Back to the Old House.

Novorossiysk is also my hometown! I was born here 50.5 years ago. My family lived in this here building – 21, Revolution of 1905 Street – for many years. We moved away in the early seventies to Khlebnikovo in the Moscow Region, which is where I started going to school.

Here’s number 21:

In this yard I played in the sandbox, rode my first bicycle, and climbed the apricot and mulberry trees… Oh, the nostalgia!

Read on: And this is how the building looked in 2002…

Novorossiysk: the Best City in Russia?

The other day our executive director (E.D.) received a note with the agenda of an upcoming business trip of mine:

  • Krasnodar: meet with the regional governor, sign a cooperation agreement;
  • Krasnodar: meet with our Krasnodar business partners;
  • Krasnodar: give a lecture at Kuban State University;
  • Flight to Novorossiysk;
  • Novorossiysk: meet with our Novorossiysk business partners;
  • Novorossiysk: visit the city’s seaport.

Attached thereto was a receipt for prepayment of rental of a helicopter to get from Krasnodar to Novorossiysk. The name of the company that owned the chopper? Abrau-Durso – the well-known (locally) wine-and-champagne producer!

“Aha. I get it. And you call this a business trip?!” joked E.D. :)

Alas, there was no time for us to fit in a visit to the winery for a tasting. See, it was business, E.D. :)

The views from up above were rather spectacular:

Read on: A real nice place…

+1: Krasnodar (the Feel-Good City).

I like lists. I like comparisons. So when, a while back, I drew up a list of the cities I’ve been to in Russia, I was rather surprised to discover I’ve been to more US cities than Russian ones! Ok, just two more – 16 against 14 – but still. How so? Why for? Is not normal. (Here’s the methodology for the calculation and the lists of the respective cities.)

Aaanyway, I’ve just added another city to my list of Russian ones visited: the city of Krasnodar.

What can I say? Krasnodar is a real nice place – especially in the center. It’s clean and tidy; it’s bright and colorful; it’s nicely maintained and furbished; while the bright sun up in the clear blue sky imbued the city with a fresh, spring-y mood. In short: my impressions were extremely positive.

Read on: Been there. Must return one day…

S. America to S.E. Asia Air-Route Question.

Getting from Cancun in Mexico to Sanya in China, will never be one of the simplest routes – even given the most favorable of weather conditions. All the same, it will never be one of the longest. Still, that route does belong to the category of the ‘trickiest air routes in the world’, i.e., between South America and Southeast Asia (flying in either direction) : the distances are always big, and the air routes are rarely straightforward.

For example, flying from Hong Kong, Bangkok or Kuala Lumpur to Santiago or Buenos Aires will always be an avia-endurance test both in terms of total journey time and the number of connections. I say always, since all available routes – all four of them – all take approximately the same number of hours to complete.

My question:

What are these four (very different) ways of flying (on a commercial flight) from Southeast Asia to South America? (incidentally, one of them I’ve yet to fly myself). Let’s say, from Hong Kong to Santiago and from Hong Kong to Buenos Aires?

World MapSource

Read on: … and the answer is…

The Big Picture.

Last spring (2015), we discovered Duqu 2.0 – a highly professional, very expensive, cyber-espionage operation. Probably state-sponsored. We identified it when we were testing the beta-version of the Kaspersky Anti Targeted Attack (KATA) platform – our solution that defends against sophisticated targeted attacks just like Duqu 2.0.

And now, a year later, I can proudly proclaim: hurray!! The product is now officially released and fully battle ready!

Kaspersky Anti-Targeted Attack Platform

But first, let me now go back in time a bit to tell you about why things have come to this – why we’re now stuck with state-backed cyber-spying and why we had to come up with some very specific protection against it.

(While for those who’d prefer to go straight to the beef in this here post – click here.)

‘The good old days’ – words so often uttered as if bad things just never happened in the past. The music was better, society was fairer, the streets were safer, the beer had a better head, and on and on and on. Sometimes, however, things really were better; one example being how relatively easy it was to fight cyber-pests in years past.

Of course, back then I didn’t think so. We were working 25 hours a day, eight days a week, all the time cursing the virus writers and their phenomenal reproduction rate. Each month (and sometimes more often) there were global worm epidemics and we were always thinking that things couldn’t get much worse. How wrong we were…

At the start of this century viruses were written mainly by students and cyber-hooligans. They’d neither the intention nor the ability to create anything really serious, so the epidemics they were responsible for were snuffed out within days – often using proactive methods. They simply didn’t have any motivation for coming up with anything more ominous; they were doing it just for kicks when they’d get bored of Doom and Duke Nukem :).

The mid-2000s saw big money hit the Internet, plus new technologies that connected everything from power plants to mp3 players. Professional cybercriminal groups also entered the stage seeking the big bucks the Internet could provide, while cyber-intelligence-services-cum-armies were attracted to it by the technological possibilities if offered. These groups had the motivation, means and know-how to create reeeaaaally complex malware and conduct reeeaaaally sophisticated attacks while remaining under the radar.

Around about this time… ‘antivirus died’: traditional methods of protection could no longer maintain sufficient levels of security. Then a cyber-arms race began – a modern take on the eternal model of power based on violence – either attacking using it or defending against its use. Cyberattacks became more selective/pinpointed in terms of targets chosen, more stealthy, and a lot more advanced.

In the meantime ‘basic’ AV (which by then was far from just AV) had evolved into complex, multi-component systems of multi-level protection, crammed full of all sorts of different protective technologies, while advanced corporate security systems had built up yet more formidable arsenals for controlling perimeters and detecting intrusions.

However, that approach, no matter how impressive on the face of it, had one small but critical drawback for large corporations: it did little to proactively detect the most professional targeted attacks – those that use unique malware using specific social engineering and zero-days. Malware that can stay unnoticed to security technologies.

I’m talking attacks carefully planned months if not years in advance by top experts backed by bottomless budgets and sometimes state financial support. Attacks like these can sometimes stay under the radar for many years; for example, the Equation operation we uncovered in 2014 had roots going back as far as 1996!

Banks, governments, critical infrastructure, manufacturing – tens of thousands of large organizations in various fields and with different forms of ownership (basically the basis of today’s world economy and order) – all of it turns out to be vulnerable to these super professional threats. And the demand for targets’ data, money and intellectual property is high and continually rising.

So what’s to be done? Just accept these modern day super threats as an inevitable part of modern life? Give up the fight against these targeted attacks?

No way.

Anything that can be attacked – no matter how sophisticatedly – can be protected to a great degree if you put serious time and effort and brains into that protection. There’ll never be 100% absolute protection, but there is such a thing as maximal protection, which makes attacks economically unfeasible to carry out: barriers so formidable that the aggressors decide to give up putting vast resources into getting through them, and instead go off and find some lesser protected victims. Of course there’ll be exceptions, especially when politically motivated attacks against certain victims are on the agenda; such attacks will be doggedly seen through to the end – a victorious end for the attacker; but that’s no reason to quit putting up a fight.

All righty. Historical context lesson over, now to that earlier mentioned sirloin…

…Just what the doctor ordered against advanced targeted attacks – our new Kaspersky Anti Targeted Attack platform (KATA).

So what exactly is this KATA, how does it work, and how much does it cost?

First, a bit on the anatomy of a targeted attack…

A targeted attack is always exclusive: tailor-made for a specific organization or individual.

The baddies behind a targeted attack start out by scrupulously gathering information on the targets right down to the most minor of details – for the success of an attack depends on the completeness of such a ‘dossier’ almost as much as the budget of the operation. All the targeted individuals are spied on and analyzed: their lifestyles, families, hobbies, and so on. How the corporate network is constructed is also studied carefully. And on the basis of all the information collected an attack strategy is selected.

Next, (i) the network is penetrated and remote (& undetected) access with maximum privileges is obtained. After that, (ii) the critical infrastructure nodes are compromised. And finally, (iii) ‘bombs away!’: the pilfering or destruction of data, the disruption of business processes, or whatever else might be the objective of the attack, plus the equally important covering one’s tracks so no one knows who’s responsible.

The motivation, the duration of the various prep-and-execution stages, the attack vectors, the penetration technologies, and the malware itself – all of it is very individual. But not matter how exclusive an attack gets, it will always have an Achilles’ heel. For an attack will always cause at least a few tiny noticeable happenings (network activity, certain behavior of files and other objects, etc.), anomalies being thrown up, and abnormal network activity. So seeing the bird’s-eye view big picture – in fact the whole picture formed from different sources around the network – makes it possible to detect a break-in.

To collect all the data about such anomalies and the creation of the big picture, KATA uses sensors – special ‘e-agents’ – which continuously analyze IP/web/email traffic plus events on workstations and servers.

For example, we intercept IP traffic (HTTP(s), FTP, DNS) using TAP/SPAN; the web sensor integrates with the proxy servers via ICAP; and the mail sensor is attached to the email servers via POP3(S). The agents are real lightweight (for Windows – around 15 megabytes), are compatible with other security software, and make hardly any impact at all on either network or endpoint resources.

All collected data (objects and metadata) are then transferred to the Analysis Center for processing using various methods (sandbox, AV scanning and adjustable YARA rules, checking file and URL reputations, vulnerability scanning, etc.) and archiving. It’s also possible to plug the system into our KSN cloud, or to keep things internal – with an internal copy of KpSN for better compliance.

Once the big picture is assembled, it’s time for the next stage! KATA reveals suspicious activity and can inform the admins and SIEM (Splunk, Qradar, ArcSight) about any unpleasantness detected. Even better – the longer the system works and the more data accumulates about the network, the more effective it is, since atypical behavior becomes easier to spot.

More details on how KATA works… here.

Ah yes; nearly forgot… how much does all this cost?

Well, there’s no simple answer to that one. The price of the service depends on dozens of factors, including the size and topology of the corporate network, how the solution is configured, and how many accompanying services are used. One thing is clear though: the cost pales into insignificance if compared with the potential damage it prevents.

From Mexico to China.

Your attention please! This is Tijuana Airport broadcasting! I’m now now starting a reality show about the adventures of a traveler trying to fly from Mexico to China. Welcome aboard!

So, the most convenient way of getting from Cancun to China is to fly Cancun -> Mexico City -> Shanghai (with a stop to refuel). This time, the attempt to follow this route was a total failure. Shanghai Pudong Airport closed for technical reasons – that is, due to some dense dog fog. So I’m sitting in Mexico’s most northeasterly city, Tijuana, waiting to depart.

This is a very remote part of Mexico, most people will never make it here and you’ve probably never even heard of it. Which only makes it all the more interesting! It’s known as the third most prosperous city in the country (after Cancun and Mexico City). Perhaps, that’s thanks to the United States, right across the border, which has set up all sorts of manufacturing plants here, uses the local inexpensive (but decent) medical facilities, etc. It’s also one of the most criminalized places in Mexico, supplying drugs and illegal immigrants to the States. Bad stuff…But it looks (downtown, as seen from my hotel) pretty decent – could be somewhere in California or Florida or suchlike.

Tijuana-airport-1

Read on: But the weather is nothing like Florida…

Cancun sunrises.

The 2016 season is in full swing, with winter and spring events following one another in quick succession. We have just completed our annual North American partner conference.

It was pretty much the same as always. Presentations, meetings, discussions. Products-technologies-services, strategies, promotion, problems, opportunities, ideas. Lunch, entertainment, networking. Two whole days. Got there – got together – got down to work.

cancun-mexico-partner-conference-1

From dawn to… dawn, pretty much :) Speaking of dawn, the sunrises were gorgeous:

#Cancun sunrise #Mexico // Ох уж эти канкунские рассветы!

A photo posted by Eugene Kaspersky (@e_kaspersky) on

Read on: looking for a better new place…

A long drive through the Alps.

It would be a real shame to come to the Alps, to the home of Italian alpine skiing, and not put on a pair of skis and personally try out the slopes in the surrounding valley. It’s been quite a while since I last put on mountain skis… way back in 2012!

I used to spend a week or two in the Alps each winter. These days, too much business things that can’t be missed, so I don’t really get the chance to go on a proper skiing break till my legs start giving way beneath me and my hands start shaking. However, this time I was in luck: three and a half days of slopes and enjoying alpine landscapes! The Alps are truly fabulous in winter! // Chances are they are just as nice in summer, but I’ve never seen them at that time of year :)

livigno-italy-ski-1

A rare ski experience out of the business hours // Немного укатайки между делами

A photo posted by Eugene Kaspersky (@e_kaspersky) on

Read on: Google vs Yandex vs Mercedes …

Formula 1 on ice.

I’m not sure who exactly came up with the idea, but the first I heard about “Ferrari F1 on a ski slope” was about half a year ago. The very thought of driving a racing car on the ice and snow is so ridiculous that we just had to do it – that’s how we and Ferrari roll :)

This is what the event looked like at the Livigno ski resort at an altitude of 1,800 m, in front of a huge crowd of skiers, local residents, tourists and racing fans.

ferrari-f1-2016-livigno-italy-1

#Ferrari #F1 car is now ready for the victory. I'm ready. Are you? #forzaferrari

A photo posted by Eugene Kaspersky (@e_kaspersky) on

Read on: A little surprise for F1 aficionados…

Crossing the Alps in a helicopter.

In a follow-up to my plane trip, this post is about my recent jaunt in a helicopter.

I had really hoped our plane could land closer to our destination, which was deep in the mountains, but, unfortunately, the Alps were covered in clouds, and we weren’t allowed to fly to Samedan (am I the only one who hadn’t heard of this place before?) So we were diverted to Malpensa airport, Milan. This white helicopter came to Malpensa to collect us.

Which came as a huge surprise to me. Usually, helipads are either located outside international airports, or miles from the terminals, runways and taxi tracks. However, this time the helicopter landed close to the civil air terminal – in the photos above you can just make out the plane tails with the logos of Emirates (A-380), Lufthansa, Alitalia, Swiss Air, etc.

Then there was the most curious part of all – takeoff.

Read on: taxi like a regular plane…