Hi boys and girls!

It’s been a while since my last installment of iNews, aka – uh-oh cyber-news, aka – cyber-tales from the dark side, so here’s reviving the series to get back on track in giving you highlights of jaw-dropping cyber-astonishments you might not hear about from your usual sources of news…

In this installment – just one iNews item for you, but it’s plenty: an added item might have watered down the significance of this one (hardly appropriate when there’s ‘watershed’ in the title:)…

Briefly about the iNews: after lengthy legal proceedings in the U.S., a court has ruled in favor of big-pharma company Merck against its insurer for a payout of US$1.4 billion (!!) to cover the damages Merck suffered at the grubby hands of NotPetya (aka ExPetr or simply Petya) in 2017.

Quick rewind back to 2017…

In June of that year, all of a sudden a viciously nasty and technologically advanced encryptor worm – NotPetya – appeared and spread like wildfire. It initially targeted Ukraine, where it attacked victims via popular accounting software – affecting banks, government sites, Kharkov Airport, the monitoring systems of the Chernobyl Nuclear Power Plant (!!!), and so on and so on. Next, the epidemic spread to Russia, and after that – all around the world. Many authoritative sources reckon NotPetya was the most destructive cyberattack ever. Which looks about right when you count the number of attacked companies (dozens of which each lost hundreds of millions of dollars), while overall damage to the world economy was estimated at a minimum 10 billion dollars!

One of the most notable victims of the global cyberattack was the U.S. pharmaceuticals giant Merck. It was reported 15,000 of its computers were zapped within 90 seconds (!) of the start of the infection, while its backup data-center (which was connected to the main network), was lost almost instantly too. By the end of the attack Merck had lost some 30,000 workstations and 7,500 servers. Months went into clearing up after the attack – at a cost of ~1.4 billion dollars, as mentioned. Merck even had to borrow vaccines from outside sources for a sum of $250 million due to the interruptions caused to its manufacturing operations.

Ok, background out the way. Now for the juiciest bit…

Read on…

The new working year is up and away, cruising steadily and assuredly like… a long-range airliner flying east. Out the window it’s getting brighter: in Moscow daylight has increased by nearly an hour daily since a month ago; in New York – by 40 minutes; and in Reykjavik – by more than two hours. Even in Singapore there’s… one more minute of sunlight in a day compared to a month ago.

However, the year 2021 simply won’t let go! First there was my review of the year (all positive); then there was the 2021 K-patents review (all positive). There’ll be a corporate/financial-results review a bit later (all positive:). And now, here, today – I’ve another review for you!…

Several reviews of a single year? If some of you have had enough of 2021 and want to leave it behind, forget it, and get on with this year, this one’s for you! ->

Actually, you can download the calendar the above pic’s taken from – here (and, jic, what the above pic’s about is here:).

Right, back to that fourth 2021-review…

And it just so happens to be – a professional review, as in: of the product and technological breakthroughs we made throughout our very busy 2021 – and all in the name of protecting you from cyber-evil. But first – some product/tech history…

Read on…

Our Threat Intelligence service (further – TI) is a set of important services that help orientate businesses in the anything-but-straightforward cyberthreat landscape and take the right decisions for enhancing their cybersecurity. In a nutshell, it’s all about the collection and analysis of data about the epidemiological situation within and outside a corporate network, professional tools for investigating incidents, analytical reports about new targeted cyberattacks, and much more besides. And it’s what every developer of corporate systems of cybersecurity has – or should have – in their product-ecosystem; it’s like a trump card or panic button, without which the ecosystem is like… a chair with weak, creaking legs. At any moment you can be in for a fall – a very painful one.

With TI, a cybersecurity expert can keep an all-seeing eye on the surroundings around their cyber-fortress (and even see over the horizon). He or she is able to keep track of what the enemy is up to – where they’re coming and going, how well they’re armed, what’s in their minds, and what strategies, tactics and intelligence they use. Without TI, even with the best defensive weaponry and bomb-proof walls, the fortress is still vulnerable: the enemy won’t necessarily come through the main gate; it could tunnel its way in or go for an aerial attack. Not good Disaster.

// Commercial-break button – ON:

We at K started to develop our own TI portal back in 2016. Since then it’s come on leaps and bounds – so much so that last year the analytical agency Forrester recognized us as a world leader in the market. And many big names around the world agree with Forrester, having become users of our TI services long ago: for example Telefonica, Munich Airport, Chronicle Security, and CyberGuard Technologies.

// Commercial-break button – OFF.

Perhaps the jewel in our TI-crown is the Digital Footprint Intelligence service (further – DFI)…

Read on…

Ten years is a long time in cybersecurity. If we could have seen a decade into the future in 2011 just how far cybersecurity technologies have come on by 2022 – I’m sure no one would have believed it. Including me! Paradigms, theories, practices, products (anti-virus – what’s that?:) – everything’s been transformed and progressed beyond recognition.

At the same time, no matter how far we’ve progressed – and despite the hollow promises of artificial intelligence miracles and assorted other quasi-cybersecurity hype – today we’re still faced with the same, classic problems we had 10 years ago in industrial cybersecurity:

How to protect data from non-friendly eyes and having unsanctioned changes made to it, all the while preserving the continuity of business processes?

Indeed, protecting confidentiality, integrity and accessibility still make up the daily toil of most all cybersecurity professionals.

No matter where it goes, ‘digital’ always takes with it the same few fundamental problems. ANd ‘go’ digital will – always – because the advantages of digitalization are so obvious. Even such seemingly conservative fields like industrial machine building, oil refining, transportation or energy have been heavily digitalized for years already. All well and good, but is it all secure?

With digital, the effectiveness of business grows in leaps and bounds. On the other hand, all that is digital can be – and is – hacked, and there are a great many examples of this in the industrial field. There’s a great temptation to fully embrace all things digital – to reap all its benefits; however, it needs to be done in a way that isn’t agonizingly painful (read – with business processes getting interrupted). And this is where our new(ish) special painkiller can help – our KISG 100 (Kaspersky IoT Secure Gateway).

This tiny box (RRP – a little over €1000) is installed between industrial equipment (further – ‘machinery’) and the server that receives various signals from this equipment. The data in these signals varies – on productivity, system failures, resource usage, levels of vibration, measurements of CO₂/NO_x emissions, and a whole load of others – and it’s all needed to get the overall picture of the production process and to be able to then take well-informed, reasoned business decisions.

As you can see, the box is small, but it sure is powerful too. One crucial functionality is that it only allows ‘permitted’ data to be transferred. It also allows data transmission strictly in just one direction. Thus, KISG 100 can intercept a whole hodge-podge of attacks: man-in-the-middle, man-in-the-cloud, DDoS attacks, and many more of the internet-based threats that just keep on coming at us in these ‘roaring’ digital times.

Read on…

Straight after London and our Thames Pathing and Mitre-staying, we headed over the Irish Sea to Dublin, where the IRISS-CERT conference was taking place. For those for whom that abbreviation is a new one, coming up is brief info. For those who came only for the Guinness – you’ll need to scroll down this post a bit!…

CERT = computer emergency response team: a group of highly-qualified experts who collect information about incidents of a certain kind in the IT field, and also their classification and neutralization. // We have a CERT in the company, btw, which deals with cybersecurity problems of industrial systems.

IRISS-CERT = Ireland’s national CERT. Therefore -> we’re friends with them and help them out – because only together can we fight cyber-villainy effectively!

The event was a modest one, but oh-such an interesting one. I took to the stage and did my customary ‘cyber-standup’ act, where I tell of serious things about serious cyber-problems, yet still the audience laughs – a lot ). Well, why not? Serious – yes; but who – ever – wants a PowerPoint sleepathon?

Read on…

I was in London only a month ago – but, since if you’re tired of London, you’re tired of life‘, I was back in the UK capital just the other day!…

And – just as I prefer it – we arrived with plenty of time to spare before our business program was set to start, so, naturally – first things first – walkies time!…

Handily, our hotel was in the center of the city – a stone’s throw from the River Thames and not far from Buckingham Palace – so off we set for some London side-street strolling. But before we’d hardly gotten started, suddenly…

…Hold on… I think I recognize that building. Yes, it’s the Queen Elizabeth II Centre, where – precisely (!) 10 years ago (November 2011) – I took part in the London Cyberspace Conference, after having been personally invited by the then-foreign secretary, William Hague!

Read on…

Being a developer of cybersecurity: it’s a tough job, but someone’s got to do it (well!).

Our products seek and destroy malware, block hacker attacks, do update management, shut down obtrusive ad banners, protect privacy, and a TONS more… and it all happens in the background (so as not to bother you) and at a furious pace. For example, KIS can check thousands of objects either on your computer or smartphone in just one second, while your device’s resource usage is near zero: we’ve even set the speedrunning world record playing the latest Doom with KIS working away in the background!

Keeping things running so effectively and at such a furious pace has, and still does require the work of hundreds of developers, and has seen thousands of human-years invested in R&D. Just a millisecond of delay here or there lowers the overall performance of a computer in the end. But at the same time we need to be as thorough as possible so as not to let a single cyber-germ get through ).

Recently I wrote a post showing how we beat demolished all competition (10 other popular cybersecurity products) in testing for protection against ransomware – today the most dangerous cyber-evil of all. So how do we get top marks on quality of protection and speed? Simple: by having the best technologies, plus the most no-compromise detection stance, multiplied by optimization ).

But, particularly against ransomware, we’ve gone one further: we’ve patented new technology for finding unknown ransomware with the use of smart machine-learning models. Oh yes.

The best protection from cyberattacks is multi-level protection. And not simply using different protective tools from different developers, but also at different stages of malware’s activity: penetration, deployment, interaction with the command center, and launch of the malicious payload (and this is how we detect the tiniest of hardly-noticeable anomalies in the system, analysis of which leads to the discovery of fundamentally new cyberattacks).

Now, in the fight against ransomware, protective products traditionally underestimate final stage – the stage of the actual encryption of data. ‘But, isn’t it a bit late for a Band-Aid?’, you may logically enquire ). Well, as the testing has shown (see the above link) – it is a bit too late for those products that cannot roll back malware activity; not for products that can and do. But you only get such functionality on our and one other (yellow!) product. Detecting attempts at encryption is the last chance to grab malware red-handed, zap it, and return the system to its original state!

Ok, but how can you tell – quickly, since time is of course of the essence – when encryption is taking place?

Read on…

What’s the No. 1 most unpleasant pain in the xxx thorn in the side of the modern-day cyber-world in terms of damage, evil sophistication, and headline-grabbing the world over? Can you guess?…

Ah, the title of this post may have given it away, but yes, of course, it’s ransomware (aka cryptomalware, but I’ll stick with the simpler, less tongue-twisting, and professional term ‘ransomware’).

So: ransomware. Bad. How bad?…

Well, it’s actually so bad, and has been so consistently bad for years, so deeply embedded in all things digital, and has so overwhelmed so many large organizations (even indirectly being followed by human deaths), which (large organizations) have forked out so much money to pay ransoms for, that the world’s news media has become almost indifferent to it. It’s stopped being headline news, having been transformed into an every-day casual event. And that’s what’s most worrying of all: it means the cyber-scumbags (apologies for such a strong language, but it’s really the best way to describe these folks) are winning; cyber-extortion is becoming a seemingly inevitable reality of today’s digital world and it seems there’s nothing can be done about it.

And they’re winning for three reasons:

Third (I’ll start at the end): the ‘big boys’ are still playing their schoolyard geopolitical games, which blocks national cyber-polices exchanging operational information for coordinated searching, catching, arresting and charging of ransomware operators.

Second: users aren’t prepared – resilient – enough to respond to such attacks.

And first (most important): not all washing powders are the same anti-ransomware technologies are equally effective – by a long way.

Often, ‘on the tin’, anti-ransomware technologies featured in cybersecurity solutions are claimed to be effective. But in practice they don’t quite do exactly what it says on the tin, or – if they do, consistently. And what does this mean? That users are scandalously unprotected against very professional, technically sophisticated ransomware attacks.

But don’t just take my word for it. Check what the trusted German testing institute – AV-TEST – say. They’ve just published complex research on the ability of cybersecurity products to tackle ransomware. They paid no attention whatsover to marketing claims (à la ‘this deodorant is guaranteed to last for 48 hours’), and didn’t just use widely-know in-the-wild ransomware samples. They besieged several of the top cybersecurity solutions in real ‘battlefield’ conditions, firing at them all sorts of live-ammunition ransomware artillery that’s actually out there today. As mentioned, no in-the-wild samples, but those technically capable of weaponizing a ransomware attack. And what did they find? On the whole – something thoroughly shocking and scary:

Read on…

Personal experience, plus what I’m told by other clever folks, has taught me to treat with much skepticism any predictions regarding the future given by so-called experts – in fact all kinds of prognoses and prophesies about this, that and the other. Although I tend to share this view, I have to make an exception for the predictions of one single person in particular: me! Why? Because, unfortunately, those predictions normally come true…

Ten years ago, when we chose industrial cybersecurity as one of our new main areas for development of the company, attacks on industrial equipment were largely deemed hype and/or something out of Hollywood, or at least limited to relatively few specific enterprises; for example, ones like this. But since the beginning of the 2010s I’ve been repeating (ad nauseam!) that, sooner or later, attacks on industrial installations will go mainstream and become massive in scale, and that modern industrial security is sadly very lacking in its ability to cope with the realities of the digital world.

Today, attacks on industrial objects are becoming a daily – very expensive – reality. We’ve already seen how a ransomware-cyberattack on a mere office network of large pipeline can bring about a short-term rise in the price of gasoline in the U.S.A. So imagine how much more costly attacks on industrial components of critical infrastructure operators could be. And it’s not just a matter of financial losses incurred by targeted companies caused by their compelled down time – there’s also the hit taken by all the consumers of the companies’ products and services, which can be painful for regional economies and even national ones.

Read on…

Hi folks!

Herewith – a brief interlude to my ongoing meandering Tales from the Permafrost Side. And what better interlude could there be than an update on a momentous new K-product launch?!

Drum roll, cymbal!…

We’re launching and officially presenting to the world our first fully ‘cyber-immune’ solution for processing industrial data – the death knell for traditional cybersecurity heralding in a new era of ‘cyber immunity’ – at least (for now) for industrial systems and the Internet of Things (IoT)!

So, where is this cyber-immune solution? Actually – in my pocket! ->

Read on…