NOTES, COMMENT AND BUZZ FROM EUGENE KASPERSKY – OFFICIAL BLOG
July 2, 2018
Hi folks!
Can you guess what this is?
No – it’s not Malevich’s Black Square. Nor is it a rhetorical clickbait question.
Actually, if you look closely – if your screen shows it big enough – you’ll see something that’ll give you a clue, but you still might not get it…
June 6, 2018
When it comes to choosing an item of clothing – the only thing that’s important for me is functionality. Nice packaging, a designer brand, status level and other stuff don’t matter to me one bit. Same with cars really: if one gets you from A to B in good time, safely, and in reasonable comfort (so, maybe with a/c.) that’s all that really matters.
The same ‘ignore the unimportant stuff’ principle should be applied when it comes to one’s choice of cybersecurity product too. One really should – though many don’t – make sure one doesn’t fall for the ‘other stuff’ (= marketing waffle) that has no relation to actual protection. For it turns out that in thorough independent testing, new glamorous ‘next-generation antivirus’ products are shown to contain under their hoods fake artificial intelligence, adopted AV detection, and ‘protection’ full of holes. Put another way: they’re placebos, nothing more. So, in order not to become a victim of shiny marketing based on unsound security, you need to lift the hood yourself to have a look at how things work.
Of course, not everyone has the time and patience and technical knowledge to be able to plough through technical documentation of a cybersecurity product and understand it. But even if someone did, there’s still a chance the developer is mostly spinning a yarn throughout all that techy jargon.
With us, on the other hand, it’s just the opposite: we’re proud of our technologies, openly publish their technical details (without the yarns) and consider that anyone can understand them if explained appropriately. Ultimately we’re the most transparent cybersecurity company around – even to the extent that we’re ready to share our source code for inspection.
But to add to the clarity and accessibility of some of our tech, seven years ago, I started a series of regular posts on this here blog with the technology tag, in which all the main points of our more complex tech features are explained in simple language (complex tech features ‘you’d normally never hear about’, much less – read about in the regular, for-geeks-only technical notes). These are the largely invisible – under-the-hood – features, but they’re the ones that happen to be the real nuts-and-bolts of our cyberprotection.
Ok. Intro over. Today’s post is about how banks recognize a hack into your bank account.
Let’s say that one day you get a message from your bank that goes along the lines of: ‘Suspicious activity has been detected on your account…’. The first thing you do is go over the last few days trying to recall everywhere you’ve been, where you withdrew cash and how much, what you bought in shops/cafes, etc. and/or online, and so on.
In my case, it may look like this: (i) withdrew Norwegian kroner from an ATM in Longyearbyen, Svalbard, Norway; (ii) bought a steak and a beer salad and a mineral water in Oslo Airport, Norway; (iii) bought the missus a present in Schiphol Airport in Amsterdam, Holland – plus another salad and mineral water for lucky me; (iv) somewhere in the vicinity of the Azores bought some airplane internet access time; (v) withdrew some balboas in Tocumen Airport in Panama; and (vi) paid for dinner for a large party in a village not far from Panama City. And that was all in just one day!
Now, of course, to a bank, that string of transactions with a credit card – registered in none of the countries mentioned – sure could look suspicious. Quite who starts the day in the northernmost town in the world, buys an expensive duty free item a while later in a European capital, and ends up in Panama in the evening and forks out for a banquet, but has never taken such an unusual route before ever?
Sure. But let’s face it, banks can’t keep track of their millions of clients. How many employees would they need to do so? No, instead, the bank has a smart automated system (like Kaspersky Fraud Prevention (KFP)) that recognizes fraud automatically and with a high degree of accuracy. Ok, let’s have a look under KFP’s hood and see how it protects your money.
Each client of a bank has a model of behavior: a mathematical graph that contains the devices (computers, smartphones, tablets) and accounts of the user, bank services used (e.g., internet banking), and also rules for interaction among all the just mentioned. The model is built on the basis of collected anonymized data about specific activity of the client on the internet and using mobile bank. Crucially, the system isn’t interested in concrete transactions, sums involved, invoice details, names and so on – banking secrecy remains banking secrecy. Threats are calculated based solely on technical metadata and analysis of anonymized actions.
Such an approach allows to automatically detect many different kinds of cyber-fraud.
Example 1: Citizen X uses his internet banking application on his home computer. To authenticate his identity he uses the USB token given him by the bank. But since for protection he’s installed a next-generation antivirus based on a ‘cutting-edge AI system’, one day a malicious Trojan gets through. That Trojan – assisted by the token being forgotten about and left in the USB port – starts to transfer money on the quiet from Citizen X’s account. But it’s not ‘on the quiet’ for the banking anti-fraud system, which detects the anomalous behavior quickly, blocks the operation and informs the bank’s security department.
KFP control panel
March 5, 2018
Buzzwords of the 21st century. They come; some go – some stay. Example of the latter: synergy. Remember that one? It used to be bandied about in practically every business presentation given some 15 years ago (apart from mine; no thank you!). And do you recall the Y2K bug? Oh my goodness – that was 18 years ago already :). That too came and went (after having turned out to be much ado about nothing). Out of those that come and stay, there’s… hmmm… leverage, wellness, proactive, paradigm… But I digress.
Back to what I want to talk about today…: specifically tech buzzwords. Which ones spring to mind? Artificial intelligence? Big data? The internet of things? Quantum computing? Or maybe the uber-buzzy cryptocurrencies and bitcoins? These are among the most popular according to Google, too, btw.
Not all buzzwords are silly/nonsense/marketing hype/investor-and-consumer deceiving… sophistry (is that a buzzword? Sure sounds it, but…:). Blockchain is one example. For example, our business incubator is nurturing several blockchain ideas that will change the world for the better in their niches.
Not just to buy Bitcoins but also to sell them
But that’s not what this post is about. Today I want to share my thoughts on the influence of cryptocurrencies on global cybersecurity and how we help users protect themselves from new threats. I’ll also fantasize a little about the future of free internet services and options for monetization of software.
December 21, 2017
Hi folks!
Along with the snow and ice (at least in my home city), December brings with it an unbearable desire to take stock of the past 12 months, to be amazed at what’s been achieved, and to make plans for the future. Then, after a brief pause for festive fun and frolics, it’s time to get back at it (and them!) once again.
Now, to me, one of the most impressive KL projects of the year – among a whole host of them – was the global launch of our free antivirus. In just several months this product has demonstrated curiously extraordinary success, and it’s that success I want to tell you about here today.
Kaspersky FREE was pilot-launched almost two years ago after an intense public discussion about its functionality. For a year and a half we kept a close eye on how the product worked, also on the user feedback thereon, the effectiveness of the protection, competition with our paid products, and so on… and it all confirmed – we were doing things just right! Then, six months ago, we had the global rollout of our freebie!
Half a year: is that a short or a long time? Well, on an uninhabited island it’s a long time, I guess. But for a popular antivirus it’s no time at all. Still, what can you get done in such a short time? Turns out quite a bit, if you put your mind to it…
First off: back to the title of this post: 7.2 million.
7.2 million is the total number of installations of FREE up until December 1, 2017. Around four million of those are active users, which is a real good result for such a new product. In just November FREE was downloaded nearly 700,000 times: around 23,000 times a day. But what’s even more curiously surprising is the loyalty of the users of FREE: some 2.5 times higher than the trial versions of our paid products: 76% of users who install FREE stay with us for several months of more. Woah. That’s a nice fat figure for Christmas ).
Now a little about the effectiveness of FREE…
Although the product is loaded with just the basic essentials of protection (for £39.99 you can get the full suite of protective whistles and bells, including VPN, Password Manager, Parental Control, mobile device protection, etc.), it works on the same anti-malware engine as our other consumer products. In 2017 FREE protected its users from almost 250 million cyberattacks, 65 million detections of which occurred thanks to our cloud-based KSN. In just a year the product detected 17.5 million unique malicious programs and ~50 million malicious websites/pages. No wonder then that FREE is regularly and deservedly in among the top ratings in tests and reviews all around the world with enviable regularity.
There are three more things I think will be interesting to you, dear reader.
October 5, 2017
Another sensationalist media story was released today stating among other things that Kaspersky Lab helps a certain intelligence agency in getting their hands on sensitive data from another intelligence agency through the home computer of a contractor. Another accusation in the article is that we are very ‘aggressive’ in our methods of hunting for new malware.
The first statement sounds like the script of a C movie, and again – disclosed by anonymous sources (what a surprise). I can hardly comment on it besides the official statement.
However, I couldn’t agree more with the second claim about being aggressive in our hunt for malware. We absolutely and aggressively detect and clean malware infections no matter the source, and have been proudly doing so for 20 years. This is the reason why we consistently get top ratings in independent, third-party malware detection tests. We make no apologies for being aggressive in the battle against malware and cybercriminals – you shouldn’t accept any less. Period.
While protecting our customers, we do – as any other cybersecurity vendors – check the health of a computer. It works like an X-ray: the security solution can see almost everything in order to identify problems, but it cannot attribute what it sees to a particular user. Let me elaborate a bit more on what we do and what we don’t when protecting our users from cyberattacks:
What we do
Every day, we develop new heuristics and advanced detection mechanisms that flag suspected malware and send it to machine-learning-powered back-end for automatic analysis. These heuristics are designed in a way so that they focus only on a particular type of data – one that has characteristics potentially dangerous to computer health. And the data’s risk is the only feature the heuristics care about.
We focus on high-profile cyberthreats that have the potential to impact many users. Such threats are usually very sophisticated and may consist of multiple components – not necessary malicious at first glance. Please read our recent ShadowPad story as an example.
We hunt for and analyze all kinds of threats. We ignore none. We also invest a lot of resources into systems that protect our users from malware, make their computers more secure, and allow them to enjoy their user experience as opposed to worrying about it.
In the wake of this latest article I want to emphasize the following: if our technologies detect anything suspicious and this object is identified as malware, in a matter of minutes all our customers – no matter who or where they are – receive protection from the threat. In the most serious cases – such as global malware outbreaks like WannaCry or sophisticated cyber-espionage platforms like Equation – our researchers analyze the threat deeply and publish the research with indicators of compromise openly, so not only our customers, but all other users and our colleagues in the cybersecurity industry can learn how to protect against the new threat. Customers’ security is our mission, and we’re committed to protect against all kinds of cyberthreats regardless their origin or purpose. This approach is the foundation of our business and is what our users pay for.
This is the one and only way of how we deal with cyberthreats. The new allegations look to me like this: someone just took this process of how we deal with a threat, added some fictional details, and here we go – the new C-movie script is ready.
What we don’t do
With big power comes big responsibility. We never betray the trust that our users place in our hands. If we were ever to do so just once, it would immediately be spotted by the industry and it would be the end of our business – and rightly so.
To understand why something like this would be impossible for Kaspersky Lab or any other reputable security company, one needs to understand how the cybersecurity industry works. In our industry there are mainly two types of folks: first, those who do offensive things: breaking software, creating espionage tools, exploits, and – to the extreme – helping governments with their spy efforts. And second, folks who fight for users, take their side, protect them from attacks, create software that defends computers, and cause all manner of headaches for spy agencies.
This is a fundamental separation, which expresses itself in many ways – from what is considered ethical by one category or the other, to reputation and separating right from wrong.
For 20 years, KL has been fighting for users. It’s pioneered many technologies, including machine learning and cloud security, created one of the world’s best security products, and strived to ONLY hire people who abide to the highest ethical standards.
Any of our experts would consider it unethical to abuse user trust in order to facilitate spying by any government. Even if, let’s say, one or two such people would somehow infiltrate the company, there are dozens of internal technological and organizational strategies to mitigate the risk. There are also 3000+ people working at Kaspersky Lab and some of them would notice something like that. It’s impossible to hide it from everybody.
Now to the complicated part
Even though we have an internal security team and run bug bounty programs, we can’t give a 100% guarantee that there are no security issues in our products; name another security software vendor that can! Software is made by people and people make mistakes – no getting round that.
Now, if we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn’t they report it to us? We patch the most severe bugs in a matter of hours; so why not make the world a bit more secure by reporting the vulnerability to us? I can’t imagine an ethical justification for not doing so.
In the end, I can’t shake off a disturbing thought: no matter how great security technologies and measures are, the security of millions can be easily compromised by the oldest threat actor there is – a $5 USB stick and a misguided employee.
Dissecting the recent WSJ cybersecurity story: truth, lies and disturbing details by @e_kaspersky himselfTweet
March 14, 2017
Human beings are a curious lot. It’s in their nature to try and get to the ‘whys’ and ‘hows’ of everything and anything. And this applies in cybersecurity too; in fact – doubly so: getting to the ‘whys’ and ‘hows’ of cyberthreats is the very basis upon which cybersecurity is built; thus, upon which KL is built.
Getting to the ‘whys’ and ‘hows’ for us means meticulously taking apart every cyberattack into its respective constituent pieces, analyzing it all and, if necessary, developing specific protection against it. And it’s always better to do this proactively, based on the mistakes of others, and not waiting until what we protect is attacked.
To solve this challenging task we’ve a slew of intelligence services for enterprises. In this collection of cyber-precision-tools there’s staff training, security intelligence services to come up with detailed information about discovered attacks, expert penetration-testing services, app-audits, incident investigations, and more.
Well now the ‘and more’ includes our new service – KTL (Kaspersky Threat Lookup) – the smart microscope for dissecting suspicious objects and uncovering the sources/tracking histories of cyberattacks, multivariate correlations, and degrees of danger for corporate infrastructure. Quite the X-ray for cyberthreats.
Actually, all our users already has the lite-version of this service. The security rating of a file can also be checked with our home products, but enterprise customers need a deeper, more thorough analysis of threats.
To begin with, KTL can be used to check not only files, but also URLs, IP addresses and domains. It can analyze objects for the hallmarks of targeted attacks, behavioral and statistical specifics, WHOIS/DNS data, file attributes, download chains, and others.
February 20, 2017
And now, boys and girls, woo-hoo! Today is a day when woo-hoo’ing seems the most appropriate thing to do. Like this: WOO-HOO!!!
Why, you say?
We’ve officially launched a secure operating system for network devices, industrial control systems, and the IoT. The OS was originally conceived on November 11; that’s why we refer to it by the code name 11-11. It was a very long development cycle, for sure: we worked on the project for 14 solid years and have even run a real-world pilot test roll-out. Now the OS is ready for consumption is available for deployment by all interested parties in a variety of scenarios.
I’ll spare you all the nerdy detail, but if you do want the techy info – here it is. I’d rather focus on the things we left out of that post, so I’ll answer some frequently asked questions and debunk some myths about our new OS.
February 6, 2017
Of course, I’m bound to get a lot of spam in my inbox – probably more than most. Decades of giving out my business card left, right and center; our domain included on presentation slides, in publications and catalogs and so on. Then there’s my email address’s simplicity. Sometimes employees’ blown email addresses we ‘leave out in the cold’ as spam honeypots while setting up new, slightly amended email addresses for the employee. But we can’t have that for me now can we? No. Because – first – I need to keep track of precisely who the enemy is, and – second – I want to personally be able to monitor the quality of our antispam protection. And I also don’t mind a few extra laughs now and again.
Much like entomologists with their butterflies, I file all incoming spam in a separate folder, check out the verdicts, and determine tendencies and false positives, while I forward missed samples to our antispam lab.
Curiously, since the beginning of the year the amount of spam has gone through the roof! And after studying its structure and style, it looks like most of it comes from one (1) source! Almost all the messages were in English (with just two in Japanese), and – main thing – 100% of this spam was detected by our products! I turned to our specialists… – and it was confirmed: it was a huge tsunami-like wave of a specific type of spam – snowshoe spam. This is unusual as normally around New Year spam activity falls in volume.
* Data for 1-10 January
And here’s the data on how the share of snowshoe spam changed on the most active day – January 7 – in the inboxes of our corporate domain:
So just what is this snowshoe when it’s at home, and how can it be protected against?
December 7, 2016
Recently, sharp-eyed users congratulated me with a ‘billion’ items in the Kaspersky Security Network. Thank you! Although, I need to explain what that ‘billion’ is.
First of all, don’t worry. This is not a billion something or other you don’t want on your computer; no, it’s something different, and it’s a little complicated. So let me start with some basic definitions.
Read on: How to get as close as poss to the ideas cybersecurity…
November 10, 2016
Hi Folks!
Meet David, the magnificent masterpiece sculpted by Michelangelo at the start of the 16th century. A photo of his face with that curious furrowed brow featured on our very first anti-cyber-vermin security product at the beginning of the 1990s. Some thought the pic was of me! I still don’t see why; I mean, have you EVER seen my face clean-shaven… and as white as a sheet? )
The choice of David for the retail box was far from random: we found we were kindred spirits – both very much underdogs. KL was a small young company from nowhere throwing down the gauntlet to global cyber-malice in an established international security market; David was the small young guy throwing down the gauntlet to the giant Goliath.
Throughout the years the boxes have changed, but one thing that hasn’t is our… Davidness.
Fate threw plenty of obstacles in our path that could have easily seen us off, but we persevered, hurdled those obstacles – often alone – and became stronger.
To everyone’s amazement we gave users the best protection in the world and became one of the leaders in the global market. We took it on ourselves to fight patent trolls practically alone, and are still successfully fighting them. (Most others prefer to feed them instead.) And despite the rise in parasites and BS-products, we continue to increase investment in true cybersecurity technologies (including true machine learning) for the protection of users from the cyberthreat avant-garde.
Thus, with just a ‘sling and stones’ we slowly but surely keep on killing Goliath ‘saving the world’: regardless of the geopolitical situation, and from any sort of cyberattacks – regardless of their origin or purpose.
And now, fate has brought us a new challenge. And not only us: this is also a challenge for all computer users and the entire ecosystem of independent developers for Windows.
