Cyber-tales from the dark – and light – sides.

Hi folks!

Today I’ve got some fresh, surprising cybersecurity news items for you. The first few are worrying stories about threats stemming from a certain ubiquitous small device, which many folks simply can’t be without just for one minute – including in bed and in the bathroom. The last few are positive, encouraging stories – about women on the up in IT. Ok, let’s dive in with those worrying ones first…

Don’t join the Asacub victim club

These days, folks tend to entrust their (trusty?) smartphones with all sorts of stuff – banking, important work and personal documents, messaging (often with very personal details strictly for a few eyes only), and more. But, hey, you’ll know all this perfectly well already, and may be one of these folks to this or that extent yourself; and if you are – you really do need to read this one carefully…

At the end of August a sharp increase was detected in the proliferation of the Android Trojan Asacub, which exploits that peculiarly human weakness called curiosity. The Trojan sends a text message with words like: ‘Hey John: You should be ashamed of yourself! [link]’, or ‘John – you’ve been sent an MMS from Pete: [link]’. So John scratches his head, becomes as curious as a cat, wonders what’s in the photo, clicks on the link, and (willingly!) downloads an application… which then proceeds to stealthily access his full contact list and start sending out similar messages to all his peers.

But this crafty malware doesn’t stop there. It can also, for example, read incoming texts and send their contents to the hackers running the malware, or send messages with a given text to a given number. And the ability to intercept and send texts gives the authors of the Trojan the ability to, among other things, transfer to themselves funds from the bank card of the victim if the card is digitally connected to the phone number. And as if that weren’t bad enough – there’s a bonus for the victim: a huge bill from his mobile provider for sending all those messages to everybody.

So how can you protect yourself from such fearsome mobile malware? Here’s how:

  • Don’t click on suspicious links;
  • Carefully check which rights are being requested by the downloaded application (e.g., microphone, camera, location…);
  • And last and most: the simplest step – install reliable protection on your Android smartphone.

Android? Hmmm. I can hear all the sighs of relief just now: ‘Aaaaahhhh, thank goodness I’ve got an iPhone!’!

Hold your horses all you Apple lovers; here’s a couple of links for you too (don’t worry: you can click these – honest!):

Read on…

iDeath of eVoldemort

Fairy tales and fantasy stories have long dispelled the myth about the invincibility of global storybook power brokers and villains (as for us, for more than 20 years we’ve been busting the very same myth in cyberspace). Every Voldemort relies on security of his diary, his ring, his snake, his… well, I guess you know all about the Horcruxes. And the success of your war on villainy, whether fairytale or virtual, depends on two key qualities: perseverance and intellect (meaning technology). Today I will tell you how perseverance and intellect, plus neural networks, machine learning, cloud security and expert knowledge — all built into our products — will keep you protected against potential future cyberthreats.

In fact, we have covered the technologies for protection against future cyberthreats before (more than once, a lot more than once, and even for laughs). Why are we so obsessed with them, you may wonder.

It’s because these technologies are exactly what makes robust protection different from fake artificial intelligence and products that use stolen information to detect malware. Identifying the code sequence using a known signature after the malware has already sneaked into the system and played its dirty tricks on the user? No one needs that. “A poultice on a wooden leg,” so to say.

But anticipating cybervillains’ patterns of thought, apprehending the vulnerabilities they’ll find attractive, and spreading invisible nets capable of automatic, on-the-spot detection — only a few industry players are capable of that, sad but true. In fact, very few, according to independent tests. WannaCry, the decade’s largest epidemic, is a case in point: Thanks to System Watcher technology, our products have proactively protected our users against this cyberattack.

The key point is: One cannot have too much future cyberthreat protection. There is no emulator or big-data expert analysis system able to cover all of the likely threat vectors. Invisible nets should cover every level and channel as much as they can, keeping track of all objects’ activities on the system, to make sure they have no chance ever to cause trouble, while maintaining minimum use of resources, zero “false positives,” and one hundred percent compatibility with other applications to avoid blue screens of death.

The malware industry keeps developing, too. Cybervillains have taught (and continue to teach) their creations to effectively conceal themselves in the system: to change their structure and behavior, to turn to “unhurried” action modes (minimize the use of computing resources, wake up on schedule, lie low right after penetrating the target computer, etc.), to dive deep into the system, to cover up their traces, to use “clean” or “near-clean” methods. But where there is a Voldemort, there are also Horcruxes one can destroy to end his malicious being. The question is how to find them.

A few years ago, our products beefed up their arsenal of proactive technologies for protection against advanced cyberthreats by adopting an interesting invention (patent RU2654151). It employs a trainable objects behavior model for high-accuracy identification of suspicious anomalies in the system, source localization and suppression even of the most “prudent” of worms.

Read on…

Enter your email address to subscribe to this blog
(Required)

Dutch hacker, big cyber-politics, and the anatomy of ‘real’ fake news.

Almost 21 years ago, I embarked on a mission to make the world a safer, better place. Today, we’re proud to protect with our cybersecurity solutions the digital lives of over 400 million consumers and 270,000 organizations around the world. Like many other companies whose aim is enhancing people’s lives, we also know that the higher you go, the stronger the winds can be. For us these winds include false media reporting. And in today’s environment of ‘media-ocracy’ and fake news, the situation is getting worse.

For nearly four years now, certain U.S. media outlets have been printing outlandishly preposterous false stories about cyber-conspiracies concocted between secret service folks and Yours Truly against the ‘free world’.

Evidence suggests that a Dutch politician is behind a fake story about Kaspersky Lab in the biggest Dutch daily newspaper

These tales from the paranoid side about us all fit the same template. Accordingly, their basic structure and rhetoric are always identical:

  • Unnamed U.S. intelligence officials share certain ‘shocking details’ about [insert as applicable] with a select few representatives of a given media outlet;
  • Anonymous sources are mostly used; any ‘sources’ cited are incompetent/unqualified to be sources;
  • Zero evidence of any wrongdoing on our part is presented (logical: there is no wrongdoing);
  • Distortion of reality based on the Pareto principle (80% truth + 20% fiction = monstrous lie);
  • These media stories are then used as a basis for taking political decisions (proof).

Incidentally, you may be wondering why, if all the stories about us are indeed false, we’ve never taken legal action in the U.S. The short answer to that is that U.S. legislation makes establishing the truth of a media story very difficult. Meanwhile, we get a ‘media-ocracy’ – with ‘news’ that isn’t news at all, just a vehicle for instilling in readers’ minds images of an ‘enemy’, so as to influence the underlying opinions of the people reading those media. But it doesn’t stop there. This non-news is used to justify high-level political moves against the next-in-line-to-be-out-of-favor company. Yes, of late it’s not just KL being pinpointed; this is growing bigger and bigger every month, affecting other companies too.

Worryingly, this media-ocracy is very influential – and highly contagious; so much so that it can now be felt all around the world, not just in America. And that now includes even the Netherlands.

Media-ocracy: vehicle for instilling in readers’ minds images of an ‘enemy’ and using false allegations for taking political decisions. Alas, it’s highly contagious.

On February 3 of this year, the largest Dutch national daily newspaper, De Telegraaf, published a ‘sensational’ article about a hacker who, allegedly, had claimed to have hacked into the network of our Dutch office (from just outside the building) and managed to obtain a number of IP addresses – all as part of a supposed investigation to help uncover a leak in the Dutch parliament – a leak organized to help ‘the Russians’. Inevitable questions like why specifically we were hacked, why those particular IP addresses were obtained, etc. are left unanswered, but for us the key thing to be addressed was the claim that someone had breached our own highly secure corporate network.

So yes, we took the claims very seriously. We’re a cybersecurity company, remember?! So naturally we carried out an internal investigation. And guess what it showed. No hack occurred. But that’s only the start of this sorry tale.

Read on: It gets even more ridiculous…

Features you’d normally never hear about (ver. 2018): KFP – Keeps your Funds Preserved!

When it comes to choosing an item of clothing – the only thing that’s important for me is functionality. Nice packaging, a designer brand, status level and other stuff don’t matter to me one bit. Same with cars really: if one gets you from A to B in good time, safely, and in reasonable comfort (so, maybe with a/c.) that’s all that really matters.

The same ‘ignore the unimportant stuff’ principle should be applied when it comes to one’s choice of cybersecurity product too. One really should – though many don’t – make sure one doesn’t fall for the ‘other stuff’ (= marketing waffle) that has no relation to actual protection. For it turns out that in thorough independent testing, new glamorous ‘next-generation antivirus’ products are shown to contain under their hoods fake artificial intelligence, adopted AV detection, and ‘protection’ full of holes. Put another way: they’re placebos, nothing more. So, in order not to become a victim of shiny marketing based on unsound security, you need to lift the hood yourself to have a look at how things work.

Of course, not everyone has the time and patience and technical knowledge to be able to plough through technical documentation of a cybersecurity product and understand it. But even if someone did, there’s still a chance the developer is mostly spinning a yarn throughout all that techy jargon.

With us, on the other hand, it’s just the opposite: we’re proud of our technologies, openly publish their technical details (without the yarns) and consider that anyone can understand them if explained appropriately. Ultimately we’re the most transparent cybersecurity company around – even to the extent that we’re ready to share our source code for inspection.

But to add to the clarity and accessibility of some of our tech, seven years ago, I started a series of regular posts on this here blog with the technology tag, in which all the main points of our more complex tech features are explained in simple language (complex tech features ‘you’d normally never hear about’, much less – read about in the regular, for-geeks-only technical notes). These are the largely invisible – under-the-hood – features, but they’re the ones that happen to be the real nuts-and-bolts of our cyberprotection.

Ok. Intro over. Today’s post is about how banks recognize a hack into your bank account.

Let’s say that one day you get a message from your bank that goes along the lines of: ‘Suspicious activity has been detected on your account…’. The first thing you do is go over the last few days trying to recall everywhere you’ve been, where you withdrew cash and how much, what you bought in shops/cafes, etc. and/or online, and so on.

In my case, it may look like this: (i) withdrew Norwegian kroner from an ATM in Longyearbyen, Svalbard, Norway; (ii) bought a steak and a beer salad and a mineral water in Oslo Airport, Norway; (iii) bought the missus a present in Schiphol Airport in Amsterdam, Holland – plus another salad and mineral water for lucky me; (iv) somewhere in the vicinity of the Azores bought some airplane internet access time; (v) withdrew some balboas in Tocumen Airport in Panama; and (vi) paid for dinner for a large party in a village not far from Panama City. And that was all in just one day!

Now, of course, to a bank, that string of transactions with a credit card – registered in none of the countries mentioned – sure could look suspicious. Quite who starts the day in the northernmost town in the world, buys an expensive duty free item a while later in a European capital, and ends up in Panama in the evening and forks out for a banquet, but has never taken such an unusual route before ever?

Sure. But let’s face it, banks can’t keep track of their millions of clients. How many employees would they need to do so? No, instead, the bank has a smart automated system (like Kaspersky Fraud Prevention (KFP)) that recognizes fraud automatically and with a high degree of accuracy. Ok, let’s have a look under KFP’s hood and see how it protects your money.

Each client of a bank has a model of behavior: a mathematical graph that contains the devices (computers, smartphones, tablets) and accounts of the user, bank services used (e.g., internet banking), and also rules for interaction among all the just mentioned. The model is built on the basis of collected anonymized data about specific activity of the client on the internet and using mobile bank. Crucially, the system isn’t interested in concrete transactions, sums involved, invoice details, names and so on – banking secrecy remains banking secrecy. Threats are calculated based solely on technical metadata and analysis of anonymized actions.

Such an approach allows to automatically detect many different kinds of cyber-fraud.

Example 1: Citizen X uses his internet banking application on his home computer. To authenticate his identity he uses the USB token given him by the bank. But since for protection he’s installed a next-generation antivirus based on a ‘cutting-edge AI system’, one day a malicious Trojan gets through. That Trojan – assisted by the token being forgotten about and left in the USB port – starts to transfer money on the quiet from Citizen X’s account. But it’s not ‘on the quiet’ for the banking anti-fraud system, which detects the anomalous behavior quickly, blocks the operation and informs the bank’s security department.

KFP control panel

Read on…

Nǐ Hǎo, cyber-chief!

Ni Hao folks!

Last Friday we had the pleasure of receiving none other than Xu Lin, China’s chief of cybersecurity and internet policy. Naturally, it was time to roll out the red carpet.

We’ve been working in China now for more than 15 years. In that time we’ve come a long way: from literally nothing (zero market presence) to a well-recognized brand (Ka-Ba-Si-G; the whole naming thing in China is a whole other story – on for another day) and good contacts in high places. We meet with Chinese regulators regularly (funny, but I’m sure those two words are unrelated:), more often than not in Beijing, but sometimes also in Wuzhen. Well it was Moscow’s turn this time to host one of our meets.

Read on…

An open letter to the management of Twitter.

“When you tear out a man’s tongue, you are not proving him a liar, you’re only telling the world that you fear what he might say.”

Tyrion Lannister, Game of Thrones

Dear Mr. Dorsey and the rest of the senior management of Twitter,

I see that of late you’ve been having concerns about the ‘health’ of your social media platform, and how it can be used maliciously for spreading disinformation, creating social discord, and so on. As a long-time advocate of a safe and friendly internet, I share these concerns! Though I thought my company stood on the periphery of this social media storm, it turns out I was quite mistaken.

If this is a mistake please openly admit this. This would quash any doubts about potential political censorship on Twitter.

At the end of January of this year, Twitter unexpectedly informed us about an advertising ban on our official accounts where we announce new posts on our various blogs on cybersecurity (including, for example, Securelist and Kaspersky Daily) and inform users about new cyberthreats and what to do about them. In a short letter from an unnamed Twitter employee, we were told that our company “operates using a business model that inherently conflicts with acceptable Twitter Ads business practices.”

“OUR DETERMINATION THAT KASPERSKY LAB OPERATES USING A BUSINESS MODEL THAT INHERENTLY CONFLICTS WITH ACCEPTABLE TWITTER ADS BUSINESS PRACTICES”

Huh? I read this formulation again and again but still couldn’t for the life of me understand how it might relate to us. One thing I can say for sure is this: we haven’t violated any written – or unwritten – rules, and our business model is quite simply the same template business model that’s used throughout the whole cybersecurity industry: We provide users with products and services, and they pay us for them. What specific (or even non-specific) rules, standards and/or business practices we violated are not stated in the letter. In my view, the ban itself contradicts Twitter’s declared-as-adopted principle of freedom of expression. I’ll return to that point in a minute, but first let’s look at the others:

Read on: Common sense hasn’t died. It just appears to be having a gap year…

It’s a crypto-minefield out there.

Buzzwords of the 21st century. They come; some go – some stay. Example of the latter: synergy. Remember that one? It used to be bandied about in practically every business presentation given some 15 years ago (apart from mine; no thank you!). And do you recall the Y2K bug? Oh my goodness – that was 18 years ago already :). That too came and went (after having turned out to be much ado about nothing). Out of those that come and stay, there’s… hmmm… leverage, wellness, proactive, paradigm… But I digress.

Back to what I want to talk about today…: specifically tech buzzwords. Which ones spring to mind? Artificial intelligence? Big data? The internet of things? Quantum computing? Or maybe the uber-buzzy cryptocurrencies and bitcoins? These are among the most popular according to Google, too, btw.

Not all buzzwords are silly/nonsense/marketing hype/investor-and-consumer deceiving… sophistry (is that a buzzword? Sure sounds it, but…:). Blockchain is one example. For example, our business incubator is nurturing several blockchain ideas that will change the world for the better in their niches.

Not just to buy Bitcoins but also to sell them

But that’s not what this post is about. Today I want to share my thoughts on the influence of cryptocurrencies on global cybersecurity and how we help users protect themselves from new threats. I’ll also fantasize a little about the future of free internet services and options for monetization of software.

Read on…

B&B: Berlin & Bosch.

I’ve just got myself a +1 to my collection of German industrial exhibitions/conferences, which now runs to a grand total of three. It was Bosch Connected World – both a conference and exhibition that ‘celebrate the Internet of Things’. Hardware & software, robotics, stationary + mobile, automotive, cloud-based, AI… basically all the buzz words – and all here. But everything here is somehow Bosch-connected, either belonging thereto of partnering with it; therefore, it was rather smaller than the other two in my collection: Embedded World and Hannover Messe. The former is about all things cyber-digital-industrial-automotive, the latter – all things industrial in general, not just security.

If you’re already in the computer automation/robotics/smart-whatever field, or are planning on entering it soon, you need to get yourself here. We were here as we’ve decided to attend more vendor-themed events: they’re smaller scale, but more focused. So here we are: welcome to Bosch Connected World!…

Read on: Nice place, proper technology, business opportunities…

KL-2017: the proof of the pudding is in the preliminary financial results.

Hi folks!

Going against tradition just this once, this year we’ve decided not to wait for our official financial audit results, and instead publish preliminary sales results for last year straight away.

The most important business figure of the year is of course revenue. So, for all 12 months of 2017, our products, technologies and services were sold for US$698 million (in accordance with the International Financial Reporting Standards) – a 8% rise compared to the previous year.

Not a bad result at all, if I don’t mind saying so; a result that shows how the company is doing well and growing. What’s more, we have some real promising technologies and solutions that make sure we’ll keep on growing and developing into the future.

But here’s what is, to me, the most interesting thing to come out of the preliminary results: for the first time in the history of the company sales bookings of corporate solutions overtook those of our boxed products for home users – this riding on the back of a 30% increase in the corporate segment.

Another very pleasing fact: the good rate of growth of the business has come largely not from sales of our traditional endpoint products, but from emerging, future-oriented solutions like Anti Targeted Attack solutions, Industrial Cybersecurity, Fraud Prevention, and Hybrid Cloud Security. All together these grew 61%. Besides, forecast growth in sales of our cybersecurity services comes in at 41%.

Geographically, sales bookings in most of the regions overshot their annual targets. For example, in Russia and the CIS sales were up 34% on 2016. In META (Middle East, Turkey, Africa) sales skyrocketed up 31%; in Latin America – 18%; and in APAC – 11%. Japan demonstrated moderate growth (4%), while Europe was slightly below expectations (-2%).

The only region that didn’t do well was, as expected, North America, which saw a fall in sales of 8%. Hardly surprising this one, given that it was this region that was the epicenter of last year’s geopolitical storm, which featured both a disinformation campaign against us and an unconstitutional decision of the DHS. Nevertheless, despite the political pressure, we continue to operate in the market and are planning on developing the business further there.

It only remains for me to give huge thanks to all users, partners, and cybersecurity experts, and to anyone else (including most journalists and bloggers that covered us) for their support, and also a big up to all the KLers around the globe for their continued excellent work in these difficult times. Customer loyalty, impressive growth of the business, and high team morale are all clear indicators of our global success. Well done everybody!

More detailed info on the preliminary financial results can be found here.