Nota Bene

What happens to a regular tourist from the North who, after an extended period of Christmas/New Year mirth and merriment suddenly finds him/herself in equatorial Indonesia? Yep, he/she has a rather tough time acclimatizing: to both the difference in time, and to climate… (and to crazy Indonesian driving! More on this later on below).

So, time: it’s +7 from Greenwich. Not so extreme, I hear you saying; hardly +12 now, is it? No. But when you add the climate to the +7 hours, that’s the killer. For there’s no pleasant resort-like weather here. Instead it’s a full-on extreme equatorial tropical climate. By day – around 30°C; by night – 25°C, and always hellishly humid – what feels like a constant 100%+.

It goes without saying that scaling a stratovolcano immediately upon arrival in Indonesia is the last thing most regular tourists fancy doing. What’s the first thing on their minds is a slow acclimatization and taking it relatively easy over the first few days, which is just what we did – on the island of Sumatra. There we visited Lake Toba (more on that later), and also a jungle – where we observed daily life of wild monkeys and orangutans.

Read on: a guy in a fur coat…

Hi folks!

Going against tradition just this once, this year we’ve decided not to wait for our official financial audit results, and instead publish preliminary sales results for last year straight away.

The most important business figure of the year is of course revenue. So, for all 12 months of 2017, our products, technologies and services were sold for US$698 million (in accordance with the International Financial Reporting Standards) – a 8% rise compared to the previous year.

Not a bad result at all, if I don’t mind saying so; a result that shows how the company is doing well and growing. What’s more, we have some real promising technologies and solutions that make sure we’ll keep on growing and developing into the future.

But here’s what is, to me, the most interesting thing to come out of the preliminary results: for the first time in the history of the company sales bookings of corporate solutions overtook those of our boxed products for home users – this riding on the back of a 30% increase in the corporate segment.

Another very pleasing fact: the good rate of growth of the business has come largely not from sales of our traditional endpoint products, but from emerging, future-oriented solutions like Anti Targeted Attack solutions, Industrial Cybersecurity, Fraud Prevention, and Hybrid Cloud Security. All together these grew 61%. Besides, forecast growth in sales of our cybersecurity services comes in at 41%.

Geographically, sales bookings in most of the regions overshot their annual targets. For example, in Russia and the CIS sales were up 34% on 2016. In META (Middle East, Turkey, Africa) sales skyrocketed up 31%; in Latin America – 18%; and in APAC – 11%. Japan demonstrated moderate growth (4%), while Europe was slightly below expectations (-2%).

The only region that didn’t do well was, as expected, North America, which saw a fall in sales of 8%. Hardly surprising this one, given that it was this region that was the epicenter of last year’s geopolitical storm, which featured both a disinformation campaign against us and an unconstitutional decision of the DHS. Nevertheless, despite the political pressure, we continue to operate in the market and are planning on developing the business further there.

It only remains for me to give huge thanks to all users, partners, and cybersecurity experts, and to anyone else (including most journalists and bloggers that covered us) for their support, and also a big up to all the KLers around the globe for their continued excellent work in these difficult times. Customer loyalty, impressive growth of the business, and high team morale are all clear indicators of our global success. Well done everybody!

More detailed info on the preliminary financial results can be found here.

Hi folks!

I’ve been back home a good few days already. I caught my breath and laid low for a bit to recharge the batteries, and then the working year kicked off. But most importantly I sifted through all my recently-taken pics to organize them for my upcoming mini-series: this time on our New-Year-holidays adventure in the jungles of equatorial-tropical Indonesia…

For a full 18 days our posse navigated land, water, air and… volcanoes (naturally), practically without any rest or taking-it-easy at all: ‘tourism til you drop’ – just as I like it. Our guide, O.R., summed it up nicely: ‘And you thought you came here to relax?!’. 

Read on: Time to indulge – in the equatorial bulge…

Belatedly, Happy New Year folks!

Oh my goodness, we’re more than half-way through January already! Where did that go?

Time waits for no man, as they say. Well, with one exception: it waits for every Russian man and woman and child at the beginning of every year while they have a week-long national jolly – sometimes even a two-week one right the way up to Orthodox Old New Year on January 14. Oh those Russians.

Well now, the above-mentioned extended leave is finally well and truly over and it’s ‘back to work!’ again, as I like to say. Ahead of us lie a full 350 days of this year, and I’m sure most of them will be challenging workdays. All righty, let’s get going… sort of…

View this post on Instagram

Hi, I’m Eugene Kaspersky, CEO of Kaspersky Lab. Almost 30 years of my life have been dedicated to computer security – particularly the fight against malware in all its forms. I’m based in Moscow, but travel for the best part of every year. I’m a passionate devotee of wild nature and adventure-tourism. I take my camera wherever I go, which helps in chronicling my experiences on my blog – from polar expeditions and glacier crossings to volcano scaling and jungle trekking. Follow me @e_kaspersky

A post shared by Eugene Kaspersky (@e_kaspersky) on Jan 3, 2018 at 2:35am PST

One thing I didn’t get round to doing in December of last year was my traditional review of the year. That in itself hints at the fact that it was a busy year. Indeed it was. It was also a tricky one, with all sorts of unexpected and unwarranted unpleasantness fired our way throughout most of it, as you’ll probably know already. But, just in case you missed it, or need some blanks filling out – herewith: a recap…

Read on: Quick rewind…

Singapore is a fantastic city – and that goes for its economy, architecture and transportation system. It’s hard to believe, but there’s almost no such thing as traffic jams here! There are loads of tunnels though. You can even drive across half the island underground.

Singapore is especially good in December. In winter here, it’s just hot – not the usual for this part of the world. You still get wet here in December, but not soaking wet like in other seasons. Singapore is located on the equator, in the humid tropics. In all seasons other than winter, you end up completely soaked – every part of your body and everything you’re wearing (if in a suit on your way to a formal business meeting, it’s best to make multiple stops in climate-controlled areas or, even better, use the underground metro walkways). After a while your consciousness takes a hit because of all the humidity you’ve inhaled… and that’s the end of it.

Despite all that, Singapore is the most delightful city in the world, according to my measurements and calculations. Singapore is no. 1. That’s right.

The prices are also fantastic; cars are particularly expensive because of the high import duties. The laws are pretty draconian too, which gave rise to the joke “Singapore is a fine city”. Also, the connoisseurs of modern democracy occasionally badmouth Singapore for not always being ‘democratic’. But it works. I’ve seen some sociological research that found that the residents of Singapore are the happiest in the world. And there’s a queue of those who’d like to get permanent residency, but the quotas are very strict.

On top of all that, Singapore is fabulously beautiful. No matter where or what time of day it is, this place is just beautiful – you can be hypnotized by it and contemplate it forever.

I’ve been on a pretty tight business schedule and haven’t had much free time. Now, I’ve got a backlog of stories that I have to publish about the places I’ve visited and the sights I’ve seen – and the backlog keeps growing, which I don’t like. So, I’ll try and catch up whenever I have a spare moment and functioning Wi-Fi, which may be a bit of problem in the foreseeable future.

So, I’m in Vietnam, at Ha Long Bay, which is here. This is, without a doubt, one of the wonders of the world, definitely worth a visit – just like all the other entries in my Top-100 Must-See Places in the World. I was last here in May 2010, and now I’ve just revisited. And I don’t regret it for a second.

My dear online audience! For the umpteenth time, I apologize for the long delay in my travel reporting. My schedule’s been jam-packed recently. But now that all the New Year/Christmas parties are winding down and my travel schedule has presented a couple of free hours, I can jot down a line or two for you. And first of all, I have an announcement to make. A few days ago I embarked on my 100^th flight of the year. Here it is:

But we were heading in a different direction. You’ve probably figured it out by now – I’m sending you all greetings from ->

Read on…

Hi folks!

Along with the snow and ice (at least in my home city), December brings with it an unbearable desire to take stock of the past 12 months, to be amazed at what’s been achieved, and to make plans for the future. Then, after a brief pause for festive fun and frolics, it’s time to get back at it (and them!) once again.

Now, to me, one of the most impressive KL projects of the year – among a whole host of them – was the global launch of our free antivirus. In just several months this product has demonstrated curiously extraordinary success, and it’s that success I want to tell you about here today.

Kaspersky FREE was pilot-launched almost two years ago after an intense public discussion about its functionality. For a year and a half we kept a close eye on how the product worked, also on the user feedback thereon, the effectiveness of the protection, competition with our paid products, and so on… and it all confirmed – we were doing things just right! Then, six months ago, we had the global rollout of our freebie!

Half a year: is that a short or a long time? Well, on an uninhabited island it’s a long time, I guess. But for a popular antivirus it’s no time at all. Still, what can you get done in such a short time? Turns out quite a bit, if you put your mind to it…

First off: back to the title of this post: 7.2 million.

7.2 million is the total number of installations of FREE up until December 1, 2017. Around four million of those are active users, which is a real good result for such a new product. In just November FREE was downloaded nearly 700,000 times: around 23,000 times a day. But what’s even more curiously surprising is the loyalty of the users of FREE: some 2.5 times higher than the trial versions of our paid products: 76% of users who install FREE stay with us for several months of more. Woah. That’s a nice fat figure for Christmas ).

Now a little about the effectiveness of FREE…

Although the product is loaded with just the basic essentials of protection (for £39.99 you can get the full suite of protective whistles and bells, including VPN, Password Manager, Parental Control, mobile device protection, etc.), it works on the same anti-malware engine as our other consumer products. In 2017 FREE protected its users from almost 250 million cyberattacks, 65 million detections of which occurred thanks to our cloud-based KSN. In just a year the product detected 17.5 million unique malicious programs and ~50 million malicious websites/pages. No wonder then that FREE is regularly and deservedly in among the top ratings in tests and reviews all around the world with enviable regularity.

There are three more things I think will be interesting to you, dear reader.

Read on…

Just last week I went all volcanic with a blogpost, even though I haven’t seen a volcano in the flesh for quite a while. So, why? Well, it was an appetizer, for there’s a spot of volcanism on the horizon. But more on that later. All in good time…

Meanwhile in Moscow…

…And indeed practically all over the planet, preparations are being made for New Year and, for many, Christmas celebrations.

Advent calendar? Check.

Christmas tree up and decorated? Check.

Flashing lights up on a window or two? Check.

Presents bought. Not yet, come on; on the to-do list.

Year-end work party? Check! Already! A little earlier than usual (for example, in 2016, 2015, 2014 and so on:).

(Btw, all these pics: courtesy of Roman Rudakov)

This year has been… different, for one thing. Well our year-end prom was a bit lot different too. Different format, and not one, not two, but a full three headliner bands on!

Usually the format goes like this: (i) our awards ceremony (best crew, best project, etc., etc.); (ii) a big variety show put on by KLers; and (iii) a quick headliner at the end plus a disco. And all sat down at tables (for some of the time:).

This year… not that there was anything wrong with the usual format, but, well, it was our jubilee (20 years!) too, so we just had to do something very different and special this year…

Read on…

This week, Kaspersky Lab filed an appeal with a U.S. federal court challenging the U.S. Department of Homeland Security’s (‘DHS’) Binding Operational Directive 17-01, which requires federal agencies and departments to remove the company’s products from federal information systems. The company did not take this action lightly, but maintains that DHS failed to provide Kaspersky Lab with adequate due process and relied primarily on subjective, non-technical public sources like uncorroborated and often anonymously sourced media reports and rumors in issuing and finalizing the Directive. DHS has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company. Therefore, it is in Kaspersky Lab’s interest to defend itself in this matter.

About Kaspersky Lab

As a global cybersecurity company founded over 20 years ago, Kaspersky Lab has proudly called the United States home to its North American headquarters in Woburn, Massachusetts, for over a decade. With nearly 300 employees in Massachusetts and throughout the country, Kaspersky Lab’s corporate mission is to protect its customers from cyberthreats, regardless of their origin or purpose. The company regularly submits its products and solutions for independent testing and assessment, consistently receiving more first place finishes and top-3 awards than any other cybersecurity vendor. Furthermore, the company collaborates with law enforcement, other IT security companies, and government organizations globally to combat cybercrime, providing technical assistance and forensic malware analysis, as well as world-renowned security research into cyber-espionage and targeted attack campaigns.

Kaspersky Lab has a clear policy concerning the detection of malware: it detects and remediates any malware attack. There is no such thing as ‘good’ or ‘bad’ malware for the company. Its research team has been actively involved in the discovery and disclosure of several malware attacks with links to nation-state and organized cybercrime entities. Over the past decade, Kaspersky Lab has published in-depth research into some of the biggest cyber-espionage and financially motivated cybercrime operations known to date. It does not matter which language a threat ‘speaks’: Russian, Chinese, Spanish, German, or English. The following list of threats, as reported by Kaspersky Lab’s Global Research and Analysis Team (‘GReAT’), shows the different languages used in each case:

• Russian language: Moonlight Maze, RedOctober, CloudAtlas, Miniduke, CosmicDuke, Epic Turla, Penquin Turla, Turla, Black Energy, BTZ, Teamspy, Sofacy (aka Fancy Bear, APT28), CozyDuke (aka Cozy Bear, APT29)
• English language: Regin, Equation, Duqu 2.0, Lamberts, ProjectSauron
• Chinese language: IceFog, SabPub, Nettraveler, Spring Dragon, Blue Termite
• Spanish language: Careto/Mask, El Machete
• Korean language: Darkhotel, Kimsuky, Lazarus
• French language: Animal Farm
• Arabic language: Desert Falcons, Stonedrill, Shamoon

Kaspersky Lab’s Good Faith Efforts to Engage DHS

Kaspersky Lab fully supports DHS’s mission and mandate to secure federal information and federal information systems, which align with its own corporate mission of protecting customers from cyber threats regardless of their origin or purpose. Given its longstanding commitment to transparency, the trustworthy development of its technologies and services, and cooperation with governments and the IT security industry worldwide, Kaspersky Lab reached out to DHS in mid-July as part of a good faith effort to address any concerns regarding the company, its operations, or its products. DHS confirmed receipt of Kaspersky Lab’s letter in mid-August, appreciating the company’s offer to provide said information and expressing interest in future communications with the company regarding this matter. Kaspersky Lab believed in good faith that DHS would take the company up on its offer to engage on these issues and hear from the company before taking any adverse action. However, there was no subsequent communication from DHS to Kaspersky Lab until the notification regarding the issuance of Binding Operational Directive 17-01 on September 13, 2017. The July and August communications are referenced below.

July 18, 2017, Kaspersky Lab Letter to DHS

“Given Kaspersky Lab’s longstanding commitment to transparency, the trustworthy development of its technologies and solutions, and cooperation with governments worldwide and the IT security industry to combat cyber threats, we write to offer any information or assistance we can provide with regard to any Department investigation regarding the company, its operations, or its products.

…The integrity and assurance of our products and technologies remain our utmost priority, and we maintain that a deeper, collaborative examination of our company and its products will assuage any concerns.

Kaspersky Lab looks forward to working with the Department and its staff and welcomes further dialogue. Please contact *************** via email or phone to discuss how we might communicate more directly with you or your staff and explore ways we might work together to make cyberspace safer.”

August 14, 2017, DHS Letter to Kaspersky Lab

Jeanette Manfra, on behalf of the (then-)Acting Secretary responded:

“Thank you for your letter of July 18, 2017 addressed to then-Secretary of Homeland Security John F. Kelly. The Acting Secretary has asked me to respond on her behalf.

We appreciate your offer to provide information to the Department about your company and its operations and products as well as to communicate with the Department about making cyberspace safer. We look forward to communicating with you further on this matter and receiving such information from you, and we appreciate your patience as we work through timing and logistical issues.

We will be in touch again shortly. Thank you again for your letter.”

Addressing DHS’s Binding Operating Directive 17-01

One of the foundational principles enshrined in the U.S. Constitution, which I deeply respect, is due process: the opportunity to contest any evidence and defend oneself before the government takes adverse action. Unfortunately, in the case of Binding Operational Directive 17-01, DHS did not provide Kaspersky Lab with a meaningful opportunity to be heard before the Directive’s issuance, and therefore, Kaspersky Lab’s due process rights were infringed.

In the September 19, 2017 Federal Register notice announcing the issuance of Binding Operational Directive 17-01, DHS stated that Kaspersky Lab could initiate a review of the Directive by submitting written information, which the company did on November 10, 2017. However, this ‘administrative process’ did not afford Kaspersky Lab due process under U.S. law because the company did not have the opportunity to see and contest the information relied upon by DHS before the issuance of the Directive. As I have said before, ‘genuine due process provides you with the opportunity to defend yourself and see the evidence against you before action is taken; it doesn’t ask you to respond once action is already underway.’

Furthermore, DHS primarily relies upon uncorroborated media reports to support its assertion that Kaspersky Lab products present information security risks to government networks, not evidence of any wrongdoing by the company. DHS also cites technical arguments that apply to antivirus solutions generally, including broad levels of access and privileges to the systems on which solutions operate, the use of cloud-based technologies to process malware samples and deploy detection signatures, and data collection and processing practices. These capabilities are not unique to Kaspersky Lab’s products, and if they are of concern, DHS could have taken action to address these issues holistically across the IT security industry instead of unfairly targeting a single company without any evidence of wrongdoing.

Despite the relatively small percentage of the company’s U.S. revenue attributable to active software licenses held by federal government entities, DHS’s actions have caused a disproportionate and unwarranted adverse impact on Kaspersky Lab’s consumer, commercial, and state, local, and education (‘SLED’) business interests in the United States and globally. Through Binding Operational Directive 17-01, DHS has harmed Kaspersky Lab’s reputation, negatively affected the livelihoods of its U.S.-based employees and U.S.-based business partners, and undermined the company’s contributions to the broader cybersecurity community. Its presence in Russia and the CIS region, its technical knowhow, and its linguistic expertise uniquely position the company to advance the fight against malware and protect its customers from cyber threats. These assets have enabled Kaspersky Lab to share cyber threat information and vulnerability research with various U.S. government entities, including constituent agencies of DHS, involved in protecting U.S. cyberspace. Dissuading consumers and businesses in the United States and abroad from using Kaspersky Lab products solely because of its geographic origins and without any credible evidence does not constitute a risk-based approach to cybersecurity and does little to address information security concerns related to government networks.

Conclusion

In undertaking this action, Kaspersky Lab hopes to protect its rights under the U.S. Constitution and U.S. federal law, receive adequate due process, and repair the reputational and commercial damage caused by Binding Operational Directive 17-01. The company continues to welcome constructive and collaborative engagement with the U.S. government to address any concerns about its operations or its products, as it stated in its letter to DHS five months ago. Kaspersky Lab’s Global Transparency Initiative could serve as a mechanism for such dialogue. Regardless of this action, Kaspersky Lab remains committed to continuing its mission and business of protecting customers in the United States and around the world from cyber threats by providing market-leading antivirus software, threat intelligence and analytics.