S. America to S.E. Asia Air-Route Question.

Getting from Cancun in Mexico to Sanya in China, will never be one of the simplest routes – even given the most favorable of weather conditions. All the same, it will never be one of the longest. Still, that route does belong to the category of the ‘trickiest air routes in the world’, i.e., between South America and Southeast Asia (flying in either direction) : the distances are always big, and the air routes are rarely straightforward.

For example, flying from Hong Kong, Bangkok or Kuala Lumpur to Santiago or Buenos Aires will always be an avia-endurance test both in terms of total journey time and the number of connections. I say always, since all available routes – all four of them – all take approximately the same number of hours to complete.

My question:

What are these four (very different) ways of flying (on a commercial flight) from Southeast Asia to South America? (incidentally, one of them I’ve yet to fly myself). Let’s say, from Hong Kong to Santiago and from Hong Kong to Buenos Aires?

World MapSource

Read on: … and the answer is…

The Big Picture.

Last spring (2015), we discovered Duqu 2.0 – a highly professional, very expensive, cyber-espionage operation. Probably state-sponsored. We identified it when we were testing the beta-version of the Kaspersky Anti Targeted Attack (KATA) platform – our solution that defends against sophisticated targeted attacks just like Duqu 2.0.

And now, a year later, I can proudly proclaim: hurray!! The product is now officially released and fully battle ready!

Kaspersky Anti-Targeted Attack Platform

But first, let me now go back in time a bit to tell you about why things have come to this – why we’re now stuck with state-backed cyber-spying and why we had to come up with some very specific protection against it.

(While for those who’d prefer to go straight to the beef in this here post – click here.)

‘The good old days’ – words so often uttered as if bad things just never happened in the past. The music was better, society was fairer, the streets were safer, the beer had a better head, and on and on and on. Sometimes, however, things really were better; one example being how relatively easy it was to fight cyber-pests in years past.

Of course, back then I didn’t think so. We were working 25 hours a day, eight days a week, all the time cursing the virus writers and their phenomenal reproduction rate. Each month (and sometimes more often) there were global worm epidemics and we were always thinking that things couldn’t get much worse. How wrong we were…

At the start of this century viruses were written mainly by students and cyber-hooligans. They’d neither the intention nor the ability to create anything really serious, so the epidemics they were responsible for were snuffed out within days – often using proactive methods. They simply didn’t have any motivation for coming up with anything more ominous; they were doing it just for kicks when they’d get bored of Doom and Duke Nukem :).

The mid-2000s saw big money hit the Internet, plus new technologies that connected everything from power plants to mp3 players. Professional cybercriminal groups also entered the stage seeking the big bucks the Internet could provide, while cyber-intelligence-services-cum-armies were attracted to it by the technological possibilities if offered. These groups had the motivation, means and know-how to create reeeaaaally complex malware and conduct reeeaaaally sophisticated attacks while remaining under the radar.

Around about this time… ‘antivirus died’: traditional methods of protection could no longer maintain sufficient levels of security. Then a cyber-arms race began – a modern take on the eternal model of power based on violence – either attacking using it or defending against its use. Cyberattacks became more selective/pinpointed in terms of targets chosen, more stealthy, and a lot more advanced.

In the meantime ‘basic’ AV (which by then was far from just AV) had evolved into complex, multi-component systems of multi-level protection, crammed full of all sorts of different protective technologies, while advanced corporate security systems had built up yet more formidable arsenals for controlling perimeters and detecting intrusions.

However, that approach, no matter how impressive on the face of it, had one small but critical drawback for large corporations: it did little to proactively detect the most professional targeted attacks – those that use unique malware using specific social engineering and zero-days. Malware that can stay unnoticed to security technologies.

I’m talking attacks carefully planned months if not years in advance by top experts backed by bottomless budgets and sometimes state financial support. Attacks like these can sometimes stay under the radar for many years; for example, the Equation operation we uncovered in 2014 had roots going back as far as 1996!

Banks, governments, critical infrastructure, manufacturing – tens of thousands of large organizations in various fields and with different forms of ownership (basically the basis of today’s world economy and order) – all of it turns out to be vulnerable to these super professional threats. And the demand for targets’ data, money and intellectual property is high and continually rising.

So what’s to be done? Just accept these modern day super threats as an inevitable part of modern life? Give up the fight against these targeted attacks?

No way.

Anything that can be attacked – no matter how sophisticatedly – can be protected to a great degree if you put serious time and effort and brains into that protection. There’ll never be 100% absolute protection, but there is such a thing as maximal protection, which makes attacks economically unfeasible to carry out: barriers so formidable that the aggressors decide to give up putting vast resources into getting through them, and instead go off and find some lesser protected victims. Of course there’ll be exceptions, especially when politically motivated attacks against certain victims are on the agenda; such attacks will be doggedly seen through to the end – a victorious end for the attacker; but that’s no reason to quit putting up a fight.

All righty. Historical context lesson over, now to that earlier mentioned sirloin…

…Just what the doctor ordered against advanced targeted attacks – our new Kaspersky Anti Targeted Attack platform (KATA).

So what exactly is this KATA, how does it work, and how much does it cost?

First, a bit on the anatomy of a targeted attack…

A targeted attack is always exclusive: tailor-made for a specific organization or individual.

The baddies behind a targeted attack start out by scrupulously gathering information on the targets right down to the most minor of details – for the success of an attack depends on the completeness of such a ‘dossier’ almost as much as the budget of the operation. All the targeted individuals are spied on and analyzed: their lifestyles, families, hobbies, and so on. How the corporate network is constructed is also studied carefully. And on the basis of all the information collected an attack strategy is selected.

Next, (i) the network is penetrated and remote (& undetected) access with maximum privileges is obtained. After that, (ii) the critical infrastructure nodes are compromised. And finally, (iii) ‘bombs away!’: the pilfering or destruction of data, the disruption of business processes, or whatever else might be the objective of the attack, plus the equally important covering one’s tracks so no one knows who’s responsible.

The motivation, the duration of the various prep-and-execution stages, the attack vectors, the penetration technologies, and the malware itself – all of it is very individual. But not matter how exclusive an attack gets, it will always have an Achilles’ heel. For an attack will always cause at least a few tiny noticeable happenings (network activity, certain behavior of files and other objects, etc.), anomalies being thrown up, and abnormal network activity. So seeing the bird’s-eye view big picture – in fact the whole picture formed from different sources around the network – makes it possible to detect a break-in.

To collect all the data about such anomalies and the creation of the big picture, KATA uses sensors – special ‘e-agents’ – which continuously analyze IP/web/email traffic plus events on workstations and servers.

For example, we intercept IP traffic (HTTP(s), FTP, DNS) using TAP/SPAN; the web sensor integrates with the proxy servers via ICAP; and the mail sensor is attached to the email servers via POP3(S). The agents are real lightweight (for Windows – around 15 megabytes), are compatible with other security software, and make hardly any impact at all on either network or endpoint resources.

All collected data (objects and metadata) are then transferred to the Analysis Center for processing using various methods (sandbox, AV scanning and adjustable YARA rules, checking file and URL reputations, vulnerability scanning, etc.) and archiving. It’s also possible to plug the system into our KSN cloud, or to keep things internal – with an internal copy of KpSN for better compliance.

Once the big picture is assembled, it’s time for the next stage! KATA reveals suspicious activity and can inform the admins and SIEM (Splunk, Qradar, ArcSight) about any unpleasantness detected. Even better – the longer the system works and the more data accumulates about the network, the more effective it is, since atypical behavior becomes easier to spot.

More details on how KATA works… here.

Ah yes; nearly forgot… how much does all this cost?

Well, there’s no simple answer to that one. The price of the service depends on dozens of factors, including the size and topology of the corporate network, how the solution is configured, and how many accompanying services are used. One thing is clear though: the cost pales into insignificance if compared with the potential damage it prevents.

Flickr photostream

  • KLHQ
  • KLHQ
  • KLHQ
  • KLHQ

Instagram photostream

From Mexico to China.

Your attention please! This is Tijuana Airport broadcasting! I’m now now starting a reality show about the adventures of a traveler trying to fly from Mexico to China. Welcome aboard!

So, the most convenient way of getting from Cancun to China is to fly Cancun -> Mexico City -> Shanghai (with a stop to refuel). This time, the attempt to follow this route was a total failure. Shanghai Pudong Airport closed for technical reasons – that is, due to some dense dog fog. So I’m sitting in Mexico’s most northeasterly city, Tijuana, waiting to depart.

This is a very remote part of Mexico, most people will never make it here and you’ve probably never even heard of it. Which only makes it all the more interesting! It’s known as the third most prosperous city in the country (after Cancun and Mexico City). Perhaps, that’s thanks to the United States, right across the border, which has set up all sorts of manufacturing plants here, uses the local inexpensive (but decent) medical facilities, etc. It’s also one of the most criminalized places in Mexico, supplying drugs and illegal immigrants to the States. Bad stuff…But it looks (downtown, as seen from my hotel) pretty decent – could be somewhere in California or Florida or suchlike.

Tijuana-airport-1

Read on: But the weather is nothing like Florida…

Enter your email address to subscribe to this blog

Cancun sunrises.

The 2016 season is in full swing, with winter and spring events following one another in quick succession. We have just completed our annual North American partner conference.

It was pretty much the same as always. Presentations, meetings, discussions. Products-technologies-services, strategies, promotion, problems, opportunities, ideas. Lunch, entertainment, networking. Two whole days. Got there – got together – got down to work.

cancun-mexico-partner-conference-1

From dawn to… dawn, pretty much :) Speaking of dawn, the sunrises were gorgeous:

Read on: looking for a better new place…

A long drive through the Alps.

It would be a real shame to come to the Alps, to the home of Italian alpine skiing, and not put on a pair of skis and personally try out the slopes in the surrounding valley. It’s been quite a while since I last put on mountain skis… way back in 2012!

I used to spend a week or two in the Alps each winter. These days, too much business things that can’t be missed, so I don’t really get the chance to go on a proper skiing break till my legs start giving way beneath me and my hands start shaking. However, this time I was in luck: three and a half days of slopes and enjoying alpine landscapes! The Alps are truly fabulous in winter! // Chances are they are just as nice in summer, but I’ve never seen them at that time of year :)

livigno-italy-ski-1

Read on: Google vs Yandex vs Mercedes …

Formula 1 on ice.

I’m not sure who exactly came up with the idea, but the first I heard about “Ferrari F1 on a ski slope” was about half a year ago. The very thought of driving a racing car on the ice and snow is so ridiculous that we just had to do it – that’s how we and Ferrari roll :)

This is what the event looked like at the Livigno ski resort at an altitude of 1,800 m, in front of a huge crowd of skiers, local residents, tourists and racing fans.

ferrari-f1-2016-livigno-italy-1

Read on: A little surprise for F1 aficionados…

Crossing the Alps in a helicopter.

In a follow-up to my plane trip, this post is about my recent jaunt in a helicopter.

I had really hoped our plane could land closer to our destination, which was deep in the mountains, but, unfortunately, the Alps were covered in clouds, and we weren’t allowed to fly to Samedan (am I the only one who hadn’t heard of this place before?) So we were diverted to Malpensa airport, Milan. This white helicopter came to Malpensa to collect us.

Which came as a huge surprise to me. Usually, helipads are either located outside international airports, or miles from the terminals, runways and taxi tracks. However, this time the helicopter landed close to the civil air terminal – in the photos above you can just make out the plane tails with the logos of Emirates (A-380), Lufthansa, Alitalia, Swiss Air, etc.

Then there was the most curious part of all – takeoff.

Read on: taxi like a regular plane…

Groundhog Night.

Fourth day on the road, third country: Moscow -> Barcelona ->  Nuremberg -> Milan. A new city means a new agenda: business meetings, interviews, presentations. From morning till night. Then a mad dash to the plane, a new hotel, you unpack your suitcase, you hit the sack, the alarm sounds, you pack your suitcase – and you’re on the road again. Groundhog night. ‘Night’, because the days are all very different and each of them amazing.

With regular flights, getting on top of this schedule is problematic to say the least, so my chance companion A.B. and I flew this Cessna Citation-2 ‘hummingbird’.

Once, a while ago, I felt like counting the cities I had visited – in Russia and the US – and comparing the numbers. You can follow the link to see what came out of it. I used the same approach this time – had a good look at the map of Germany and began to compile the list of cities I’ve been to… Here’s what I came up with:

Hamburg, Hannover, BerlinMagdeburg, Bochum, Düsseldorf, Bonn, Wiesbaden, Mainz, Eisenach, Würzburg, Nuremberg, Ingolstadt, Munich – a total of 14 cities, just like in Russia. Oh, and the brief stops in Wolfsburg, Cologne and Koblenz don’t really count.

I had passed Nuremberg a few times (on the route Hannover/CeBIT <-> mountain skiing), but I had never visited the city itself before. Well, now I have. Very nice German city. Specifically, Bavarian city. Or, more precisely, Franconian. Here’s what it looks like:

By the way, I ran into a problem here that tends to happen to serial travelers like me: I forgot my room number at the hotel. Actually, this is typical of people who do a lot of traveling. The funny thing is that you have no problem remembering the room number at the hotel where you stayed yesterday. Sometimes you can even remember the password for yesterday’s Wi-Fi connection. But you can’t for the life of you recall those numbers on the door you’re supposed to use today :)

Hopefully, an awkward situation like this won’t happen today. The hotel is really small – they remember all their guests’ faces and personally hand each guest the big iron key to their door.

The rest of the Nuremberg photos are here.

 

Top-100 Series: The Final Few.

Herewith, my personal ‘Top-100 Amazingly Beautiful Must-See Places in the World Split up Into the Continents Thereof‘ is coming to a close.

To date, I’ve given you Place Nos. 1–90 of my Top-100. There’ll be a further four coming up below (Nos. 97–100). That of course leaves a mysterious gap – from 91 to 96…

Actually, no mystery at all here. It’s just my not being able to nail the nice round figure of 100! I mean, I could fill the gap with some of the bonus tracks, or I could wait until someone – hopefully in the comments (below) – comes up with some must-sees I’ve scandalously not considered for whatever reason. So really it’s a gap that leaves some room for improvement/perfecting, not knowing for sure how exactly to improve and perfect it now.

That potentially awkward caveat out of the way, let’s get those last Tops, er, out of the way…

97. North Pole.

Perhaps you could have guessed this one would be in this post scriptum installment of my Top-100, as it isn’t a part of a continent – ain’t no country even – so it was always going to be tricky ‘fitting it in’.

You can get to it on an icebreaker on a tour (pics only; Russian text), and I’m told it’s a really worthwhile excursion – not to mention an extreme one.

One thing you won’t see here but might have thought you would are… penguins! Nope, they’re on the other side of the world – on Antarctica (and nearby southern extremes of South America and South Africa).

SourceSource

info_ru_20 wiki_en map_ru_20 gmaps Photos google

Read on: space…

Expo Marathon.

Right after the Mobile World Congress in Barcelona there was mad dash to get to Nuremberg for another exhibition – Embedded World.

This one is about automating all things that rotate, revolve, pull stuff up and down, heat and refrigerate, pump, chemically bond, move on wheels, float and fly, as well as ‘everything digital for men in orange helmets, and loads of other stuff like that. Big time cyber-industrialism!

cesna-nurnberg-milano-5

Read on: meetings, discussions, presentations…