I haven’t seen the sixth Mission Impossible movie – and I don’t think I will. I sat through the fifth – in suitably zombified state (returning home on a long-haul flight after a tough week’s business) – but only because one scene in it was shot in our shiny new modern London office. And that was one Mission Impossible installment too many really. Nope – not for me. Slap, bang, smash, crash, pow, wow. Oof. Nah, I prefer something a little more challenging, thought-provoking and just plain interesting. After all, I have precious little time as it is!

I really am giving Tom Cruise and Co. a major dissing here, aren’t I? But hold on. I have to give them their due for at least one scene done really rather well (i.e., thought provoking and plain interesting!). It’s the one where the good guys need to get a bad guy to rat on his bad-guy colleagues, or something like that. So they set up a fake environment in a ‘hospital’ with ‘CNN’ on the ‘TV’ and have ‘CNN’ broadcast a news report about atomic Armageddon. Suitably satisfied his apocalyptic manifesto had been broadcast to the world, the baddie gives up his pals (or was it a login code?) in the deal arranged with his interrogators. Oops. Here’s the clip.

Why do I like this scene so much? Because, actually, it demonstrates really well one of the methods of detecting… unseen-before cyberattacks! There are in fact many such methods – they vary depending on area of application, effectiveness, resource use, and other parameters (I write about them regularly here) – but there is one that always seems to stand out: emulation (about which I’ve also written plenty here before).

Like in the film, the emulator launches the object being investigated in an isolated, artificial environment, which encourages it to reveal its maliciousness.

But there’s one serious downside to such an approach – the very fact that the environment is artificial. The emulator does its best to make that artificial environment as close to a real environment of an operating system, but ever-increasingly smart malware still manages to differentiate it from the real thing, and the emulator observes how the malware has recognized it, so then has to regroup and improve its ’emulation’, and on and on in a never-ending cycle, which regularly opens the window of vulnerability on a protected computer. The fundamental problem is that the functionality of the emulator tries its best to look like a real OS, but never quite does it perfectly to be the spitting image of a real OS.

On the other hand, there’s another solution to the task of behavioral analysis of suspicious objects – analysis… on a real operating system – one on a virtual machine! Well why not? If the emulator never quite fully cracks it, let a real – albeit virtual – machine have a go. It would be the ideal ‘interrogation’ – conducted in a real environment, not an artificial one, but with no real negative consequences.

Read on…

Last year I told you how, as part of our Global Transparency Initiative, we had plans to undergo an independent audit to receive SOC 2 certification. Well, finally, we can announce that we did undergo this third party audit… and passed! Hurray! And it wasn’t easy: it took a lot of work by a great many of our K-folks. But now that’s all behind us, and I’m very proud that we’ve done it!

So what does this mysterious SOC abbreviation stand for, and (whatever it may be) why is it needed?

Ok. The abbreviation stands for Service Organization Controls, and SOC 2 is a report based on the ‘Trust Services principles and criteria’ of the American Institute of CPAs (AICPA) [CPA: Certified Public Accountants], which evaluates an organization’s information systems relevant to security, availability, processing integrity, and confidentiality/privacy. Put another way, this is a (worldwide recognized) standard for audits of information risk control systems. Its main aim is to provide information on how effective a company’s control mechanisms are (so other companies can assess any risks associated with working therewith).

We decided to seek SOC 2 to be able to confirm the reliability of our products and prove to our customers and partners that our internal processes correspond to the highest of international standards and that we’ve nothing to hide. The audit for us was conducted by one of the Big Four accounting firms (I can’t tell you which as per the respective contract’s terms and conditions, in case you were wondering). Over the past year different K-departments have been working closely with the auditors sharing with them all the information they’ve needed, and that includes R&D, IT, Information Security, and our internal audit team.

The final report, which we received this week, confirms the soundness of the internal control mechanisms used for our automatic AV database updates, and also that the process of developing and launching our antivirus databases is protected against unauthorized access. Hurray!

And if you’re a customer, partner or state regulator, please get in touch if you’d like to see a copy of the report.

That’s all for today folks, but I’ll be back tomorrow with a quick rewind back to STARMUS and some more detail of the presentations thereat.

Meanwhile, privyet, from…

Hi folks!

Let’s kick off with some good news….

‘Most tested, most awarded’ – still ).

Just recently, the respected independent test lab AV-Comparatives released the results of its annual survey. Taking place at the end of 2018, the survey, er, surveyed 3000 respondents worldwide. Of the 19 questions asked of each, one was ‘Which desktop anti-malware security solution do you primarily use?‘. And guess which brand came top in the answers for Europe, Asia, and South/Central America? Yes: K! In North America we came second (and I’m sure that’s only temporary). In addition, in Europe we were chosen as the most frequently used security solution for smartphones. We’re also at the top of the list of companies whose products users most often ask to test, both in the ‘home’ segment and among antivirus products for business. Great! We like tests, and you can see why! Btw – here’s more detail on the independent tests and reviews that our products undergo.

“Thou hypocrite, first cast out the beam out of thine own eye;
and then shalt thou see clearly to cast the speck out of thy brother’s eye.”
– Matthew 7:5

In May, yet another backdoor with features reeeaaal useful for espionage was discovered. In whose tech was the backdoor found? Russia’s? China’s? Actually – Cisco‘s (again)! Was there a hullabaloo about it in the media? Incessant front-page headlines and discussion about threats to national security? Talk of banning Cisco equipment outside the U.S., etc.? Oh, what, you missed it too?! Yet at the same time, Huawei’s international lynching is not only in full swing – it’s in full swing without such backdoors, and without any convincing evidence thereof whatsoever.

source

Read on…

Hi folks!

Once upon a time, long, long ago, we had a pet pig. Not a real one – and it didn’t even have a name – but its squeal became a famous one. Now, those of you who’ve been using Kaspersky Lab products for decades will no doubt know what I’m referring to. For the relative newbies among you, let me let you in on the joke…

In the cyber-antiquity of the 1990s, we added a feature to our AV product: when it detected a virus, it gave out a loud piggy-squeal! Some folks hated it; others loved it!

source

But after a while, for one reason or another, eventually the piggy squeal disappeared; incidentally – as did the ‘K’ icon in the tray, replaced by a more modern and understandable symbol.

Now, any good company has a circle of devoted fans (we even have an official fan club), and we’re no exception. And many of these fans down the years have written to me imploring us to ‘Bring back the pig!’ or asking ‘Where’s the ‘K’ in the Taskbar gone?!’

Well not long ago, we figured that, if that’s what folks want, why not give it to them? And since these days customizing products is really simple… that’s just what we did. So, herewith, announcing…

… the return of the piggy! :)

Right. So how do you actually go about activating its squeals and bringing back the ‘K’? Here’s how:

In one of the most recent versions of our personal products was added an update (19.0.0.1088(e), which, btw, internally is codenamed ‘K icon and pig’!). And the update works for all our personal products: KFA, KAV, KIS, KTS, KSC and KSOS.

All this talk of piggies and Ks… but might they affect the quality/ speed/ efficiency/ effectiveness/ whatever of our products? Simple answer: no – in no way at all. Nice. Right – back to all this talk of piggies and Ks…

Here are the instructions:

1. Make sure you have update 19.0.0.1088(e) or later, with the default settings applied;
2. Make sure you have Windows 7 or older (for example XP) (sorry folks, this doesn’t work on Windows 10);
3. Right-click on the product’s icon in the Taskbar, choose ‘About’, and here we apply some magic…
4. Now type IDKFA (in caps, like here);
5. Next – download a test file (a file that pretends to be a virus): eicar test file;
6. The file won’t download though (the product blocks it in the browser), and instead of the download window opening – you guessed it: piggy squeal;
7. There’s another way of doing it: pause the protection. Bingo!

You can change the icon in exactly the same way, only you need to type IDDQD instead of IDKFA. Btw: if you type it a second time, the icon will revert back to the standard one.

And if you’re wondering why on earth you need to type IDDQD or IDKFA, check this out ).

So there you have it. The pig is back. As is the K! Well, we had to make up for the ‘Lab’ being dropped, right? )

More: Emulator technology: real crafty malware’s worst nightmare.. . .

About five years ago we launched an interesting project – our own Business Incubator . Why? Because there are a lot of great ideas out in the wild that need nurturing to grow and develop into something great. And we have the resources to help them do this! So we’ve been scouting for cool innovative ideas and giving startups ‘wings’ to fly.

One of the most successful examples of projects from our Business Incubator is Polys, launched in 2017. It’s an online platform for electronic voting based on blockchain. I’ve already mentioned it in this blog. But briefly: it’s safe, anonymous, unhackable, and what I think is more important – very easy to use and suitable for any kind of voting. I personally believe that the future of voting is indeed online and blockchain. Polys has already been officially used by Russian political parties, student bodies, and regional government organizations. And I’m sure that these are just the first steps of this KL nestling.

We’ve another up-and-coming Incubator project on board – Verisium. This is an IoT platform for customer engagement and product authentication. Especially needed in the fashion industry, it helps fight the counterfeiting of luxury products, and gives brands the ability to track product lifecycles and gain marketing insights into how products ‘live’ and perform. Verisium has already launched a number of joint projects with Russian designer brands – involving clothes with NFC chips on blockchain.

source

However, though it’s doing really well, the Incubator wasn’t enough for us. So we decided to scale-up the way we work with startups and innovative companies, while focusing on something we know rather well… cybersecurity!

At the end of May (so, in a matter of days) we’re launching a new program that will run globally – the Kaspersky Open Innovations Program. We’re doing it to build an ecosystem that allows for transparent conversation and fruitful collaboration between businesses and innovative cybersecurity companies around the globe.

To start-off, we’re launching a global startup challenge. We’ll be looking for startups that already have products, or MVPs, or even prototypes; we’ll be looking for those who already have something to sell, or already have had some sales and now need more. Since we’ll be neither investing in these companies, nor acquiring them, we’ll keep the focus on finding solutions that can truly benefit from being embedded with our technologies or integrated with them to maximize protection capabilities.

Another goal will be to take the results of our collaboration with startups – and their many new innovative products, solutions, services, etc. – to companies of different sizes around the world.

So, if we’re not investing and not acquiring, what are we actually offering? As a global company, we’ll help startups scale up globally by supporting their further product and business development. But probably most importantly, we’ll be providing an opportunity for startups to build a partnership with us and a chance to sit at the same table with the big guys and global companies.

Join now and take your business worldwide!

source

Hi folks!

Herewith, the next in my series of occasional iNews, aka cyber-news from the dark side updates – this one based on some of the presentations I saw at our annual Security Analyst Summit in Singapore last month.

One of the main features of every SAS is the presentations given by experts. Unlike other geopolitically-correct conferences, here the analysts up on stage share what they’ve discovered regarding any cyberthreat, no matter where it may come from, and they do this based on principle. After all, malware is malware and users need to be protected from all of it, regardless of the declared virtue of the intentions of those behind it. Just remember the boomerang effect.

And if certain media outlets blatantly lie about us in response to this principled position, so be it. And it’s not just our principles they attack – for we practice what we preach: we’re way ahead of the competition when it comes to the numbers of solved cyberespionage operations. And we’re not planning on changing our position in any way to the detriment of our users.

So here are a few synopses of the coolest investigations talked about at SAS by the experts behind them. The most interesting, most shocking, most scary, most OMG…

1. TajMahal

Last year, we uncovered an attack on a diplomatic organization from Central Asia. Of course, that an organization like that is interesting to cybercriminals should come as no surprise. The information systems of embassies, consulates and diplomatic missions have always been of interest to other states and their spy agencies or generally any bad guys with sufficient technical ability and financial wherewithal. Yes, we’ve all read spy novels. But here was something new: here a true ‘TajMahal’ was built for the attacks – an APT platform with a vast number of plugins used (we’ve never seen so many used on one APT platform – by far) for all sorts of attack scenarios using various tools.

The platform consists of two parts: Tokyo and Yokohama. The former is the main backdoor, which also fulfils the function of delivery of the latter malicious program. The latter has very broad functionality: stealing cookies, intercepting documents from the printer queue, recording VoIP calls (including WhatsApp and FaceTime), taking screenshots, and much more. The TajMahal operation has been active now for at least five years. And its complexity would suggest that it’s been built with more than one target in mind; the rest remain for us to find…

Details of this APT-behemoth you can find here.

Read on…

Hi folks!

My April journeying continues. It’s already seen me visit such charming cities as Hanover, Baku and Dubai (reports thereon coming soon). Next stop – Singapore. The garden city, the island wonder – one of my fave cities on the planet, if not the fave. But oh it’s hot. And, oh, it’s humid. But it still remains the city of the future. Maybe that’s why I like it so much?…

First, a few ok pics (mine), and some really good pics (not mine; I still need practice) of this wonder-city – by day, by night, of the ships waiting in line for access to the port:

So why was I here (as if I needed a reason)? Because the annual Security Analyst Summit was being held here – the eleventh! And it was… hmmm – I’ll get to that in a bit…

First – how does one go about gauging the success of a SAS? How do you measure it? Was it totally awesome, or just so-so, or something else? Well, IMHO, you can tell if it was totally awesome if, afterward, you have a strange, somewhat paradoxical feeling: on the one hand you have nothing but positive emotions – a euphoric aftershock that just won’t go away. On the other – you’re already aware that something’s sadly lacking in your life, and will stay lacking for another year – the buzz of a SAS! And on the other – third?! – hand, you feel a little… afraid – when you wonder just how on earth next year’s event will be made even better than this year’s! But then you remember how every year after a SAS you think the same thing – and the following year’s event does turn out even better, and you start to feel better again. All these psychological symptoms together should really be called ‘post-event syndrome’. Must remember that term for next time…

Oops. I’ve digressed. Let me get back to ‘was it good?’. It was, as I hope the previous paragraph indicates. But also – have a look at all the comments, links, likes…

If you’re a new reader here, and maybe SAS is new to you too, briefly, SAS is: an annual event bringing together experts (and the press, bloggers) from all over the world to basically talk to each other, in an informal setting, all about cybersecurity. Announcements, presentations, achievements, challenges, industrial CTF, etc., etc. For a bit more on the SAS template, go here.

Next up: where, why, how, who, from where…

SAS-2019 brought on a ferocious bout of post-event syndrome, whose intensity was all the more acute due to fears that some folks might pull out due to geopolitical reasons. But in the cybersecurity industry folks think with their heads and aren’t swayed by sensational headlines. After all, battling the cyber-baddies is only effective when done together, exchanging information, and telling each other about our victories over the computer underground. Cybercriminals know no borders. And the cyber-goodies shouldn’t be limited by them either. And I’m so glad that our colleagues and competitors in the industry feel the same way.

So, there we were fearing no-shows, but in the end not only did everyone turn up but even more did than we expected! But that figures really – for who doesn’t want to get better acquainted with the company that’s being targeted because it takes a principled stand on protecting users from any cyber-vermin, no matter who may be responsible for it and no matter how much it roils certain very powerful cyberwar-mongers. SAS-2019 broke all its own records: 500+ guests, 100+ contributors, 34 countries represented, ~70 presentations, ~10 workshops and training sessions, and more coverage on social media and in the press than ever before.

Right, where did it all start this year. Ah yes, like every year – it all starts actually months in advance when a countdown clock starts showing the number of days, hours and minutes there are left until the event. Fast forward to the morning of the first day, and those clocks have just minutes left, and the anticipation is hitting fever pitch… All the kit and chairs are in place, microphones fully charged, lighting and visual effects all set up, cameras ready (prepare to flash)…

One minute left…

And we’re off!

After a short welcoming speech, I was pinged to get up on the stage. Of course I obliged, gave a very warm warm-up speech, and also took some pics of the audience from the stage. Why should the audience have all the happy-snapping fun, eh? )

After me it was expert after expert sharing their stories – each one fascinating…

This year the number of presentations was the highest it’s been, as mentioned above, but the diversity of types of presentations was real wide too: some were very technical; others were more business-oriented; there were special training sessions on reverse engineering and other methods for pursuing the cyber-swine; a mini-exhibition; an open presentation room for rooky specialists, and a new feature called SAS Unplugged… As to the best of the best content – that will be coming up shortly in a separate cyber-news-from-the-dark-side post.

This year’s SAS brought us for the first time the following:

• Separate cybersecurity white-hat hacking streams;
• A small exhibition of participating companies;
• Industrial topics;
• Lots of other stuff, but I can’t quite remember it all.

Come the evening, though everyone was no doubt tired trying to take in all the new information of the day, we all headed to a super seafood restaurant I always visit when in town. Yeh! Yum!

And that was that – almost. Time left only for the final few mega-presentations that are traditionally saved till last. They really were something. If interested – have a search for them on the internet.

Then it was my turn again up on stage. ‘Thank you all for coming’, and the obligatory back-at-you pic:

PS: A big thank-you to Roman Rudakov. His ‘masterpiece button’ provided most of the photos in this post.

PPS: Briefly about where we held this year’s SAS – the Swissotel Stamford, where I’d stayed before, and which I only had negative recollections of. Not that I’m fussy when it comes to hotels. I’m comfortable up a mountainside in the cold and spending the night in a tent, but if a hotel says it’s a 5* hotel on the tin, I expect that’s what’s inside it too. Here, back in 2017 that wasn’t the case. However, this year I was very pleased with the place. Everything seemed to be in fully working order, everything seems to have been renovated, with everything shiny and new somehow. The one thing that they haven’t gotten round to is providing decent Wi-Fi, but that’s all:

Yes, I know – I still use Far Manager! I’m used to it, that’s all ).

Well that’s it for today folks, but I’ll be back with more tomorrow…

All the pics form SAS-2109 are here.

Having recently been in Maranello to see the unveiling of the new Ferrari F1 racing car, I want to return to the automotive theme for this post. Because coming up there’s a new chapter in the ~250-year history of the automobile. It’s a biggie in itself, but there’s a security aspect of this new chapter that’s even bigger. But I’m getting ahead of myself. Time to engage reverse, and go over this biggie first…

Of late, the headlines have been pretty interesting regarding the modern automobile– plus what one will look like in a few years to come. Examples: California will legalize the testing of self-driving cars on public roads, Swedish gravel trucks will load up, drive for miles and unload with no driver at the wheel, and KAMAZ has come up with a driver-less electric mini-bus. Google, Yandex, Baidu, and who knows how many other companies from different spheres and countries are developing driverless projects. Of course, some of the headlines go against the grain, but these are mere exceptions it seems.

And just recently I was at the food processing plant of Barilla (our client, btw) in Italy, and saw more automation than you can shake a spatula at: the automated conveyor delivers up tons of spaghetti; robots take it, package it, and place it into boxes; and driverless electric cars take it to and load it into trucks – which aren’t yet automated but soon will be…

So, self-controlled/self-driving vehicles – they’re here already, in some places. Tomorrow, they’ll be everywhere. And without a trace of sarcasm, let me tell you that this is just awesome. Why? Because a transportation system based on self-driving vehicles that operate strictly to a set of rules, has a little chance of degradation of productivity. Therefore, cars won’t only travel within the prescribed speed limits, they’ll do so faster, safely, comfortably, and of course – automatically. At first there’ll be special roads only for driverless vehicles, later – whole cities, then countries will be driverless. Can you imagine the prospects for the upgrade market for old driver-driven cars?

That out the way, now comes the interesting bit – the reason for so many words in this here blogpost. Let’s go!…

Read on…

Hola, amigos!

Toward the end of last year we opened our first Transparency Center and a Data Center in Zurich, Switzerland, dedicated to processing data for our customers in Europe. Though that’s just short of five months ago, it’s become clear that this large-scale project reflects perfectly the current concerns regarding the cybersecurity industry in today’s geopolitical climate.

Both the business community and government agencies are reeeaaaal keen on one thing at the moment: crystal clear transparency. And no wonder! In times when any company can be accused at the highest official level of whatever digressions can be thought up – with zero evidence (are you following the Huawei saga?) – both business and state regulators all over the world are left with no other option than to conduct their own analysis and seek out the actual facts (and also use something that is alarming lacking of late: common sense).

It was for this reason that our first Transparency Center has turned out to be both very timely and very useful: it’s visited regularly by our partners and European officials. And I’m very pleased that we’ve become pioneers in the cybersecurity industry with our global openness initiative.

And on the back of the early successes of our Zurich centers, to continue the meet the needs of the market we’re opening another Transparency Center – in Madrid. Hola, amigos! Besides, by the end of the year we’ll open yet another – in Asia.

The function of the new centers will be the same: accessing both our source code and updates. And in Spain colleagues will be on hand to tell visitors about the finer details of our technologies, products and services – in the showroom there.

So, soon, expect to see the pics from the grand opening – right here on this blog. Stay tuned!

Kaspersky Lab’s Data Center in Zurich

And just in, some more news on the theme of ‘demolishing myths’…

We’re publishing some research findings of a respected independent expert on Russian legal matters – Prof. Dr. Kaj Hobér of Uppsala University, Sweden. The professor has been studying the intricacies of the Russian legal system now for more than 30 years. He started this back when Russia was still in the Soviet Union, having lived for several years in Moscow. And he’s been an arbiter in over 400 arbitration cases. In short, a very impressive CV and a very impressive individual, whose utmost professionalism it’d be hard to doubt.

His research concerns three Russian laws relating to the processing and storage of data. Now, some ‘experts’ and journalists often make reference to these laws when they write about KL. But doing so is just soooo off the mark! This independent analysis proves how we (KL) aren’t bound by any of the three laws – for one simple reason: we aren’t an internet service provider or mobile phone company! For it’s only internet providers and mobile operators that are bound by the three laws. We aren’t. And that’s that! So, let’s take, say, the Yarovaya law: it’s not our headache at all, as it doesn’t affect us at all!

So please, dear experts and journalists and bloggers, please base your judgements on facts, logic, and now independent irrefutable expert analysis – not on the country a company may hail from or on the sensationalist false allegations serving the current geopolitical agenda.