Tag Archives: technology

When the past is studied carefully, a detailed and precise picture of the present can be formed; then, the expert’s analytical mind (better – lots of experts’ analytical minds) can warn about – even predict – the foreseeable future. This is precisely how we here at K can often guess predict accurately how the upcoming evolution of digital maliciousness will pan out. It’s also how we keep abreast of the latest cyberattack trends, which allows us to timely develop the corresponding technologies needed in the fight against the cyber-unpleasantnesses around the corner. There’ve been times when we were mistaken in this expertise-based cyber-prophecy of ours: some types of cyber-awfulness is pretty hard to predict at all – but those instances have always been the exception to the rule; more often than not we’ve been bang on the money.

So how do we manage it? Is it just bearded geeky super-brainy types who do all this analysis and cyber-prophesizing? Actually – no. A lot of it is automated. And that’s to be applauded: a human – no matter how brainy – can’t compete with today’s computing power and algorithms and robots and AI machine-learning. The brainy human is still needed, of course; but why do all the heavy-lifting alone?

It’s the heavy-lifting that I’ll be telling you about today in this post. Technological, science-based heavy-lifting that allows us to predict the future (no mystical fortune-telling à la Baba Vanga:).

Let me start off by telling you about the evolution of our Threat Intelligence Platform (TIP).

I’ll break it down just like in the title: how we analyze the past, test the present, and then we crystal ball predict the future…

Read on…

Ten years is a long time in cybersecurity. If we could have seen a decade into the future in 2011 just how far cybersecurity technologies have come on by 2022 – I’m sure no one would have believed it. Including me! Paradigms, theories, practices, products (anti-virus – what’s that?:) – everything’s been transformed and progressed beyond recognition.

At the same time, no matter how far we’ve progressed – and despite the hollow promises of artificial intelligence miracles and assorted other quasi-cybersecurity hype – today we’re still faced with the same, classic problems we had 10 years ago in industrial cybersecurity:

How to protect data from non-friendly eyes and having unsanctioned changes made to it, all the while preserving the continuity of business processes?

Indeed, protecting confidentiality, integrity and accessibility still make up the daily toil of most all cybersecurity professionals.

No matter where it goes, ‘digital’ always takes with it the same few fundamental problems. ANd ‘go’ digital will – always – because the advantages of digitalization are so obvious. Even such seemingly conservative fields like industrial machine building, oil refining, transportation or energy have been heavily digitalized for years already. All well and good, but is it all secure?

With digital, the effectiveness of business grows in leaps and bounds. On the other hand, all that is digital can be – and is – hacked, and there are a great many examples of this in the industrial field. There’s a great temptation to fully embrace all things digital – to reap all its benefits; however, it needs to be done in a way that isn’t agonizingly painful (read – with business processes getting interrupted). And this is where our new(ish) special painkiller can help – our KISG 100 (Kaspersky IoT Secure Gateway).

This tiny box (RRP – a little over €1000) is installed between industrial equipment (further – ‘machinery’) and the server that receives various signals from this equipment. The data in these signals varies – on productivity, system failures, resource usage, levels of vibration, measurements of CO₂/NO_x emissions, and a whole load of others – and it’s all needed to get the overall picture of the production process and to be able to then take well-informed, reasoned business decisions.

As you can see, the box is small, but it sure is powerful too. One crucial functionality is that it only allows ‘permitted’ data to be transferred. It also allows data transmission strictly in just one direction. Thus, KISG 100 can intercept a whole hodge-podge of attacks: man-in-the-middle, man-in-the-cloud, DDoS attacks, and many more of the internet-based threats that just keep on coming at us in these ‘roaring’ digital times.

Read on…

Being a developer of cybersecurity: it’s a tough job, but someone’s got to do it (well!).

Our products seek and destroy malware, block hacker attacks, do update management, shut down obtrusive ad banners, protect privacy, and a TONS more… and it all happens in the background (so as not to bother you) and at a furious pace. For example, KIS can check thousands of objects either on your computer or smartphone in just one second, while your device’s resource usage is near zero: we’ve even set the speedrunning world record playing the latest Doom with KIS working away in the background!

Keeping things running so effectively and at such a furious pace has, and still does require the work of hundreds of developers, and has seen thousands of human-years invested in R&D. Just a millisecond of delay here or there lowers the overall performance of a computer in the end. But at the same time we need to be as thorough as possible so as not to let a single cyber-germ get through ).

Recently I wrote a post showing how we beat demolished all competition (10 other popular cybersecurity products) in testing for protection against ransomware – today the most dangerous cyber-evil of all. So how do we get top marks on quality of protection and speed? Simple: by having the best technologies, plus the most no-compromise detection stance, multiplied by optimization ).

But, particularly against ransomware, we’ve gone one further: we’ve patented new technology for finding unknown ransomware with the use of smart machine-learning models. Oh yes.

The best protection from cyberattacks is multi-level protection. And not simply using different protective tools from different developers, but also at different stages of malware’s activity: penetration, deployment, interaction with the command center, and launch of the malicious payload (and this is how we detect the tiniest of hardly-noticeable anomalies in the system, analysis of which leads to the discovery of fundamentally new cyberattacks).

Now, in the fight against ransomware, protective products traditionally underestimate final stage – the stage of the actual encryption of data. ‘But, isn’t it a bit late for a Band-Aid?’, you may logically enquire ). Well, as the testing has shown (see the above link) – it is a bit too late for those products that cannot roll back malware activity; not for products that can and do. But you only get such functionality on our and one other (yellow!) product. Detecting attempts at encryption is the last chance to grab malware red-handed, zap it, and return the system to its original state!

Ok, but how can you tell – quickly, since time is of course of the essence – when encryption is taking place?

Read on…

Phew. Thank goodness it’s over. The ghastliest year known to most of us ever – finally done, dusted, finito, fertig. Let’s just hope, as many folks are repeating: ‘2021 will be better; it can’t be worse, surely?!’

For a good 10 months of last year practically the whole world was in a permanent state of shock. And I don’t just mean the world’s population; private business and national economies were also hit incredibly hard. Alas, one field that hasn’t been affected badly at all – in fact it has only benefitted from the pandemic, greatly – is cybercrime. Folks locked down and working from home and spending much more time online meant there were many more potential cybercrime victims ripe for the hacking. And not just individual users, but also companies: with employees working from home, many corporate networks came under attack as they weren’t sufficiently protected since, in the rush to get everyone working remotely quickly in the spring, security wasn’t given priority. In short, the whole world’s digital status quo was also badly shaken up by this vicious virus from hell.

As a result of the rise in cybercrime – in particular that targeting vulnerable corporate networks – the cybersecurity sector has been busier than ever. Yes – that includes us! 2020 for us as a Kompany turned out to be most productive. For example, the number of new versions of our solutions launched throughout the year was most impressive – especially in the enterprise sector.

We’ve also had new versions in our industrial cybersecurity solutions line up, one of which is what I want to talk about today – some teKh known as MLAD. Not to be confused with online funny-video sites, or MLAD that’s short for Minimum Local Analgesic Dose, or MLAD that’s short for Mid Left Anterior Descending artery, our MLAD is short for Machine Learning for Anomaly Detection.

If you’re a regular reader of our blogs, you may recall something about this tech of ours. Maybe not. Anyway – here’s a refresher/into, just in case…

Our MLAD is a system that uses machine learning to analyze telemetry data from industrial installations to pinpoint anomalies, attacks or breakdowns.

Let’s say you have a factory with thousands of sensors installed throughout – some measuring pressure, some temperature, others – whatever else. Each sensor generates a constant flow of information. An employee keeping track of all those flows is fairly impossible, but for machine learning – it’s a walk in the park. Having preliminarily trained up a neuro network, MLAD can, based on direct or indirect correlations, detect that something’s wrong in a certain section of the factory. In doing so, million or multimillion-dollar damages caused by potential incidents not nipped in the bud can be avoided.

Ok – that’s the overall idea of what MLAD does. Let me now try and relate the granular scale of the analysis MLAD accomplishes using a medical metaphor…
Read on: MLAD

For a few weeks already, this here mysterious, shiny, clearly hi-tech, futuristo device has been complementing the minimalistic office furniture of my corner office at our HQ. It’s so shiny and fancy and slick and post-modern that whenever I get a visitor – which is not often of late due to our general WFH-policy – it’s the first thing they notice, and the first question is always, simply, obviously – ‘what is that?!’ ->

Is it a bird, is it a plane, is it a camera (on a tripod), is it a gun, is it some kind of scanner? Warmer, warmer!…

But before I tell you – quick digression!…

Read on…

A year ago I addressed cybersecurity specialists to let them know about a new tool we’d developed – our Open Threat Intelligence Portal (OpenTIP). Tools for analysis of complex threats (or merely suspicious objects) – the very same ones used by our famous cyber-ninjas in GReAT – became accessible to anyone who wanted to use them. And use them lots of folks wanted – testing zillions of files every month.

But in just a year a lot has changed. Things have become much more difficult for cybersecurity experts due to practically the whole world having to work remotely because of coronavirus. Maintaining the security of corporate networks has become a hundred times more troublesome. Time, which was precious enough as it was before corona, has become a highly precious resource. And today the most common request we get from our more sophisticated users is simple and direct: ‘Please give us API access and increase rate limits!’

You asked. We delivered…

In the new version of OpenTIP there’s now user registration available. And I highly recommend regular visitors do register, since when you do a large chunk of the paid Threat Intelligence Portal turns up out of the ether.

Read on…

Quite a lot of folks seem to think that the automobile of the 21^st century is a mechanical device. Sure, it has added electronics for this and that, some more than others, but still, at the end of the day – it’s a work of mechanical engineering: chassis, engine, wheels, steering wheel, pedals… The electronics – ‘computers’ even – merely help all the mechanical stuff out. They must do – after all, dashboards these days are a sea of digital displays, with hardly any analog dials to be seen at all.

Well, let me tell you straight: it ain’t so!

A car today is basically a specialized computer – a ‘cyber-brain’, controlling the mechanics-and-electrics we traditionally associate with the word ‘car’ – the engine, the brakes, the turn indicators, the windscreen wipers, the air conditioner, and in fact everything else.

In the past, for example, the handbrake was 100% mechanical. You’d wrench it up – with your ‘hand’ (imagine?!), and it would make a kind of grating noise as you did. Today you press a button. 0% mechanics. 100% computer controlled. And it’s like that with almost everything.

Now, most folks think that a driver-less car is a computer that drives the car. But if there’s a human behind the wheel of a new car today, then it’s the human doing the driving (not a computer), ‘of course, silly!’

Here I go again…: that ain’t so either!

With most modern cars today, the only difference between those that drive themselves and those that are driven by a human is that in the latter case the human controls the onboard computers. While in the former – the computers all over the car are controlled by another, main, central, very smart computer, developed by companies like Google, Yandex, Baidu and Cognitive Technologies. This computer is given the destination, it observes all that’s going on around it, and then decides how to navigate its way to the destination, at what speed, by which route, and so on based on mega-smart algorithms, updated by the nano-second.

A short history of the digitalization of motor vehicles

So when did this move from mechanics to digital start?

Some experts in the field reckon the computerization of the auto industry began in 1955 – when Chrysler started offering a transistor radio as an optional extra on one of its models. Others, perhaps thinking that a radio isn’t really an automotive feature, reckon it was the introduction of electronic ignition, ABS, or electronic engine-control systems that ushered in automobile-computerization (by Pontiac, Chrysler and GM in 1963, 1971 and 1979, respectively).

No matter when it started, what followed was for sure more of the same: more electronics; then things started becoming more digital – and the line between the two is blurry. But I consider the start of the digital revolution in automotive technologies as February 1986, when, at the Society of Automotive Engineers convention, the company Robert Bosch GmbH presented to the world its digital network protocol for communication among the electronic components of a car – CAN (controller area network). And you have to give those Bosch guys their due: still today this protocol is fully relevant – used in practically every vehicle the world over!

// Quick nerdy post-CAN-introduction digi-automoto backgrounder: 

The Bosch boys gave us various types of CAN buses (low-speed, high-speed, FD-CAN), while today there’s FlexRay (transmission), LIN (low-speed bus), optical MOST (multimedia), and finally, on-board Ethernet (today – 100mbps; in the future – up to 1gbps). When cars are designed these days various communications protocols are applied. There’s drive by wire (electrical systems instead of mechanical linkages), which has brought us: electronic gas pedals, electronic brake pedals (used by Toyota, Ford and GM in their hybrid and electro-mobiles since 1998), electronic handbrakes, electronic gearboxes, and electronic steering (first used by Infinity in its Q50 in 2014).

BMW buses and interfaces

Read on…

It’s been a long, long time since humanity has had a year like this one. I don’t think I’ve known a year with such a high concentration of black swans of various types and forms in it. And I don’t mean the kind with feathers. I’m talking about unexpected events with far-reaching consequences, as per the theory of Nassim Nicholas Taleb, published in his book The Black Swan: The Impact of the Highly Improbable in 2007. One of the main tenets of the theory is that, with hindsight, surprising events that have occurred seem so ‘obvious’ and predictable; however, before they occur – no one does indeed predict them.

Example: this ghastly virus that’s had the world in lockdown since March. It turns out there’s a whole extended family of such viruses – several dozen coronaviridae, and new ones are found regularly. Cats, dogs, birds, bats all get them. Humans get them; some cause common colds; others… So surely vaccines need to be developed against them as they have been for other deadly viruses like smallpox, polio, whatever. Sure, but that doesn’t always help a great deal. Look at flu – still no vaccine that inoculates folks after how many centuries? And anyway, to even start to develop a vaccine you need to know what you’re looking for, and that is more art than science, apparently.

So, why am I telling you this? What’s the connection to… it’s inevitably gonna be either cybersecurity or exotic travel, right?! Today – the former ).

Now, one of the most dangerous cyberthreats in existence are zero-days – rare, unknown (to cybersecurity folks et al.) vulnerabilities in software, which can do oh-my-grotesque large-scale awfulness and damage – but they often remain undiscovered up until the moment when (sometimes after) they’re exploited to inflict the awfulness.

However, cybersecurity experts have ways of dealing with unknown-cyber-quantities and predicting black swans. And in this post I want to talk about one such way: YARA.

Briefly, YARA helps malware research and detection by identifying files that meet certain conditions and providing a rule-based approach to creating descriptions of malware families based on textual or binary patterns. (Ooh, that sounds complicated. See the rest of this post for clarification.:) Thus, it’s used to search for similar malware by identifying patterns. The aim: to be able to say: ‘it looks like these malicious programs have been made by the same folks, with similar objectives’.

Ok, let’s take another metaphor: like a black swan, another water-based one; this time – the sea…

Let’s say a network you (as a cyber-sleuth) are studying (= examining for the presence of suspicious files/directories) is the ocean, which is full of thousands of different kinds of fish, and you’re an industrial fisherman out on the ocean in your ship casting off huge drift nets to catch the fish – but only certain breeds of fish (= malware created by particular hacker groups) are interesting to you. Now, the drift net is special: it has special ‘compartments’ into which fish only get into as per their particular breed (= malware characteristics). Then, at the end of the shift, what you have is a lot of caught fish all compartmentalized, and some of those fish will be relatively new, unseen before fish (new malware samples) about which you know practically nothing, but they’re in certain compartments labeled, say, ‘Looks like Breed X’ (hacker group X) and ‘Looks like Breed Y’ (hacker group Y).

We have a case that fits the fish/fishing metaphor perfectly. In 2015, our YARA guru and head of GReAT, Costin Raiu, went full-on cyber-Sherlock mode to find an exploit for Microsoft’s Silverlight software. You really need to read that article on the end of the ‘case’ link there but, if very briefly, what Costin did was carefully examine certain hacker-leaked email correspondence (of ‘Hacking Team’: hackers hacking hackers; go figure!) published in a detailed news article to put together out of practically nothing a YARA rule, which went on to help find the exploit and thus protect the world from all sorts of mega-trouble.

So, about these YARA rules…

We’ve been teaching the art of creating YARA rules for years. And since the cyberthreats YARA helps uncover are rather complex, we always ran the courses in person – offline – and only for a narrow group of top cyber-researchers. Of course, since March, offline training have been tricky due to lockdown; however, the need for education has hardly gone away, and indeed we’ve seen no dip in interest in our courses. This is only natural: the cyber-baddies continue to think up ever more sophisticated attacks – even more so under lockdown. Accordingly, keeping our special know-how about YARA to ourselves during lockdown looked just plain wrong. Therefore, we’ve (i) transferred the training format from offline to online, and (ii) made it accessible to anyone who wants to do it. For sure it’s paid, but the price for such a course at such a level (the very highest:) is very competitive and market-level.

Introducing! ->

Read on…

Nearly 30 years ago, in 1993, the first incarnation of the cult computer game Doom appeared. And it was thanks to it that the few (imagine!) home computer owners back then found out that the best way of protecting yourself from monsters is to use a shotgun and a chainsaw ).

Now, I was never big into gaming (there simply wasn’t enough time – far too busy:); however, occasionally, after a long day’s slog, colleagues and I would spend an hour or so as first-person shooters, hooked up together on our local network. I even recall Duke Nukem corporate championships – results tables in which would be discussed at lunch in the canteen, and even bets being made/taken as to who would win! Thus, gaming – it was never far away.

Meanwhile, our antivirus appeared – complete with pig squeal (turn on English subs – bottom-right of video) to give fright to even the most fearsome of cyber-monsters. The first three releases went just fine. Then came the fourth. It came with a great many new technologies against complex cyberthreats, but we hadn’t thought through the architecture well enough – and we didn’t test it sufficiently either. The main issue was the way it hogged resources, slowing down computers. And software generally back then – and gaming in particular – was becoming more and more resource-intensive by the day; the last thing anyone needed was antivirus bogarting processor and RAM too.

So we had to act fast. Which we did. And then just two years later we launched our legendary sixth version, which surpassed everyone on speed (also reliability and flexibility). And for the last 15 years our solutions have been among the very best on performance.

Alas, leopards are thought to never lose their spots. A short-term issue affecting computer performance turned into a myth – and it’s still believed by some today. Competitors were of course happy to see this myth grow… to mythical proportions; we weren’t.

But, what has any of this K memory-laning got to do with Doom? Well…

Read on…

We’ve done it again! For the second time we’re in the Derwent Top 100 Global Innovators – a prestigious list of global companies that’s drawn up based on their patent portfolios. I say prestigious, as on the list we’re rubbing shoulders with companies such as Amazon, Facebook, Google, Microsoft, Oracle, Symantec and Tencent; also – the list isn’t just a selection of seemingly strong companies patents-wise: it’s formed upon the titanic analytical work of Clarivate Analytics, which sees it evaluate more than 14,000 (!) candidate companies on all sorts of criteria, of which the main one is citation rate, aka ‘influence’. And as if that wasn’t tough enough, in five years the threshold requirement for inclusion in the Top-100 on this criterion has risen some 55%:

In a bit more detail, the citation rate is the level of influence of inventions on the innovations of other companies. For us, it’s how often we’re mentioned by other inventors in their patents. And to be formally mentioned in another company’s patent means you’ve come up with something new and genuinely innovative and helpful, which aids their ‘something new and genuinely innovative and helpful’. Of course, such an established system of acknowledging other innovators – it’s no place for those who come up with mere BS patents. And that’s why none of those come anywhere near this Top-100. Meanwhile, we’re straight in there – in among the top 100 global innovator companies that genuinely move technological progress forward.

Wow, that feels good. It’s like a pat on the back for all our hard work: true recognition of the contributions we’ve been making. Hurray!

Still reeling – glowing! – from all this, ever the curious one, I wondered which, say, five, of our patented technologies are the most cited – the most influential. So I had a look. And here’s what I found…

5^th place – 160 citations: US8042184B1 – ‘Rapid analysis of data stream for malware presence’.

Read on…