Tag Archives: product launch

Hi folks!

We all know perfectly well that the internet is awash with all kinds of malware – from the primitive amateur-grade to the sophisticated pro-grade. And over the last three months things have gotten a lot worse. The cyberswine are becoming all the more daring, and their methods – all the more advanced and refined. And though battling the cyber-baddies is both worthy and wholly necessary, prevention is always better than cure.

That is, being able to recognize cyber-evil for what it is and in good time is a task of vital strategic importance; all the more so when we’re talking not simply about protecting businesses, but about protecting critical infrastructure – the kit that provides us with the safe, comfortable and stable conditions in which to live.

Accordingly, educating employees how to spot cyberattacks on corporate networks is real important. And yes, we’re the world’s biggest fans of such cyber-enlightenment: we regularly conduct trainings of all different kinds – and also formats: both online (including in real time) and offline, and all under the caring and attentive gaze of our experts.

Not so long ago I wrote on this here blog of mine about our training programs on identifying cyberattacks based on sets of malware characteristics (you can read more about YARA rules here). But here at K, we never stand still, so we’ve gone and upgraded, and today I want to tell you about our new course, which has just been added to our educational portfolio of online training for experts.

So here it is folks – introducing… training on how to respond to (Windows OS) incidents (including ransomware) – the Kaspersky Windows Incident Response course. Btw, earlier this course existed only in offline format and was the most popular among our customers; however, it’s intended for internal teams just as much as for independent cybersecurity specialists who want to further improve their knowledge and raise their qualifications.

Now, according to recent research, top managers of (non-IT) companies, and also owners of businesses seem to overestimate their ability to deal with ransomware – especially if they’ve never come across the problem. And ~73% of companies aren’t able to cope with a ransomware attack even with the help of their IT service contractors. Yes – that’s plenty!

Read on..

It’s been a while since my last post on new/updated products, so here’s making up for that…

Our Kompany mission is to protect any and all citizens of the digital world – anywhere and any-when – against all cyber-evil in all its many flavors, stripes and categories. And that protection of course includes protection of the world’s most vulnerable internet users – children.

We firmly believe in advising kids on how to recognize potential threats on the internet, as well as how to conduct oneself properly on the internet in general. Then, hopefully, there’s nothing embarrassing or even painful accompanying a child online for the rest of his/her life; after all, whatever’s put on the internet stays there – forever. We do our bit in this in various ways; for example: with webinars, public speaking appearances, joint educational projects, books, cartoons, videos and research.

And we also provide protection for kids with our parental-controls app – Kaspersky Safe Kids.

Up and running several years already, the app is constantly improved and fine-tuned so as to better suit the particular needs of children and their parents when it comes to using digital devices safely.

But it hasn’t always been plain sailing for us: a couple years ago we had to… – get this: “fight for the right to protect children” with our app. Eh?! Indeed, we had to resort to legal action in connection with a certain famous apple-emblazoned company to prevent its using unfair competitive advantages for its own parental-controls function included in its mobile operating system. Still, as is our wont with legal battles, we won the antitrust case, and the functionality that wasn’t permitted before was enabled; fairness, common sense and justice prevailed! Interested in how the Federal Antimonopoly Service case went? Then check out this, this and this.

Ok – back to our fully-functional Safe Kids app. I think I’ve already mentioned that we constantly improve it. Well let me tell you about the latest improvements…

In the very latest version of the app for iOS we’ve expanded the functionality for parents – adding more features for supervising their offsprings’ online activity. Thus, parents (or guardians) can now more thoroughly filter undesirable online content as per specific categories, learn more about the preferences and interests of their children (in particular, by monitoring what YouTube videos are watched), and set screen-time limits.

Here are a few screenshots of the interface for parents:

Read on…

The new working year is up and away, cruising steadily and assuredly like… a long-range airliner flying east. Out the window it’s getting brighter: in Moscow daylight has increased by nearly an hour daily since a month ago; in New York – by 40 minutes; and in Reykjavik – by more than two hours. Even in Singapore there’s… one more minute of sunlight in a day compared to a month ago.

However, the year 2021 simply won’t let go! First there was my review of the year (all positive); then there was the 2021 K-patents review (all positive). There’ll be a corporate/financial-results review a bit later (all positive:). And now, here, today – I’ve another review for you!…

Several reviews of a single year? If some of you have had enough of 2021 and want to leave it behind, forget it, and get on with this year, this one’s for you! ->

Actually, you can download the calendar the above pic’s taken from – here (and, jic, what the above pic’s about is here:).

Right, back to that fourth 2021-review…

And it just so happens to be – a professional review, as in: of the product and technological breakthroughs we made throughout our very busy 2021 – and all in the name of protecting you from cyber-evil. But first – some product/tech history…

Read on…

Our Threat Intelligence service (further – TI) is a set of important services that help orientate businesses in the anything-but-straightforward cyberthreat landscape and take the right decisions for enhancing their cybersecurity. In a nutshell, it’s all about the collection and analysis of data about the epidemiological situation within and outside a corporate network, professional tools for investigating incidents, analytical reports about new targeted cyberattacks, and much more besides. And it’s what every developer of corporate systems of cybersecurity has – or should have – in their product-ecosystem; it’s like a trump card or panic button, without which the ecosystem is like… a chair with weak, creaking legs. At any moment you can be in for a fall – a very painful one.

With TI, a cybersecurity expert can keep an all-seeing eye on the surroundings around their cyber-fortress (and even see over the horizon). He or she is able to keep track of what the enemy is up to – where they’re coming and going, how well they’re armed, what’s in their minds, and what strategies, tactics and intelligence they use. Without TI, even with the best defensive weaponry and bomb-proof walls, the fortress is still vulnerable: the enemy won’t necessarily come through the main gate; it could tunnel its way in or go for an aerial attack. Not good Disaster.

// Commercial-break button – ON:

We at K started to develop our own TI portal back in 2016. Since then it’s come on leaps and bounds – so much so that last year the analytical agency Forrester recognized us as a world leader in the market. And many big names around the world agree with Forrester, having become users of our TI services long ago: for example Telefonica, Munich Airport, Chronicle Security, and CyberGuard Technologies.

// Commercial-break button – OFF.

Perhaps the jewel in our TI-crown is the Digital Footprint Intelligence service (further – DFI)…

Read on…

Ten years is a long time in cybersecurity. If we could have seen a decade into the future in 2011 just how far cybersecurity technologies have come on by 2022 – I’m sure no one would have believed it. Including me! Paradigms, theories, practices, products (anti-virus – what’s that?:) – everything’s been transformed and progressed beyond recognition.

At the same time, no matter how far we’ve progressed – and despite the hollow promises of artificial intelligence miracles and assorted other quasi-cybersecurity hype – today we’re still faced with the same, classic problems we had 10 years ago in industrial cybersecurity:

How to protect data from non-friendly eyes and having unsanctioned changes made to it, all the while preserving the continuity of business processes?

Indeed, protecting confidentiality, integrity and accessibility still make up the daily toil of most all cybersecurity professionals.

No matter where it goes, ‘digital’ always takes with it the same few fundamental problems. ANd ‘go’ digital will – always – because the advantages of digitalization are so obvious. Even such seemingly conservative fields like industrial machine building, oil refining, transportation or energy have been heavily digitalized for years already. All well and good, but is it all secure?

With digital, the effectiveness of business grows in leaps and bounds. On the other hand, all that is digital can be – and is – hacked, and there are a great many examples of this in the industrial field. There’s a great temptation to fully embrace all things digital – to reap all its benefits; however, it needs to be done in a way that isn’t agonizingly painful (read – with business processes getting interrupted). And this is where our new(ish) special painkiller can help – our KISG 100 (Kaspersky IoT Secure Gateway).

This tiny box (RRP – a little over €1000) is installed between industrial equipment (further – ‘machinery’) and the server that receives various signals from this equipment. The data in these signals varies – on productivity, system failures, resource usage, levels of vibration, measurements of CO₂/NO_x emissions, and a whole load of others – and it’s all needed to get the overall picture of the production process and to be able to then take well-informed, reasoned business decisions.

As you can see, the box is small, but it sure is powerful too. One crucial functionality is that it only allows ‘permitted’ data to be transferred. It also allows data transmission strictly in just one direction. Thus, KISG 100 can intercept a whole hodge-podge of attacks: man-in-the-middle, man-in-the-cloud, DDoS attacks, and many more of the internet-based threats that just keep on coming at us in these ‘roaring’ digital times.

Read on…

Hi folks!

Herewith – a brief interlude to my ongoing meandering Tales from the Permafrost Side. And what better interlude could there be than an update on a momentous new K-product launch?!

Drum roll, cymbal!…

We’re launching and officially presenting to the world our first fully ‘cyber-immune’ solution for processing industrial data – the death knell for traditional cybersecurity heralding in a new era of ‘cyber immunity’ – at least (for now) for industrial systems and the Internet of Things (IoT)!

So, where is this cyber-immune solution? Actually – in my pocket! ->

Read on…

Hi folks!

Quite often, technical matters that are as clear as day to techie-professionals are somewhat tricky to explain to non-techie-folks. Still, I’m going to have a go at doing just that here today. Why? Because it’s a darn exciting and amazingly interesting world! And who knows – maybe this read could inspire you to become a cybersecurity professional?!…

Let’s say you need to build a house. And not just a standard-format house, but something unique – custom-built to satisfy all your whims and wishes. First you need an architect who’ll draw up the design based on what you tell them; the design is eventually decided upon and agreed; project documentation appears, as does the contractor who’ll be carrying out the construction work; building inspectors keep an eye on quality; while at the same time interior designers draw up how things will look inside, again as per your say-so; in short – all the processes you generally need when constructing a built-to-order home. Many of the works are unique, as per your specific instructions, but practically everything uses standard materials and items: bricks, mortar, concrete, fixtures and fittings, and so on.

Well the same goes for the development of software.

Many of the works involved in development are also unique, requiring architects, designers, technical documentation, engineer-programmers… and often specific knowledge and skills. But in the process of development of any software a great many standard building bricks libraries are used, which carry out all sorts of ‘everyday’ functions. Like when you build a house – you build the walls with standard bricks; the same goes for software products: modules with all sorts of different functionalities use a great many standardized libraries, [~= bricks].

Ok, that should now be clear to everyone. But where does cybersecurity come into all of this?

Well, digital maliciousness… it’s kinda the same as house-building construction defects – which may be either trivial or critical.

Let’s say there’s some minor damage done to a completed house that’s ready to move into, which isn’t all that bad. You just remedy the issue: plaster over, re-paint, re-tile. But what if the issue is deep within the construction elements? Like toxic materials that were used in construction in the past? Yes, it can become expensive painful.

Well the same goes for software. If a contagion attaches itself to the outside, it’s possible to get rid of it: lance it off, clean up the wound, get the software back on its feet. But if the digital contamination gets deep inside – into the libraries and modules [= bricks] out of which the final product [house] is built… then you’ve got some serious trouble on your hands. And it just so happens that finding such deep digital pestilence can be reeeaaally tricky; actually extracting the poison out of the working business process – more so.

That’s all a bit abstract; so how about some examples? Actually, there are plenty of those. Here are a few…

Even in the long-distant past, during the Windows 98 era, there was one such incident when the Chernobyl virus (also called CIH, or Spacefiller) found its way into the distributions of computer games of various developers – and from there it spread right round the world. A similar thing happened years later in the 2000s: a cyber-infection called Induc penetrated Delphi libraries.

Thus, what we have are cyberthreats attacking businesses from outside, but also the more serious threats from a different type of cyber-disease that manages to get inside the internal infrastructure of a software company and poison a product under development.

Let’s use another figurative example to explain all this – a trip to your local supermarket to get the week’s groceries in… during mask-and-glove-wearing, antiseptic-drenching lockdown!… Yes, I’m using this timely example as I’m sure you’ll all know it rather well (unless you’re the Queen or some other VIP, perhaps live off the land and don’t use supermarkets… but I digress).

So yes: you’ve grabbed the reusable shopping bags, washed your hands for 20 seconds with soap, donned the faced mask, put the gloves on, and off you go. And that’s about it for your corona-protective measures. But once you’re at the supermarket you’re at the mercy of the good sense and social responsibility and sanitary measures of the supermarket itself plus every single producer of all the stuff that you can buy in it. Then there are all the delivery workers, packing workers, warehouse workers, drivers. And at any link in this long chain, someone could accidentally (or on purpose) sneeze right onto your potatoes!

Well it’s the same in the digital world – only magnified.

For the supply chain of modern-day ‘hybrid’ ecosystems of IT development is much, much longer, while at the same time we catch more than 300,000 brand new cyber-maliciousnesses EVERY DAY! What’s more, the complexity of all that brand new maliciousness itself is rising constantly. To try and control how much hand-washing and mask-and-glove wearing is going on at every developer of every separate software component, plus how effective cyber-protection systems of the numerous suppliers of cloud services are… – it’s all an incredibly difficult task. Even more difficult if a used product is open-source, and its assembly is fashionably automated and works with default trust settings and on-the-fly.

All rather worrying. But when you also learn that, of late, attacks on supply chains happen to be among most advanced cyber-evil around – it gets all rather yikes. Example: the ShadowPad group attacked financial organizations via a particular brand of server-infrastructure management software. Other sophisticated cybercriminals attack open source libraries, while our industry colleagues have reminded us that developers are mostly unable to sufficiently verify that components they install that use various libraries don’t contain malicious code.

Here’s another example: attacks on libraries of containers, like those of Docker Hub. On the one hand, using containers makes the development of apps and services more convenient, more agile. On the other, more often than not developers don’t build their own containers and instead download ready-made ones – and inside… – much like a magician’s hat – there could be anything lurking. Like a dove, or your car keys that were in your pocket. Or a rabbit. Or Alien! :) ->

Read on…

Around four years ago cybersecurity became a pawn used in geopolitical games of chess. Politicians of all stripes and nationalities wag fingers at and blame each other for hostile cyber-espionage operations, while at the same time – with the irony seemingly lost on them – bigging-up their own countries’ cyber weapons tools that are also used in offensive operations. And caught in the crossfire of geopolitical shenanigans are independent cybersecurity companies, who have the ability and gall guts to uncover all this very dangerous tomfoolery.

But, why? It’s all very simple…

First, ‘cyber’ is still really quite the cool/romantic/sci-fi/Hollywood/glamorous term it appears to have always been since its inception. It also sells – including newspapers online newspaper subscriptions. It’s popular – including to politicians: it’s a handy distraction – given its coolness and popularity – when distraction is something that’s needed, which is often.

Second, ‘cyber’ is really techy – most folks don’t understand it. As a result, the media, when covering anything to do with it, and always seeking more clicks on their stories, are able to print all manner of things that aren’t quite true (or completely false), but few readers notice. So what you get are a lot of stories in the press stating that this or that country’s hacker group is responsible for this or that embarrassing/costly/damaging/outrageous cyberattack. But can any of it be believed?

Generally, it’s hard to know if it can be believed or not. Given this, is it actually possible to accurately attribute a cyberattack to this or that nation state or even organization?

There are two aspects to the answer…

From the technical standpoint, cyberattacks possess an array of particular characteristics, but impartial system analysis thereof can only go so far in determining how much an attack looks like it’s the work of this or that hacker group. However, whether this or that hacker group might belong to… Military Intelligence Sub-Unit 233, the National Advanced Defense Research Projects Group, or the Joint Strategic Capabilities and Threat Reduction Taskforce (none of which exist, to save you Googling them:)… that is a political aspect, and here, the likelihood of manipulation of facts is near 100%. It turns from being technical, evidence-based, accurate conclusions to… palm or coffee grounds’ readings for fortune-telling. So we leave that to the press. We stay well away. Meanwhile, curiously, the percentage of political flies dousing themselves in the fact-based ointment of pure cybersecurity grows several-fold with the approach of key political events. Oh, just like the one that’s scheduled to take place in five months’ time!

So yes, political attribution is something we avoid. We stick to the technical side; in fact – it’s our duty and what we do as a business. And we do it better than anyone, I might modestly add ). We keep a close watch on all large hacker groups and their operations (600+ of them), and pay zero attention to what their affiliation might be. A thief is a thief, and should be in jail. And now, finally, 30+ years since I started out in this game, after collecting non-stop so much data about digital wrongdoing, we feel we’re ready to start sharing what we’ve got – in the good sense ).

Just the other day we launched a new awesome service aimed squarely at cybersecurity experts. It’s called the Kaspersky Threat Attribution Engine (KTAE). What it does is analyze suspicious files and determine from which hacker group a given cyberattack comes from. For knowing the identity of one’s attacker makes fighting it much easier: informed countermeasure decisions can be made, a plan of action can be drawn up, priorities can be set out, and on the whole an incident response can be rolled out smoothly and with minimal risk to the business.

So how do we do it?

Read on…

Hi folks, or should that be – ho, ho, ho, folks? For some have said there is a faint resemblance… but I digress – already!

Of course, Christmas and New Year are upon us. Children have written their letters to Santa with their wish lists and assurances that they’ve been good boys and girls, and Rudolph & Co. are just about ready to do their bit for the logistical miracle that occurs one night toward the end of each year. But it’s not just the usual children’s presents Father Christmas and his reindeer will be delivering this year. They’ll also be giving out something that they’ve long been getting requests for: a new solution for fighting advanced cyberattacks – Kaspersky Sandbox! Let me tell you briefly about it…

Basically it’s all about emulation. You know about emulation, right? I’ve described it quite a few times on these here blog pages before, most recently earlier this year. But, just in case: emulation is a method that encourages threats to reveal themselves: a file is run in a virtual environment that imitates a real computer environment. The behavior of a suspicious file is studied in a ‘sandbox’ with a magnifying glass, Sherlock-style, and upon finding unusual (= dangerous) actions the object is isolated so it does no more harm and so it can be studied more closely.

Analyzing suspicious files in a virtual environment isn’t new technology. We’ve been using it for our internal research and in our large enterprise projects for years (I first wrote about it on this here blog in 2012). But it was always tricky, toilsome work, requiring constant adjustment of the templates of dangerous behaviors, optimization, etc. But we kept on with it, as it was – and still is – so crucial to our work. And this summer, finally, after all these years, we got a patent for the technology of creating the ideal environment for a virtual machine for conducting quick, deep analysis of suspicious objects. And a few months ago I told you here that we learned how to crack this thanks to new technologies.

It was these technologies that helped us launch the sandbox as a separate product, which can now be used direct in the infrastructure of even small companies; moreover, to do so, an organization doesn’t need to have an IT department. The sandbox will carefully and automatically sift the wheat from the chaff – rather, from cyberattacks of all stripes: crypto-malware, zero-day exploits, and all sorts of other maliciousness – and without needing a human analyst!

So who will really find this valuable? First: smaller companies with no IT dept.; second: large companies with many branches in different cities that don’t have their own IT department; third: large companies whose cybersecurity folks are busy with more critical tasks.

To summarize, what the Sandbox does is the following:

• Speedy processing of suspicious objects;
• Lowering load on servers;
• Increasing the speed and effectiveness of reactions to cyberthreats;
• As a consequence of (i)–(iii) – helping out the bottom line!

So what we have is a useful product safeguarding the digital peace-of-mind of our favorite clients!

PS: And the children who behave and listen to their parents will of course be writing letters to Santa toward the end of 2020, too. Sure, they’ll be getting their usual toys and consoles and gadgets. But they’ll also be getting plenty of brand-new super-duper K-tech too. You have more word for it!…

Yours sincerely,

Father Christmas

I understand perfectly well that for 95% of you this post will be of no use at all. But for the remaining 5%, it has the potential to greatly simplify your working week (and many working weekends). In other words, we’ve some great news for cybersecurity pros – SOC teams, independent researchers, and inquisitive techies: the tools that our woodpeckers and GReAT guys use on a daily basis to keep churning out the best cyberthreat research in the world are now available to all of you, and free at that, with the lite version of our Threat Intelligence Portal. It’s sometimes called TIP for short, and after I’ve said a few words about it here, immediate bookmarking will be mandatory!

The Threat Intelligence Portal solves two main problems for today’s overstretched cybersecurity expert. First: ‘Which of these several hundred suspicious files should I choose first?’; second: ‘Ok, my antivirus says the file’s clean – what’s next?’

Unlike the ‘classics’ – Endpoint Security–class products, which return a concise Clean/Dangerous verdict, the analytic tools built into the Threat Intelligence Portal give detailed information about how suspicious a file is and in what specific aspects. And not only files. Hashes, IP addresses, and URLs can be thrown in too for good measure. All these items are quickly analyzed by our cloud and the results on each handed back on a silver platter: what’s bad about them (if anything), how rare an infection is, what known threats they even remotely resemble, what tools were used to create it, and so on. On top of that, executable files are run in our patented cloud sandbox, with the results made available in a couple of minutes.

Read on…