Finding the Needle in the Haystack. Introducing: Astraea.

Somewhere in the office there’s a carefully guarded little big black book that contains a collection of up-to-date KL facts & figures, which we use in public performances. You know, things like how many employees we have, how many offices and where, turnover, etc., etc. One of the most oft-used figures from this book is the daily number of new malicious programs – a.k.a. malware. And maybe this daily figure is so popular because of how incredibly fast it grows. Indeed, its growth amazed even me: a year ago it was 70,000 samples of malware – remember, per day; in May 2012 it was 125,000 per day; and now – by the hammer of Thor – it’s already… 200,000 a day!

I kid you not my friends: every single day we detect, analyze and develop protection against just that many malicious programs!

How do we it?

Simply put, it all comes down to our expert know-how and the technologies that come about from it – about which another big black book could be compiled from the entries on this here blog (e.g., see the features tag). In publicizing our tech, some might ask if we aren’t afraid our posts are read by the cyber-swine. It’s a bit of a concern. But more important for us is users getting a better understanding of how their (our) protection works, and also what motivates the cyber-scoundrels and what tricks they use in their cyber-bogusness.

Anyway, today we’ll be adding another, very important addition to this tech-tome – one on Astraea technology. This is one of the key elements of our KSN cloud system (video, details), which automatically analyzes notifications from protected computers and helps uncover hitherto unknown threats. In actual fact Astraea has a lot of other plusses going for it – plusses which for a while already our security analysts simply couldn’t imagine their working day without. So, as per my techie-blog post tradition, let me go through it all for you – step by step…

More: Big data, crowdsourcing, data mining and Rocket science…

Boutique Art – Modern Hotel.

Hi all! We’re still darting about the U S of A… California, Arizona, Illinois, Kentucky, and on and on and on. As before, there continues to be few opps for tourism (well, apart from Arizona, already mentioned), while opps for work in various shapes and sizes are plentiful. Along the way we’ve been coming across assorted anomalisms and atypicalness, invariably snapped by D.Z. before you’ve time to say photogenic (I think he’s moonlighting as a travel photographer, you know. In fact I’m sure of it!) Here’s one such oddity. This one in the Windy City: More: The kunst continues …

The Grand Canyon State – Continued.

Northern Arizona is famous for its astounding landscapes. In a relatively small area that can be covered in a car in just two or three hours there are three unique red rock formations.

First, there’s the world famous Monument Valley, offering breathtakingly beautiful panoramic views. Alas, we didn’t manage to get up close to it ourselves – only flying over it on a plane; but that was still enough to overload the senses with the place’s grandiosity.

Second, there’s Antelope Canyon. This is a mind-blowing slot-canyon – a big crevice in red sandstone. This is how it looked:

More: And regarding the third …

Red Rocks Rock!

Howdy all!

Been quite hectic of late on the road, and quite a while since I’ve downed tools (laptop, microphone) and chilled a bit in a nice location – even though there’ve been plenty of interesting and unusual places along the way. Let me make amends…

So here we are, at the aptly titled Enchantment Resort, Sedona, Arizona, USA.

This is a real nice hotel and with really picturesque surroundings. It has cabins scattered about the valley and amazing views of red cliffs all around. Breathtakingly beautiful! And the weather ain’t bad of course either. The resort also has a golf course, allegedly a super-duper spa (didn’t get round to trying it out), and wild deer perma-guests that occasionally appear in the clearings around and about the grounds. I really recommend this place if ever you’re in sunny Arizona.

As is often the case on the more exotic of my travels – since pictures speak louder than words, let me give you some photos; no – lots!

More: Red Rocks hotel…

A Hard Day’s Shooting in the Desert.

Howdy!

I love my job. Sometimes it gets really fun. But sometimes it gets mega-fun, like today…


It’s been high time to replenish the arsenal of corporate photos for a while now, so we thought we’d do it properly – and where else but in a remote corner of Arizona, of course! It was out here on the landing strip of Sedona Airport – up on a hill surrounded by desert – that we had a real-pro photo session… which lasted a whopping six hours! We decided to let photographer-to-the-stars Jonas Fredwall Karlson do the shooting, after he did such a great job with the pic for an article in Vanity Fair some time back. He really knows his stuff!

Sedona’s a popular place with the New Age lot, apparently. Nice place. Super views. Unusual place! More familiar to us in these unfamiliar surroundings was the jet we flew in on: we’ve flown on it quite a few times already, but to an airport atop a hill in desolate wilds like this – that’s a first.

Let me go over the last few days in order.

It all started off with a bit of time travel – Dr. Who or Back to the Future style (take your pick). On November 1 at around 5pm Tokyo time we flew out of the Japanese capital and traversed Pacific Ocean to land in Los Angeles, California – at 11am on the same day, November 1. Doctorin’ the Tardis or what?

But after that nice bit of time gain it pains me to say that it all went downhill from there. From touching down to leaving the airport we had two (TWO!) hours waiting around in various lines – passport control, customs… and to make matters way worse, all the waiting around was topped off with killer dose of I-truly-couldn’t-care-less American “service” at every turn. I guess our negative first impressions this time were made worse for just having just been – later that day! – in Japan. What a contrast!

Anyway, getting on with business… in LA we had a (surprise!) busy schedule. First I spoke at the UCLA; then we got together with our regional partners and partied; and next morning we were on the plane and heading for Sedona.


UCLA campus

Here’s a view of the airport’s runway on approach. We landed not long after.

And some more shots of the surrounding landscape…


Not our plane!


That one’s ours! It’s not all work, work, work, you know :)

Kaspersky Lab Developing Its Own Operating System? We Confirm the Rumors, and End the Speculation!

Hi all!

Today I’d like to talk about the future. About a not-so-glamorous future of mass cyber-attacks on things like nuclear power stations, energy supply and transportation control facilities, financial and telecommunications systems, and all the other installations deemed “critically important”. Or you could think back to Die Hard 4 – where an attack on infrastructure plunged pretty much the whole country into chaos.

Alas, John McClane isn’t around to solve the problem of vulnerable industrial systems, and even if he were – his usual methods of choice wouldn’t work. So it comes down to KL to save the world, naturally! We’re developing a secure operating system for protecting key information systems (industrial control systems (ICS)) used in industry/infrastructure. Quite a few rumors about this project have appeared already on the Internet, so I guess it’s time to lift the curtain (a little) on our secret project and let you know (a bit) about what’s really going on.

Operating System Code

But first – a little bit of background about vulnerable industrial systems, and why the world really needs this new and completely different approach of ours.

More: The defenselessness of industrial systems …

From Columbia to Colombo.

Hi all!

Now, if you’re not too hot on geography, I’m writing this from Washington, D.C., with the D.C. standing for District of Columbia, don’t you know. There’s another Washington – Washington state – on the other side of the American continent, but without the D.C. There’s a Colombia – the South American country; then there’s Columbia University in New York; there’s Columbo – the TV detective fond of beige sack-like raincoats; and to add to the confusion, round the other side of the globe there’s Colombo – the largest city of Sri Lanka (formerly Ceylon), which is where we’re headed today.

Our three days in Washington whizzed past like a film on fast-forward: As per, we were whizzing about all over the place getting to event after event. And I really mean whizzing – just like a (non-D.C.) squirrel in a wheel – unlike the local squirrels here, which royally, haughtily and languidly stroll about parks as if they own them – not the easily-startled beasts I’m used to.

I won’t tell you all about all the events we took part in here – there’s not much point and it’d probably be pretty dull reading! (Note to event organizers/participants – your events were not dull to me :) I’ll just share with you one comment about the Billington Cybersecurity Summit where I got to speak about cyber threats, more info on which you can read here.

I really enjoyed personally meeting a whole lotta highly placed officials at the event and discussing with them in some detail the topic of cybersecurity and fighting computer maliciousness around the world. I was pleasantly surprised by how much these ladies and gentlemen – on whom a lot of US policy and thus security depends – know about the subject, and especially pleased to discover that their positions are very much like mine. Phew.

Work done, come Saturday we were able to get a bit of sightseeing in. We even managed to visit a couple of museums. The National Museum of Natural History we didn’t think too much of – all those dug-up mastodons and dinosaur bones look kind of unconvincing. While the Air and Space Museum… oh yes – that was more like it. All sorts of interesting stuff to see there, from the Wright brothers’ first airplane to the very latest drone. There are Messerschmitts, an SS-20, a Pershing, copies of Skylab and Apollo-Soyuz, and so on and so on. I decided against taking photos – there are plenty on the Internet. But it’s best to see it all in the flesh, of course.

The White House

More: Columbia-Doha-Colombo …

In Denial about Deny All?

In just a dozen or so years the computer underground has transformed itself from hooliganistic adolescent fun and games (fun for them, not much fun for the victims) to international organized cyber-gangs and sophisticated state-sponsored advanced persistent threat attacks on critical infrastructure. That’s quite a metamorphosis.

Back in the hooliganistic era, for various reasons the cyber-wretches tried to infect as many computers as possible, and it was specifically for defending systems from such massive attacks that traditional antivirus software was designed (and did a pretty good job at). These days, new threats are just the opposite. The cyber-scum know anti-malware technologies inside out, try to be as inconspicuous as possible, and increasingly opt for targeted – pinpointed – attacks. And that’s all quite logical from their business perspective.

So sure, the underground has changed; however, the security paradigm, alas, remains the same: the majority of companies continue to apply technologies designed for mass epidemics – i.e., outdated protection – to tackle modern-day threats. As a result, in the fight against malware companies maintain mostly reactive, defensive positions, and thus are always one step behind the attackers. Since today we’re increasingly up against unknown threats for which no file or behavioral signatures have been developed, antivirus software often simply fails to detect them. At the same time contemporary cyber-slime (not to mention cyber military brass) meticulously check how good their malicious programs are at staying completely hidden from AV. Not good. Very bad.

Such a state of affairs becomes even more paradoxical when you discover that in today’s arsenals of the security industry there do exist sufficient alternative concepts of protection built into products – concepts able to tackle new unknown threats head-on.

I’ll tell you about one such concept today…

Now, in computer security engineering there are two possible default stances a company can take with regard to security: “Default Allow” – where everything (every bit of software) not explicitly forbidden is permitted for installation on computers; and “Default Deny” – where everything not explicitly permitted is forbidden (which I briefly touched upon here).

As you’ll probably be able to guess, these two security stances represent two opposing positions in the balance between usability and security. With Default Allow, all launched applications have a carte-blanche to do whatever they damn-well please on a computer and/or network, and AV here takes on the role of the proverbial Dutch boy – keeping watch over the dyke and, should it spring a leak, frenetically putting his fingers in the holes (with holes of varying sizes (seriousness) appearing regularly).

With Default Deny, it’s just the opposite – applications are by default prevented from being installed unless they’re included on the given company’s list of trusted software. No holes in the dyke – but then probably no excessive volumes of water running through it in the first place.

Besides unknown malware cropping up, companies (their IT departments in particular) have many other headaches connected with Default Allow. One: installation of unproductive software and services (games, communicators, P2P clients… – the number of which depends on the policy of a given organization); two: installation of unverified and therefore potentially dangerous (vulnerable) software via which the cyber-scoundrels can wriggle their way into a corporate network; and three: installation of remote administration software, which allows access to a computer without the permission of the user.

Re the first two headaches things should be fairly clear. Re the third, let me bring some clarity with one of my EK Tech-Explanations!

Not long ago we conducted a survey of companies in which we posed the question, “How do employees violate adopted IT-security rules by installing unauthorized applications?” The results we got are given in the pie-chart below. As you can see, half the violations come from remote administration. By this is meant employees or systems administrators installing remote control programs for remote access to internal resources or for accessing computers for diagnostics and/or “repairs”.

Employee IT-security violations

More: The figures speak for themselves: it’s a big problem …