Required)

Industry, infrastructure and IoT – we protect the lot.

Hi people!

Many folks still think we’re just an anti-malware company. Wrong!

Many folks think we’re an anti-malware company that protects their computers and smartphones from any and all kinds of cyber-evil better than anyone else. Right!

Thing is, we’re not just an anti-malware company anymore; far from it. For years already we’ve been providing broader cybersecurity faced with the broader and broader spectrum of cyber-bad that the world is coming up against. This includes protection against: cyberattacks on both the Internet of Things and industrial facilities.

We’ve been warning about the potential for cyberattacks on industrial objects and critical infrastructure for more years than I can remember now. We were banging on about it even before Hollywood got wind of this alarming potential, and that was in the mid-2000s. And we weren’t just banging on about it either; we were busy at work on serious protection technologies to fight it. I’ve mentioned these before, but, briefly: industrial cybersecurity, transportation cybersecurity, IoT protection, and our own secure operating system. And you won’t find many cybersecurity companies around the world that offer a range of products and technologies as wide as that.

All the same, still, today – in 2019! – we’re ‘that anti-malware company’ to a great many. However, very slowly, how we are perceived is changing. And that’s not just what I see myself – there are figures that prove it. Example: global sales of our industrial infrastructure solutions (KICS – industrial ‘antivirus’ :) ) grew in 2018 by 162%! And such growth was seen across nearly all regions – Europe, Latin America, the Middle East and Africa, Asia-Pacific, and Russia. We’ve already completed 80+ projects worldwide for a wide range of industries from power generation, mining and oil refinery, to beverage production.

Both the scale and complexity of threats in the industrial sphere are on the up; what’s more, at stake here is critically important infrastructure like… nuclear power plants. I’m sure I don’t have to tell you how serious that is. On the brighter side, thankfully, our industrial/infrastructure customers understand that protecting their kit requires an individual, tailored approach to each facility and each of its automated industrial control systems (ICS).

Btw, in 2018 our KICS was given as an example in four subsections of multifaceted ‘Operational Technology Security’ in a study by Gartner, the global research and advisory company. To me this shows one thing: that we’re the recognized leaders in the industrial cybersecurity market. Ahhh, that feels satisfying. All that work and investment hasn’t been for nothing!

But besides cutting-edge industrial security, we also have other new services and products. For example, Blockchain Security; specifically, Crypto-Exchange Security and ICO Security (ICO being ‘initial coin offering‘; like an IPO, only with cryptocurrencies, and mostly for startup companies). And we already have some successful projects under out belt! Which is nice to know since Gartner reckons that the blockchain market, come 2030, will be worth more than… three trillion dollars! Already today crypto-exchange turnover comes to more than 300 billion dollars, out of which around 1.2 billion was stolen… in just 11 hacker attacks. Looks like we’ve got our work cut out for us. Oh well. No rest for the wicked awesome ).

So what else have we in our box of tricks? Ah yes…

Now, you’ll know how the whole world these days buys, sells, and generally does business mostly online, right? What you may not know about is our solution to protect all that online business – our Fraud Prevention. It’s made up of all sorts of very cool security technologies, including behavioral biometry and machine learning (details here and here).

Another must-have for business is our DDoS Protection. This uses special sensor software that gets installed on a company’s server. It monitors traffic to collect data for behavioral analysis; it builds up this data to continually improve its ability to detect even the most subtle of behavior anomalies that are characteristic of the start of a DDoS attack. The service is full-on all-inclusive too: notifications are sent immediately about possible attacks, and there’s an option for all the traffic of a company to be redirected to KL’s Cleaning Centers and for only ‘clean’ traffic to be returned to the company. And after an attack a full report on its detailed analysis is sent to the company.

It’s all very well having all this super-duper cyber-tech, but what good is it if the human element isn’t taken into account? In crisis situations, often the PR people of an attacked company take by far not the best decisions, since they don’t really know what’s going on or what to do. Instead of minimizing damage, they make it worse with ill-advised announcements or – worse – not announcing anything to customers/the public. Therefore, we have KACIC – a set of anti-crisis communications tools backed by the whiz kids in our PR team, who understand better than most all the reputational risks of an attack on IT infrastructure. Forewarned is forearmed!

As the Fourth Industrial Revolution continues to develop and the IoT market grows and grows to change every sector of the economy (manufacturing, agriculture, commerce, urban infrastructure, transportation…), we’re putting lots of time and investment into transportation cybersecurity and protection of IoT devices; so much so I think our next breakthrough tech solutions will be in these fields. That time and investment runs parallel with my frequent calls for a thing I call ‘cyber-immunity’, which needs to replace what we have now – ‘cybersecurity’. This means a protective layer at the very core of system architecture, not placing one on top of essentially un-secure systems based on outdated technologies. We’ve already learned how to do this for IoT gadgets; next up – well, the sky is the limit!…

Cyber-news from the dark side: Japanese legal hacking; iKeychain hack; 2FA -> $0; an Iranian cyber-whodunit; and a USB-eating leopard seal.

Privyet boys and girls!

Herewith, the next in my periodic/occasional cyber-news cyber-shocker-bulletins: a few stories of the cyber-interesting, the cyber-this-news-just-in, and the cyber-absurd…

State-sanctioned hacking!

The Japanese government is believed to be planning to hack 200 million IoT devices of its citizens. And that’s not science fiction folks; it looks like it’s for real. Indeed, it’s how the Japanese are preparing for the Olympics to be held in Tokyo in 2020 – and it’s all legal of course, since it’s the government who’s behind it. So their citizens’ gadgets will be hacked using the cybercriminals favorite method: using default passwords and password dictionaries. If a device is found to have a weak password, bureaucrats will enter the device into a list of unsecure gadgets, which list will then be handed over to internet service providers, which will be expected to inform subscribers and have them make their devices secure by changing the password. It’s all being done as a resilience test in the run-up to the Olympics, to work out if IoT devices in the country are sufficiently protected, and to try and prevent their use in attacks on the Olympics’ infrastructure. The methods to be used for this ‘test’ can easily be disputed, but the fact that the authorities are doing something concrete so well in advance is certainly a good thing. For let’s not forget that the Olympics have been targeted before – and not all that far away from Japan.

iOops!

An 18-year-old hacker, Linus Henze, has published a video highlighting a startling weakness in MacOS – specifically its Keychain program, which stores and secures a user’s many passwords. The teenager used a zero-day to develop his own app that can scan the full contents of the keychain.

Curiously, intriguingly, Mr. Henze isn’t planning on sharing his research and his app with the tech giant, since Apple still doesn’t run a bug-bounty program. So that leaves the company with two options: negotiate with the expert (which would be an unprecedented move for Apple), or consider trying to remedy the issue themselves – which they may or may not be able to do, of course.

Meanwhile, you, dear readers, need not fear for the safety of your passwords! Since there do exist (who’d know?!) fully secure, cross-platform password managers out there. And researchers – there do exist software companies that run bug-bounty programs ).

Even two-factor authentication can be hacked now.

Bank accounts being emptied by cyber-thiefs is on the up. One example recently involved accounts held at the UK’s Metro Bank. And the method used for the robberies involved intercepting text messages sent to account-holders’ phones for two-factor authentication. Now, 2FA is a good thing: it’s an extra layer of security and all that, so why not? It’s just that SMSs are by far not the most secure way to transfer data. For example, vulnerabilities can be exploited in the SS7 protocol, which is used by telecoms operators the world over to coordinate how they route texts and calls. If cyber-baddies manage to access the mobile network of an operator, they’re able to re-route messages and calls without the user being any the wiser. First they’d need to know your login and password for online banking, but that isn’t beyond the abilities of modern-day cyber-villains with their crafty keyboard spies, phishing tactics, or banking Trojans.

Once inside the online bank, the criminals send a request for a money transfer and intercept the message with the one-time code from the bank. The code is entered, and the bank transfers the funds, since both the password and the code were correctly entered. And the criminals are laughing all the way to the bank, as it were ).

So what can you do to stop such a scenario happening to you? Here are a couple of tips:

  • Never tell anyone your login or passwords – even to a bank employee, but you’ll probably know that one: banks helpfully remind us whenever they can.
  • Protect your devices from malware with a reliable antivirus app. There is one I happen to know of… but no – you choose the one you want ).

Cyber-spying on foreign diplomats in Iran – but whodunit?

Our researchers just recently discovered multiple attempts at infection of foreign diplomatic missions in Iran with some rather primitive cyber-espionage malware. The backdoor is presumed to be associated with the hacking group know as Chafer, which happens to ‘speak’ Farsi, and which is thought to have been responsible for cyber-surveillance on individuals in the Middle East in the past. This time, they cybercriminals used an improved version of the Remexi backdoor, designed to remotely control (as administrator) a victim’s computer.

Remexi software was first detected in 2015 when it was used for illegal surveillance of individuals and organizations across the whole region. The Windows-targeting surveillance-ware can exfiltrate keystrokes, screenshots, and browser-related data like cookies and history.

Much ‘home made’ malware is used in the region – often in combination with public domain utilities. But who’s behind these particular attacks? Finding out is made all the more difficult by the very fact that the malware is homespun; it literally could be anybody: Iranians, or non-Iranians pulling a false-flag operation. Alas, false flags are on the up and up and look set to remain so.

“Well, actually… a seal ate my USB stick, sir.”

In New Zealand, one day out walking a vet observed a clearly unwell leopard seal on a beach. As any concerned vet would, he proceeded to… scoop up a lump of the poorly seal’s poop and took it off for analysis. He was expecting to find therein some ghastly little parasites or viruses or what have you, but instead found… a USB stick. After much disinfection (I hope), the vet stuck the thumb drive into his computer (don’t try any of this at home kids, but this was a special case). And guess what? Thereon were stored lots of photos of the beautiful New Zealand scenery! Now the vet and Co. are seeking the owners of the USB – using this here video. Recognize it, anybody?

Secure elections of the future – today.

“Online voting – it’s the only thing that’ll save democracy, since the younger generations will only vote if they can do so online”. This is something I’ve been saying for years now. Younger generations – ‘digital natives’ – are used to doing a great many things online instead of off-line; it’s what they’re used to and what they prefer, and that needs to be understood, accepted, and embraced. If not, only the folks who have been used to going to polling stations in person will be voting – the older generations: hardly a good, balanced, representative cross-section of the adult population.

Statistics show that voter turnout has been declining steadily in established democracies since the 1980s. Reasons for this vary: there can be crises of trust in the authorities; in some places there are problems with access to voting facilities. There’s even a new social sub-grouping of largely passive participants in the political system: interested observers – folks who are interested in what’s going on around them but don’t get involved in any of it. And this isn’t some tiny, insignificant new sub-group either: in the U.S. it’s said to reach nearly 50% of the adult population! And these interested observers look like the ideal target audience for online voting: folks used to getting news and information from the internet – and that includes of course the younger generations right down to millennials. To have the best chance of high voter turnouts for elections, voting needs to be a simple, natural addition to a typical daily online routine. Social networks – checked; a few photos – uploaded; online purchases – made; (for some) a day’s work performed largely online – done; (for some) online gaming – done; online voting – also done.

Online voting systems around the world have been developing slowly for quite a while. When the first online vote took place I’m not sure, but I do recall how in January 2003 the Helkern worm (aka Slammer) nearly derailed some inter-party elections of a Canadian political party. The first e-elections at state level were those in 2007 in Estonia. Online voting continued to slowly proliferate in other countries, but with differing degrees of success. Why? Because there is the obvious question of security – the high risk of a hack and direct manipulation of the voting process; this issue, btw, has often been raised by critics of online voting. In 2014 a group of experts conducted a penetration test on the Estonian e-voting system. Not only did it find that it was real easy to install malware on the servers of the system, but also that, theoretically, the result of the voting could be changed – leaving no trace of that having been done whatsoever. In 2015 there was the electronic voting scandal in Australia. Here, a New South Wales election used the iVote online voting system, but it was found that around 66,000 votes could have been compromised via a hack of the voting site.

Clearly the above all shows that online voting systems need protecting (authorization, connection, transaction), and that includes the storing and counting of the results (server-cloud part). This idea came about in our business incubator a few years ago, which eventually led to the introduction at the end of 2017 of the Polys project – a platform for electronic voting based on blockchain.

All data relating to voting (including the final results) are stored not on servers but in blocks of data on the devices of all voting participants, which makes the platform simply unhackable. It provides anonymity of voting, and also permits hiding interim results – the final result becomes known to participants only after all counting is completed. But what’s more important – the Polys platform is convenient, simple, and suitable for any kind of voting – even… to decide what colors the roses should be in the local park! Indeed, the overarching mission of Polys is to bring the pluralism of opinions and happiness for all to the masses :). But don’t just take my word for it. Have a look for yourself! That the future is blockchain-voting many agree with.

And if you think this is all just theory, here’s some fresh news: Polys has been officially used already! In Russia’s Saratov region the local parliament elected deputies for its youth parliament. 40,000 folks voted! And last year the platform was used for conducting similarly-sized voting for Russia’s Higher School of Economics. And I’m sure this is only the beginning

So there you have it – we’re saving the world yet again but in a new way: protecting voting against fraud. So if you need to run a vote on something, no matter how trivial or how important, and you want to be able to guarantee voters it will be 100% protected, 100% fair – check out the Polys site!

And for those interested in the technical side to Polys – go here; you should find all the answers you need there. In short, have a look, try it (it’s free for now), get a feel for it, and tell your colleagues and friends about it!

And remember – your vote counts!

 

i-news: best of the best in 2018.

Boys and Girls! I hereby give you the last edition of i-news for 2018. Every year around this time I get the urge to do a bit of light-hearted summarizing and recapping, so we can see in the New Year in a good mood :). So, today we will talk about the loudest, silliest, funniest and weirdest news from the world of IT and cybersecurity that appeared on our screens in 2018.

First, let’s talk about professionalism in the media – you know, stuff like objectivity, investigative journalism and fact-checking. Or, to be more precise, the absence of all those things.

In October, Bloomberg Businessweek published an “investigation” with a pretty sensational headline and authored by a well-known ‘sauna journalist’. The first part of the headline says it all – The Big Hack. The story is based on information from anonymous sources (surprise, surprise!) and claims hardware manufactured by Super Micro has bugs implanted in them. And it’s supposedly been going on for several years. The chips were supposedly found by staff at Apple and Amazon, and the US authorities have been carrying out an investigation since 2015. And then, the interesting part starts…

Amazon denied any knowledge of the bugs, while Tim Cook of Apple said it’s all lies and called for the article to be retracted. Super Micro declared it had never received any customer complaints or questions from the authorities. (All this sounds pretty familiar!) Within 24 hours of the publication, Super Micro shares plummeted 60%. The company called in an outside firm to conduct an investigation that found no evidence to back up the journalists’ claims. Bloomberg appears to be in no hurry to apologize, although it did assign another journalist to do some further research.

Read on…

Folks can think for themselves.

Besides a market for its goods or services, a business also needs resources. There are financial resources: money; human resources: employees; intellectual resources: business ideas, and the ability to bring them to life. For some businesses, sometimes even for whole industries, another resource is needed: trust.

Let’s say you decide to buy… a vacuum cleaner. Is trust required of the manufacturer? Not really. You simply buy what seems like the right vacuum cleaner for you, based on a few things like its technical characteristics, how it looks, its quality, and its price. Trust doesn’t really come into it.

However, in some industries, for example finance or medicine, trust plays a crucial role. If someone doesn’t trust a certain financial advisor or pharmaceutical brand, he/she is hardly going to become their client/buy their products – and perhaps never will. Until, that is, the financial advisor/pharma company somehow proves that they are actually worthy of trust.

Well, our business – cybersecurity – not only requires trust, it depends on it. Without it, there can be no cybersecurity. And some folks – for now, let’s just call them… detractors – they know this perfectly well and try to destroy people’s trust in cybersecurity in all manner of ways; and for all manner of reasons.

You’d think there might be something wrong with our products if there are folks trying to undermine trust in them. However, as to the quality of our products, I am perfectly untroubled – the results of independent tests show why. It’s something else that’s changed in recent years: geopolitical turbulence. And we’ve been caught right in the middle of it.

A propaganda machine rose up and directed its dark arts in our direction. A growing number of people have read or heard of unsubstantiated allegations against us, originating in part from media reports that cite (unverifiable) anonymous sources. Whether such stories are influenced by the political agenda or a commercial need to drive sales is unclear, but false accusations shouldn’t be acceptable (just as any other unfairness shouldn’t be.) So we challenge and disprove every claim made against us, one by one. And I choose this verb carefully there: disprove (quick reminder: they have never proved anything; but of course they haven’t: none exists as no wrongdoing was ever done in the first place.)

Anyway, after almost a year since the last wave of allegations, I decided to conduct a sort-of audit of my own. To try and see how the world views us now, and to get an idea as to whether people exposed to such stories have been influenced by them. And to what extent our presentation of the facts has allowed them to make up their own minds on the matter.

And guess what, we found that if people take into account only the facts… well – I have good news: the allegations don’t wash! Ok, I can hear you: ‘show us the evidence!’

Really simple, but enormously useful: on Gartner Peer Insights, the opinions of corporate customers are collected, with Gartner’s team vetting the process to make sure there’s no vendor bias, no hidden agendas, no trolling. Basically, you get transparency and authenticity straight from end-users that matter.

Last year, thanks to the feedback from corporate customers, we were named the Plantinum winner for the 2017 Gartner Peer Insights Customer Choice for Endpoint Protection Platforms! This year’s results aren’t all in yet, but you can see for yourself the number of customers that wanted to tell Gartner about their experience of us and give their overall ratings, and leave positive reviews. Crucially, you can see it’s not a ‘review factory’ at work: they’re confirmed companies of different sizes, profiles, geography and caliber.

And talking of geography – turns out that in different regions of the world attitudes to trust can differ.

Take, for example, Germany. There, the question of trust in companies is taken very seriously. Therefore, the magazine WirtschaftsWoche regularly publishes its ongoing research into levels of trust in companies after polling more than 300,000 people. In the ‘software’ category (note – not antivirus or cybersecurity), we are in fourth place, and the overall level of trust in KL is high – higher than for most direct competitors, regardless of their country of origin.

Then we see what happens when governments use facts to decide whether to trust a company or not. Example: last week the Belgian Centre for Cyber Security researched the facts regarding KL and found they didn’t support the allegations against us. After which the prime minister of Belgium announced that there is no objective technical data – not even any independent research – that indicates our products could pose a threat. To that I would personally add that, theoretically, they could pose a threat, but no more than any other cybersecurity product from any other company from any other country. Because theoretically any product could have vulnerabilities. But taking into consideration our technology transparency efforts, I’d say that our products pose less of a threat than any other products.

Read on: we conducted our own research into the question of trust…

Digital demons – in art and in everyday life.

As regular readers of this here blog of mine will already know, I’m rather into modern art. But when art somehow merges with the anything IT-related, I’m the world’s biggest fan. Well, such a merging is taking place right now in Moscow in its Museum of Modern Art with the exhibition Daemons in the Machine, so supporting it was a no brainer. Artists, consulted by scientists, aimed their creativity at the modern-day topics of artificial intelligence (which, IMHO, is hardly any intelligence at all – just smart algorithms), blockchain, neural networks and robotics. The result is a curious mix of futurology, ethics and – of course – art.

I haven’t been myself as I’m only just back from my latest trip, but I hope to find time for a visit before my next one.

And now, we move from high-art digital demons to everyday, run-of-the-mill – but very worrying – digital demons…

Read on…

Cyber-paleontology: Sounds impressive; its results – more so.

Hi folks!

Let me kick off by paraphrasing a rather famous philosophical postulate: ‘Does a profession determine man’s social being, or does his social being determine his profession?’ Apparently this question (actually, the original) has been hotly debated for more than 150 years. And since the invention and spread of the Internet, this holy war only looks set to be extended for another 150, at least. Now, I personally don’t claim to support one side or the other; however, I do want to argue (based on personal experience) in favor of the dualism of a profession and being, since they mutually affect each other – in many ways and continually.

Toward the end of the 1980s, computer virology came about as a response to the growing proliferation of malicious programs. Fast-forward 30 years, and virology has evolved (rather, merged – in ecstasy – with adjacent fields) into the cybersecurity industry, which now often dictates the development of being IT: given inevitable competition, only the technology with the best protection survives.

In the 30 years since the end of the 1980s, we (AV companies) have been called quite a few different colorful and/or unsavory names. But the most accurate in recent years, IMHO, is the meme cyber-paleontologists.

Indeed, the industry has learned how to fight mass epidemics: either proactively (like we protected users from the largest epidemics of recent years – Wannacry and ExPetr), or reactively (using cloud-based threat-data analysis and prompt updates) – it doesn’t matter. But when it comes to targeted cyberattacks, there’s still a long way to go for the industry on the whole: only a few companies have sufficient technical maturity and resources to be able to cope with them, but if you add an unwavering commitment to expose any and all cyber-baddies no matter where they may come from or what their motives might be – you’re left with just one company: KL! (Which reminds me of something Napoleon Hill once said: ‘The ladder of success is never crowded at the top’.) Well it’s no wonder we’re in a lonely position (at the top of the ladder): maintaining that unwavering commitment to expose literally anyone is waaaaay more expensive than not maintaining it. And it’s waaaay more troublesome given the ongoing geopolitical upheavals of late, but our experience shows it’s the right thing to do – and users confirm this with their wallets.

A cyber-espionage operation is a very long, expensive, complex, hi-tech project. Of course, the authors of such operations get very upset and annoyed when they get caught, and many think that they try to get rid of ‘undesirable’ developers by using different methods via manipulation of the media. There are other, similar theories too:

But I digress…

Now, these cyber-espionage operations can remain under the radar for years. The authors take good care of their investments kit: they attack just a few specially selected targets (no mass attacks, which are more easily detected), they test it on all the popular cybersecurity products out there, they quickly change tactics if the need arises, and so on. It’s no stretch of the imagination to state that the many targeted attacks that have been detected are just the tip of the iceberg. And the only really effective means of uncovering such attacks is with cyber-paleontology; that is, long-term, meticulous collection of data for building the ‘big picture’; cooperation with experts from other companies; detection and analysis of anomalies; and subsequent development of protection technologies.

In the field of cyber-paleontology there are two main sub-fields: ad hoc investigations (after detecting something by chance and pursuing it), and systemic operational investigations (the process of planned analysis of the corporate IT landscape).

The obvious advantages of operational cyber-paleontology are highly valued by large organizations (be they state or commercial ones), which are always the primary target in targeted attacks. However, not all organizations have the opportunity or ability to undertake operational cyber-paleontology themselves: true specialists (for hire) in this niche line of work are few and far between – and they’re expensive too. We should know – we’ve plenty of them all around the world (with outstanding experience and world-renowned names). Thus, recently, given our strength in this field and the great need for it on the part of our corporate customers – true to the market principles of supply and demand – we decided to come up with a new service for the market – Kaspersky Managed Protection (KMP).

Read on…