Tag Archives: product launch

Cyber hygiene: essential for fighting supply chain attacks.

Hi folks!

Quite often, technical matters that are as clear as day to techie-professionals are somewhat tricky to explain to non-techie-folks. Still, I’m going to have a go at doing just that here today. Why? Because it’s a darn exciting and amazingly interesting world! And who knows – maybe this read could inspire you to become a cybersecurity professional?!…

Let’s say you need to build a house. And not just a standard-format house, but something unique – custom-built to satisfy all your whims and wishes. First you need an architect who’ll draw up the design based on what you tell them; the design is eventually decided upon and agreed; project documentation appears, as does the contractor who’ll be carrying out the construction work; building inspectors keep an eye on quality; while at the same time interior designers draw up how things will look inside, again as per your say-so; in short – all the processes you generally need when constructing a built-to-order home. Many of the works are unique, as per your specific instructions, but practically everything uses standard materials and items: bricks, mortar, concrete, fixtures and fittings, and so on.

Well the same goes for the development of software.

Many of the works involved in development are also unique, requiring architects, designers, technical documentation, engineer-programmers… and often specific knowledge and skills. But in the process of development of any software a great many standard building bricks libraries are used, which carry out all sorts of ‘everyday’ functions. Like when you build a house – you build the walls with standard bricks; the same goes for software products: modules with all sorts of different functionalities use a great many standardized libraries, [~= bricks].

Ok, that should now be clear to everyone. But where does cybersecurity come into all of this?

Well, digital maliciousness… it’s kinda the same as house-building construction defects – which may be either trivial or critical.

Let’s say there’s some minor damage done to a completed house that’s ready to move into, which isn’t all that bad. You just remedy the issue: plaster over, re-paint, re-tile. But what if the issue is deep within the construction elements? Like toxic materials that were used in construction in the past? Yes, it can become expensive painful.

Well the same goes for software. If a contagion attaches itself to the outside, it’s possible to get rid of it: lance it off, clean up the wound, get the software back on its feet. But if the digital contamination gets deep inside – into the libraries and modules [= bricks] out of which the final product [house] is built… then you’ve got some serious trouble on your hands. And it just so happens that finding such deep digital pestilence can be reeeaaally tricky; actually extracting the poison out of the working business process – more so.

That’s all a bit abstract; so how about some examples? Actually, there are plenty of those. Here are a few…

Even in the long-distant past, during the Windows 98 era, there was one such incident when the Chernobyl virus (also called CIH, or Spacefiller) found its way into the distributions of computer games of various developers – and from there it spread right round the world. A similar thing happened years later in the 2000s: a cyber-infection called Induc penetrated Delphi libraries.

Thus, what we have are cyberthreats attacking businesses from outside, but also the more serious threats from a different type of cyber-disease that manages to get inside the internal infrastructure of a software company and poison a product under development.

Let’s use another figurative example to explain all this – a trip to your local supermarket to get the week’s groceries in… during mask-and-glove-wearing, antiseptic-drenching lockdown!… Yes, I’m using this timely example as I’m sure you’ll all know it rather well (unless you’re the Queen or some other VIP, perhaps live off the land and don’t use supermarkets… but I digress).

So yes: you’ve grabbed the reusable shopping bags, washed your hands for 20 seconds with soap, donned the faced mask, put the gloves on, and off you go. And that’s about it for your corona-protective measures. But once you’re at the supermarket you’re at the mercy of the good sense and social responsibility and sanitary measures of the supermarket itself plus every single producer of all the stuff that you can buy in it. Then there are all the delivery workers, packing workers, warehouse workers, drivers. And at any link in this long chain, someone could accidentally (or on purpose) sneeze right onto your potatoes!

Well it’s the same in the digital world – only magnified.

For the supply chain of modern-day ‘hybrid’ ecosystems of IT development is much, much longer, while at the same time we catch more than 300,000 brand new cyber-maliciousnesses EVERY DAY! What’s more, the complexity of all that brand new maliciousness itself is rising constantly. To try and control how much hand-washing and mask-and-glove wearing is going on at every developer of every separate software component, plus how effective cyber-protection systems of the numerous suppliers of cloud services are… – it’s all an incredibly difficult task. Even more difficult if a used product is open-source, and its assembly is fashionably automated and works with default trust settings and on-the-fly.

All rather worrying. But when you also learn that, of late, attacks on supply chains happen to be among most advanced cyber-evil around – it gets all rather yikes. Example: the ShadowPad group attacked financial organizations via a particular brand of server-infrastructure management software. Other sophisticated cybercriminals attack open source libraries, while our industry colleagues have reminded us that developers are mostly unable to sufficiently verify that components they install that use various libraries don’t contain malicious code.

Here’s another example: attacks on libraries of containers, like those of Docker Hub. On the one hand, using containers makes the development of apps and services more convenient, more agile. On the other, more often than not developers don’t build their own containers and instead download ready-made ones – and inside… – much like a magician’s hat – there could be anything lurking. Like a dove, or your car keys that were in your pocket. Or a rabbit. Or Alien! :) ->

Read on…

Which hacker group is attacking my corporate network? Don’t guess – check!

Around four years ago cybersecurity became a pawn used in geopolitical games of chess. Politicians of all stripes and nationalities wag fingers at and blame each other for hostile cyber-espionage operations, while at the same time – with the irony seemingly lost on them – bigging-up their own countries’ cyber weapons tools that are also used in offensive operations. And caught in the crossfire of geopolitical shenanigans are independent cybersecurity companies, who have the ability and gall guts to uncover all this very dangerous tomfoolery.

But, why? It’s all very simple…

First, ‘cyber’ is still really quite the cool/romantic/sci-fi/Hollywood/glamorous term it appears to have always been since its inception. It also sells – including newspapers online newspaper subscriptions. It’s popular – including to politicians: it’s a handy distraction – given its coolness and popularity – when distraction is something that’s needed, which is often.

Second, ‘cyber’ is really techy – most folks don’t understand it. As a result, the media, when covering anything to do with it, and always seeking more clicks on their stories, are able to print all manner of things that aren’t quite true (or completely false), but few readers notice. So what you get are a lot of stories in the press stating that this or that country’s hacker group is responsible for this or that embarrassing/costly/damaging/outrageous cyberattack. But can any of it be believed?

We stick to the technical attribution – it’s our duty and what we do as a business

Generally, it’s hard to know if it can be believed or not. Given this, is it actually possible to accurately attribute a cyberattack to this or that nation state or even organization?

There are two aspects to the answer…

From the technical standpoint, cyberattacks possess an array of particular characteristics, but impartial system analysis thereof can only go so far in determining how much an attack looks like it’s the work of this or that hacker group. However, whether this or that hacker group might belong to… Military Intelligence Sub-Unit 233, the National Advanced Defense Research Projects Group, or the Joint Strategic Capabilities and Threat Reduction Taskforce (none of which exist, to save you Googling them:)… that is a political aspect, and here, the likelihood of manipulation of facts is near 100%. It turns from being technical, evidence-based, accurate conclusions to… palm or coffee grounds’ readings for fortune-telling. So we leave that to the press. We stay well away. Meanwhile, curiously, the percentage of political flies dousing themselves in the fact-based ointment of pure cybersecurity grows several-fold with the approach of key political events. Oh, just like the one that’s scheduled to take place in five months’ time!

For knowing the identity of one’s attacker makes fighting it much easier: an incident response can be rolled out smoothly and with minimal risk to the business

So yes, political attribution is something we avoid. We stick to the technical side; in fact – it’s our duty and what we do as a business. And we do it better than anyone, I might modestly add ). We keep a close watch on all large hacker groups and their operations (600+ of them), and pay zero attention to what their affiliation might be. A thief is a thief, and should be in jail. And now, finally, 30+ years since I started out in this game, after collecting non-stop so much data about digital wrongdoing, we feel we’re ready to start sharing what we’ve got – in the good sense ).

Just the other day we launched a new awesome service aimed squarely at cybersecurity experts. It’s called the Kaspersky Threat Attribution Engine (KTAE). What it does is analyze suspicious files and determine from which hacker group a given cyberattack comes from. For knowing the identity of one’s attacker makes fighting it much easier: informed countermeasure decisions can be made, a plan of action can be drawn up, priorities can be set out, and on the whole an incident response can be rolled out smoothly and with minimal risk to the business.

So how do we do it?

Read on…

Dear Father Christmas: I’d like a sandbox please!

Hi folks, or should that be – ho, ho, ho, folks? For some have said there is a faint resemblance… but I digress – already!

Of course, Christmas and New Year are upon us. Children have written their letters to Santa with their wish lists and assurances that they’ve been good boys and girls, and Rudolph & Co. are just about ready to do their bit for the logistical miracle that occurs one night toward the end of each year. But it’s not just the usual children’s presents Father Christmas and his reindeer will be delivering this year. They’ll also be giving out something that they’ve long been getting requests for: a new solution for fighting advanced cyberattacks – Kaspersky Sandbox! Let me tell you briefly about it…

Basically it’s all about emulation. You know about emulation, right? I’ve described it quite a few times on these here blog pages before, most recently earlier this year. But, just in case: emulation is a method that encourages threats to reveal themselves: a file is run in a virtual environment that imitates a real computer environment. The behavior of a suspicious file is studied in a ‘sandbox’ with a magnifying glass, Sherlock-style, and upon finding unusual (= dangerous) actions the object is isolated so it does no more harm and so it can be studied more closely.

Analyzing suspicious files in a virtual environment isn’t new technology. We’ve been using it for our internal research and in our large enterprise projects for years (I first wrote about it on this here blog in 2012). But it was always tricky, toilsome work, requiring constant adjustment of the templates of dangerous behaviors, optimization, etc. But we kept on with it, as it was – and still is – so crucial to our work. And this summer, finally, after all these years, we got a patent for the technology of creating the ideal environment for a virtual machine for conducting quick, deep analysis of suspicious objects. And a few months ago I told you here that we learned how to crack this thanks to new technologies.

It was these technologies that helped us launch the sandbox as a separate product, which can now be used direct in the infrastructure of even small companies; moreover, to do so, an organization doesn’t need to have an IT department. The sandbox will carefully and automatically sift the wheat from the chaff – rather, from cyberattacks of all stripes: crypto-malware, zero-day exploits, and all sorts of other maliciousness – and without needing a human analyst!

So who will really find this valuable? First: smaller companies with no IT dept.; second: large companies with many branches in different cities that don’t have their own IT department; third: large companies whose cybersecurity folks are busy with more critical tasks.

To summarize, what the Sandbox does is the following:

  • Speedy processing of suspicious objects;
  • Lowering load on servers;
  • Increasing the speed and effectiveness of reactions to cyberthreats;
  • As a consequence of (i)–(iii) – helping out the bottom line!

So what we have is a useful product safeguarding the digital peace-of-mind of our favorite clients!

PS: And the children who behave and listen to their parents will of course be writing letters to Santa toward the end of 2020, too. Sure, they’ll be getting their usual toys and consoles and gadgets. But they’ll also be getting plenty of brand-new super-duper K-tech too. You have more word for it!…

Yours sincerely,

Father Christmas

Enter your email address to subscribe to this blog
(Required)

Threat Intelligence Portal: We need to go deeper.

I understand perfectly well that for 95% of you this post will be of no use at all. But for the remaining 5%, it has the potential to greatly simplify your working week (and many working weekends). In other words, we’ve some great news for cybersecurity pros – SOC teams, independent researchers, and inquisitive techies: the tools that our woodpeckers and GReAT guys use on a daily basis to keep churning out the best cyberthreat research in the world are now available to all of you, and free at that, with the lite version of our Threat Intelligence Portal. It’s sometimes called TIP for short, and after I’ve said a few words about it here, immediate bookmarking will be mandatory!

The Threat Intelligence Portal solves two main problems for today’s overstretched cybersecurity expert. First: ‘Which of these several hundred suspicious files should I choose first?’; second: ‘Ok, my antivirus says the file’s clean – what’s next?’

Unlike the ‘classics’ – Endpoint Security–class products, which return a concise Clean/Dangerous verdict, the analytic tools built into the Threat Intelligence Portal give detailed information about how suspicious a file is and in what specific aspects. And not only files. Hashes, IP addresses, and URLs can be thrown in too for good measure. All these items are quickly analyzed by our cloud and the results on each handed back on a silver platter: what’s bad about them (if anything), how rare an infection is, what known threats they even remotely resemble, what tools were used to create it, and so on. On top of that, executable files are run in our patented cloud sandbox, with the results made available in a couple of minutes.

Read on…

The pig is back!

Hi folks!

Once upon a time, long, long ago, we had a pet pig. Not a real one – and it didn’t even have a name – but its squeal became a famous one. Now, those of you who’ve been using Kaspersky Lab products for decades will no doubt know what I’m referring to. For the relative newbies among you, let me let you in on the joke…

In the cyber-antiquity of the 1990s, we added a feature to our AV product: when it detected a virus, it gave out a loud piggy-squeal! Some folks hated it; others loved it!

source

But after a while, for one reason or another, eventually the piggy squeal disappeared; incidentally – as did the ‘K’ icon in the tray, replaced by a more modern and understandable symbol.

Now, any good company has a circle of devoted fans (we even have an official fan club), and we’re no exception. And many of these fans down the years have written to me imploring us to ‘Bring back the pig!’ or asking ‘Where’s the ‘K’ in the Taskbar gone?!’

Well not long ago, we figured that, if that’s what folks want, why not give it to them? And since these days customizing products is really simple… that’s just what we did. So, herewith, announcing…

the return of the piggy! :)

Right. So how do you actually go about activating its squeals and bringing back the ‘K’? Here’s how:

In one of the most recent versions of our personal products was added an update (19.0.0.1088(e), which, btw, internally is codenamed ‘K icon and pig’!). And the update works for all our personal products: KFA, KAV, KIS, KTS, KSC and KSOS.

All this talk of piggies and Ks… but might they affect the quality/ speed/ efficiency/ effectiveness/ whatever of our products? Simple answer: no – in no way at all. Nice. Right – back to all this talk of piggies and Ks…

Here are the instructions:

  1. Make sure you have update 19.0.0.1088(e) or later, with the default settings applied;
  2. Make sure you have Windows 7 or older (for example XP) (sorry folks, this doesn’t work on Windows 10);
  3. Right-click on the product’s icon in the Taskbar, choose ‘About’, and here we apply some magic…
  4. Now type IDKFA (in caps, like here);
  5. Next – download a test file (a file that pretends to be a virus): eicar test file;
  6. The file won’t download though (the product blocks it in the browser), and instead of the download window opening – you guessed it: piggy squeal;
  7. There’s another way of doing it: pause the protection. Bingo!

You can change the icon in exactly the same way, only you need to type IDDQD instead of IDKFA. Btw: if you type it a second time, the icon will revert back to the standard one.

And if you’re wondering why on earth you need to type IDDQD or IDKFA, check this out ).

So there you have it. The pig is back. As is the K! Well, we had to make up for the ‘Lab’ being dropped, right? )

 

7 200 000.

Hi folks!

Along with the snow and ice (at least in my home city), December brings with it an unbearable desire to take stock of the past 12 months, to be amazed at what’s been achieved, and to make plans for the future. Then, after a brief pause for festive fun and frolics, it’s time to get back at it (and them!) once again.

Now, to me, one of the most impressive KL projects of the year – among a whole host of them – was the global launch of our free antivirus. In just several months this product has demonstrated curiously extraordinary success, and it’s that success I want to tell you about here today.

Kaspersky FREE was pilot-launched almost two years ago after an intense public discussion about its functionality. For a year and a half we kept a close eye on how the product worked, also on the user feedback thereon, the effectiveness of the protection, competition with our paid products, and so on… and it all confirmed – we were doing things just right! Then, six months ago, we had the global rollout of our freebie!

Half a year: is that a short or a long time? Well, on an uninhabited island it’s a long time, I guess. But for a popular antivirus it’s no time at all. Still, what can you get done in such a short time? Turns out quite a bit, if you put your mind to it…

First off: back to the title of this post: 7.2 million.

7.2 million is the total number of installations of FREE up until December 1, 2017. Around four million of those are active users, which is a real good result for such a new product. In just November FREE was downloaded nearly 700,000 times: around 23,000 times a day. But what’s even more curiously surprising is the loyalty of the users of FREE: some 2.5 times higher than the trial versions of our paid products: 76% of users who install FREE stay with us for several months of more. Woah. That’s a nice fat figure for Christmas ).

Now a little about the effectiveness of FREE

Although the product is loaded with just the basic essentials of protection (for £39.99 you can get the full suite of protective whistles and bells, including VPN, Password Manager, Parental Control, mobile device protection, etc.), it works on the same anti-malware engine as our other consumer products. In 2017 FREE protected its users from almost 250 million cyberattacks, 65 million detections of which occurred thanks to our cloud-based KSN. In just a year the product detected 17.5 million unique malicious programs and ~50 million malicious websites/pages. No wonder then that FREE is regularly and deservedly in among the top ratings in tests and reviews all around the world with enviable regularity.

There are three more things I think will be interesting to you, dear reader.

Read on…

KL AV for Free. Secure the Whole World Will Be.

Hi folks!

I’ve some fantastic, earth-shattering-saving news: we’re announcing the global launch of Kaspersky Free, which, as you may have guessed by the title, is completely free-of-charge! Oh my giveaway!

We’ve been working on this release for a good year-and-a-half, with pilot versions in a few regions, research, analysis, tweaks and the rest of it, and out of all which we deduced the following:

  • The free antivirus won’t be competing with our paid-for versions. In our paid-for versions there are many extra features, like: Parental Control, Online Payment Protection, and Secure Connection (VPN), which easily justify the ~$50 for premium protection.
  • There are a lot of users who don’t have the ~$50 to spend on premium protection; therefore, they install traditional freebies (which have more holes than Swiss cheese for malware to slip through) or they even rely on Windows Defender (ye gods!).
  • An increase in the number of installations of Kaspersky Free will positively affect the quality of protection of all users, since the big-data-bases will have more numbers to work with to better hone the machine learning.

And based on those three deductions we realized we had to do one thing, and fast: roll out a KL freebie all over the planet!

Read on: Global launch plan…

+1 Enterprise Intelligence Service: Introducing Our Cyberthreat X-Ray!

Human beings are a curious lot. It’s in their nature to try and get to the ‘whys’ and ‘hows’ of everything and anything. And this applies in cybersecurity too; in fact – doubly so: getting to the ‘whys’ and ‘hows’ of cyberthreats is the very basis upon which cybersecurity is built; thus, upon which KL is built.

Getting to the ‘whys’ and ‘hows’ for us means meticulously taking apart every cyberattack into its respective constituent pieces, analyzing it all and, if necessary, developing specific protection against it. And it’s always better to do this proactively, based on the mistakes of others, and not waiting until what we protect is attacked.

To solve this challenging task we’ve a slew of intelligence services for enterprises. In this collection of cyber-precision-tools there’s staff training, security intelligence services to come up with detailed information about discovered attacks, expert penetration-testing services, app-audits, incident investigations, and more.

Well now the ‘and more’ includes our new service – KTL (Kaspersky Threat Lookup) – the smart microscope for dissecting suspicious objects and uncovering the sources/tracking histories of cyberattacks, multivariate correlations, and degrees of danger for corporate infrastructure. Quite the X-ray for cyberthreats.

Actually, all our users already has the lite-version of this service. The security rating of a file can also be checked with our home products, but enterprise customers need a deeper, more thorough analysis of threats.

To begin with, KTL can be used to check not only files, but also URLs, IP addresses and domains. It can analyze objects for the hallmarks of targeted attacks, behavioral and statistical specifics, WHOIS/DNS data, file attributes, download chains, and others.

Read on: Special search engine…

Q&A on 11-11.

And now, boys and girls, woo-hoo! Today is a day when woo-hoo’ing seems the most appropriate thing to do. Like this: WOO-HOO!!!

Why, you say?

We’ve officially launched a secure operating system for network devices, industrial control systems, and the IoT. The OS was originally conceived on November 11; that’s why we refer to it by the code name 11-11. It was a very long development cycle, for sure: we worked on the project for 14 solid years and have even run a real-world pilot test roll-out. Now the OS is ready for consumption is available for deployment by all interested parties in a variety of scenarios.

OS has not a single Linux code, is based on a microkernel architecture and allows customers to examine the source code to make sure it has no undocumented capabilities

I’ll spare you all the nerdy detail, but if you do want the techy info – here it is. I’d rather focus on the things we left out of that post, so I’ll answer some frequently asked questions and debunk some myths about our new OS.

Read on: literally not Linux…

Finally, Our Own OS – Oh Yes!

At last – we’ve done it!

I’ve anticipated this day for ages – the day when the first commercially available mass market hardware device based our own secure operating system landed on my desk. And here she is, the beaut.

This unassuming black box is a protected layer 3 switch powered by Kaspersky OS and designed for networks with extreme requirements for data security.

And there’s plenty more in the pipeline where this came from too, meaning the tech will be applied in other Internet-connected bits of kit, aka the Internet of Things (IoT). Why? Because this OS just so happens to be ideal for applications where a small, optimized and secure platform is required.

Read on: Distinctive features…