Nota Bene

I tend to travel a lot: all around the world (including its more exotic locations), often, and mostly at a fast pace. I’m very lucky in that respect as I love traveling (surprisingly, not everyone does after doing it years!). I’ve been to most of the must-sees of this world, and taken plenty of pics while doing so and uploaded them to this here blog for well over a decade already. That includes both the North and South Poles, the Himalayas, the Sahara, Greenland, and a great many volcanoes. However, it turns out that some places not all that far away from home for some odd reason haven’t ever been investigated by Yours Truly. Indeed, I keep a short list of these special-yet-unvisited destinations with the hope of whittling it down to – hopefully – nothing sooner or later. Well, said list has just been shortened by one place: for I’ve finally, after so many years wanting to get there, been to… Florence!

Yep, though I’d been to Italy sooooo many times before, I never made it here! I’d been to Rome a zillion times since our first office was opened there (in 2008); also Milan, Naples, Venice, Bologna, Maranello, Syracuse and even Palermo. In short – everywhere but Florence! Well, I had briefly stopped at Florence on a train en route to somewhere else, I’d driven around part of its outer ring road, and I’d flown over it plenty of times, but never visited it properly. Until now…

So what can I say? I’ll say Florence is a magical city. Briefly, here’s why:

Read on…

Hi people!

Many folks still think we’re just an anti-malware company. Wrong!

Many folks think we’re an anti-malware company that protects their computers and smartphones from any and all kinds of cyber-evil better than anyone else. Right!

Thing is, we’re not just an anti-malware company anymore; far from it. For years already we’ve been providing broader cybersecurity faced with the broader and broader spectrum of cyber-bad that the world is coming up against. This includes protection against: cyberattacks on both the Internet of Things and industrial facilities.

We’ve been warning about the potential for cyberattacks on industrial objects and critical infrastructure for more years than I can remember now. We were banging on about it even before Hollywood got wind of this alarming potential, and that was in the mid-2000s. And we weren’t just banging on about it either; we were busy at work on serious protection technologies to fight it. I’ve mentioned these before, but, briefly: industrial cybersecurity, transportation cybersecurity, IoT protection, and our own secure operating system. And you won’t find many cybersecurity companies around the world that offer a range of products and technologies as wide as that.

All the same, still, today – in 2019! – we’re ‘that anti-malware company’ to a great many. However, very slowly, how we are perceived is changing. And that’s not just what I see myself – there are figures that prove it. Example: global sales of our industrial infrastructure solutions (KICS – industrial ‘antivirus’ :) ) grew in 2018 by 162%! And such growth was seen across nearly all regions – Europe, Latin America, the Middle East and Africa, Asia-Pacific, and Russia. We’ve already completed 80+ projects worldwide for a wide range of industries from power generation, mining and oil refinery, to beverage production.

Both the scale and complexity of threats in the industrial sphere are on the up; what’s more, at stake here is critically important infrastructure like… nuclear power plants. I’m sure I don’t have to tell you how serious that is. On the brighter side, thankfully, our industrial/infrastructure customers understand that protecting their kit requires an individual, tailored approach to each facility and each of its automated industrial control systems (ICS).

Btw, in 2018 our KICS was given as an example in four subsections of multifaceted ‘Operational Technology Security’ in a study by Gartner, the global research and advisory company. To me this shows one thing: that we’re the recognized leaders in the industrial cybersecurity market. Ahhh, that feels satisfying. All that work and investment hasn’t been for nothing!

But besides cutting-edge industrial security, we also have other new services and products. For example, Blockchain Security; specifically, Crypto-Exchange Security and ICO Security (ICO being ‘initial coin offering‘; like an IPO, only with cryptocurrencies, and mostly for startup companies). And we already have some successful projects under out belt! Which is nice to know since Gartner reckons that the blockchain market, come 2030, will be worth more than… three trillion dollars! Already today crypto-exchange turnover comes to more than 300 billion dollars, out of which around 1.2 billion was stolen… in just 11 hacker attacks. Looks like we’ve got our work cut out for us. Oh well. No rest for the wicked awesome ).

So what else have we in our box of tricks? Ah yes…

Now, you’ll know how the whole world these days buys, sells, and generally does business mostly online, right? What you may not know about is our solution to protect all that online business – our Fraud Prevention. It’s made up of all sorts of very cool security technologies, including behavioral biometry and machine learning (details here and here).

Another must-have for business is our DDoS Protection. This uses special sensor software that gets installed on a company’s server. It monitors traffic to collect data for behavioral analysis; it builds up this data to continually improve its ability to detect even the most subtle of behavior anomalies that are characteristic of the start of a DDoS attack. The service is full-on all-inclusive too: notifications are sent immediately about possible attacks, and there’s an option for all the traffic of a company to be redirected to KL’s Cleaning Centers and for only ‘clean’ traffic to be returned to the company. And after an attack a full report on its detailed analysis is sent to the company.

It’s all very well having all this super-duper cyber-tech, but what good is it if the human element isn’t taken into account? In crisis situations, often the PR people of an attacked company take by far not the best decisions, since they don’t really know what’s going on or what to do. Instead of minimizing damage, they make it worse with ill-advised announcements or – worse – not announcing anything to customers/the public. Therefore, we have KACIC – a set of anti-crisis communications tools backed by the whiz kids in our PR team, who understand better than most all the reputational risks of an attack on IT infrastructure. Forewarned is forearmed!

As the Fourth Industrial Revolution continues to develop and the IoT market grows and grows to change every sector of the economy (manufacturing, agriculture, commerce, urban infrastructure, transportation…), we’re putting lots of time and investment into transportation cybersecurity and protection of IoT devices; so much so I think our next breakthrough tech solutions will be in these fields. That time and investment runs parallel with my frequent calls for a thing I call ‘cyber-immunity’, which needs to replace what we have now – ‘cybersecurity’. This means a protective layer at the very core of system architecture, not placing one on top of essentially un-secure systems based on outdated technologies. We’ve already learned how to do this for IoT gadgets; next up – well, the sky is the limit!…

After my quick trip up to Karelia, I was home a mere few days before I was off again on my travels – this time to (southern) western Europe: Milan, Italy. Here’s the view out of my window on the plane thereto:

The weather here was a far cry from up in northwestern Russia – snowless, windless, sunny, blue sky, perfect temperature… aka – spring! Ok, there is some snow here, but only on the horizon – covering the peaks of the Alps.

Read on…

Of late you’ve been getting nothing but tropical-equatorial-Ecuadorian–Galapagosian dispatches from me. Which is hopefully just what you need if it still feels like winter where you are. However, this post, as the title gives away, is a typically wintery post, just for a bit of variation…

So, without further ado, here we have…: snow. Lots of:

But why am I lying down like that in the snow? Simple: if I tried to stand up, I’d sink into that snow up to my waist!

But… why is the ice in the below pic green? Actually, it’s not the ice itself that’s green, but I’ll get to that in a bit. But green is our corporate color, so it suited us just fine.

Read on…

Hi folks!

You’ll no doubt already know – but just in case, here’s me telling you – that each year we put on a mega international cybersecurity conference – SAS (Security Analyst Summit) – every late-winter/early-spring. Well, it’s spring already (though there was snow again last night in Moscow!) once again, so let me tell you about this year’s event… – woah – which is only three weeks away!…

This event is unique in a full three ways:

First, it’s at SAS where both KL’s top experts plus our world-renowned expert-guests report on their latest investigations, newest findings, and most curious other cyber-news.

Second, SAS always avoids the typical / typically boring hotels or conference centers in world capitals, instead always opting for totally non-boring exotic resort venues with lots of sun, sea, sand, surf, sangria… Singapore Slings, etc.

Third, there’s always one thing that can be counted on every year at SAS – the event is overflowing with fun, despite the seriousness of the cybersecurity theme!

SAS-2018 (Cancun)

It’s fair to say that SAS is best-known for the hot – often sensational – investigative reports shared at the event. Sometimes some folks don’t like this: they think we select findings based on geography or on possible attribution, or they’d prefer if we didn’t publicize such scandalous and potentially embarrassing findings (indicating probable government financing, cyber-espionage, cyber-sabotage, etc.) and should just sweep them under the rug instead. Er, nope. That’s not going to happen. Just in case you missed the memo: we share details of any cybercrime we find. Where it may originate from or what language it may speak: it doesn’t matter. Publicizing details of large cyber-incidents and targeted attacks is the only way to make the cyberworld – and that means the world itself – safer. It’s for this reason that SAS was the platform used to divulge findings on ‘Stuxnet’s cousin’ Duqu (which secretly collected information on European industrial systems), Red October (a cyber-spy carrying out espionage on diplomatic missions in Europe, the U.S., and former Soviet republics), and OlympicDestroyer (a sophisticated APT that attempted to sabotage the Olympic Games in South Korea in 2018). And I know that this year’s SAS won’t be any different: cyber-buzz causing a huge stir – coming right up!…

SAS-2016 (Tenerife)

SAS has been put on in Croatia, Cyprus, Malaga, Cancun, Tenerife, Puerto Rico, the Dominican Republic and Saint Martin (i.e., including some repeats at our fave venues).

This year, seeing that SAS is all grown-up (this will be the 11^th event), we thought a few organizational adjustments might be appropriate, and here they are:

First, this year SAS will be put on… in a metropolis! But it’s not your dull city in any way: it’s still beside the seaside and it happens to be a ‘garden city’, no less . Yep, this year it’ll be in Singapore folks. Yeh! I’m very happy about that. I have a more than just a soft-spot for Singapore ).

Second, we’ve decided to open up SAS to a wider audience than usual. Normally it’s an invite-only, exclusive world-cyber-expert get-together. This time though – in line with our transparency drive – we’re making part of the conference open to anybody who may wish to participate. And we call it SAS Unplugged. Like MTV Unplugged – only SAS ).

Presentations, training sessions, workshops from leading experts – all included. So students, cybersecurity rookies, in fact – cybersecurity old-hands too – anyone who has a great interest in fighting cyberbaddies – get registering! And be quick about it – already some of the training sessions are fully booked up.

PS: I’ve been permitted to give you a teaser about one of the confirmed presentations. It’s by one of our own experts, Sergey Lozhkin, and it’s for sure going to be a corker. Curiously, it’s about one of the oldest forms of cybercrime, but old doesn’t mean irrelevant. Just the opposite. For the crooks engaging in it today are earning billions of dollars a year from it! What is it? Financial fraud, plain and simple – actually, not so simple, as Sergey will tell us. He’ll also tell us how it has evolved over the years, what digital identity theft is, how much a digital identity costs on the Darknet, what a ‘carder’ is, and more…

PPS: I can’t wait. I enjoyed last year’s SAS ever so much. So here’s looking forward to an even better SAS this year!

Welcome to SAS-2019!…

I think this day was the most Ecuad-awesome of all during our boat-based excursion of the Galápagos Islands. Two islands in one day: one with brightly-colored iguanas; the other – with similarly wonderful wild animals and sensational sunsets. The latter wonderful wild animals – I’d been expecting them sooner or later as I’d heard about them before, but here they finally were, in the flesh – Galápagos penguins! Yes, you read that right: penguins! Who’d have thought it – on the equator of all places?!

Read on…

Hola boys and girls!

Herewith, a continuation of my reportage from the Galápagos Island of Santa Cruz, on which we’d already seen: cacti that defy, surfaces with tortoises, and banana iguanas. Next up… – my favorite: volcanism! In particular: lava tubes. (‘A lava tube is a natural conduit formed by flowing lava which moves beneath the hardened surface of a lava flow. Tubes can drain lava from a volcano during an eruption, or can be extinct, meaning the lava flow has ceased, and the rock has cooled and left a long cave.’ – Wikipedia.

I’d been in such constructions before, in Kamchatka, Sicily, on the slopes of Mount Etna, and in Hawaii. I think that probably most relatively fresh volcanoes in the world feature such lava tubes – and that includes on the Galápagos Islands:

A new day on the Galápagos Islands and a new Galápagosh for us…

Still on the island of Santa Cruz (on which we saw yesterday’s giant tortoises), this morning we were checking out a different spot thereon – Cerra Dragon (Dragon Hill in English, here) (in the afternoon we were headed over to the tiny Bartolomé Island).

What made this day special was the way we didn’t see just one Ecuad-awesomeness, but a full three! Oh my Galápa-goodness! Let me go through them one by one. In this post – #1…

The ‘Galapagos land iguana’.

Oh my guana! Check these resplendent reptiles out!

Read more…

Another day – another gosh!…

The tortoise. Hmmm. Not the sharpest tool in the shed – even among reptiles, which aren’t known for their intellectual prowess. Probably the world’s slowest animal too. And when it comes to sweetness and honey and good manners and good looks – the tortoise is also toward the back of the line. Poor things. BUT!…

But… there’s still something about these creatures that charms, enchants, enraptures and enthralls. Maybe it’s something in our genes that says that despite their outward appearance the tortoise is wholly… tasty… But more on that later. For now: giant tortoise pics!…

Read on…

Hi folks!

Another day, another Galápagos island. Next up – Santa Cruz Island – here. We were driven literally from its top to bottom (on a road some 40km long). No swimming with the turtles on this day, but of course that didn’t mean there’d be no Ecuad-awesomeness – the main one of which was the fact that… cactuses can resemble trees!

Now, remember the last pic in yesterday’s post? The one with a tree trunk that looked to be of a pine or fir tree? Well it’s actually a cactus known as an opuntia, aka prickly bear! No, not one of those small cactuses with the silly ears that you know to be a cactus. Here cactuses are verrrrry big, verrrrry strangely shaped, verrrrry unusual – and with trunks!

Read more…