I’ve been saying it often – for years: antivirus is dead.

Such a statement might at first seem strange – especially from someone who’s been a mover and shaker since the very earliest days in all things viruses and anti-virus in the late eighties and early nineties. However, if you dig a little deeper into the AV (RIP) topic and consult some authoritative sources in the (former:) field, then the statement quickly becomes quite logical: first, “antivirus” has turned into protective solutions “against everything”; second, viruses – as a particular species of malicious program – have died out. Almost. And it’s that seemingly harmless, negligible almost that causes problems for cybersecurity still to this day – at the back end of the year 2022! And that almost is the basis of this here blogpost today…

So. Viruses. Those Red-Listed last remaining few – where are they these days, and what are they up to?…

It turns out they tend to reside in… one of the most conservative sub-fields of industrial automation: that of operational technology (that’s OT – not to be confused with IT). OT is “hardware and software that detects or causes a change through the direct monitoring and/or control of industrial equipment, assets, processes and events” (– Wikipedia). Basically, OT relates to an industrial control systems (ICS) environment – sometimes referred to as “IT in the non-carpeted areas”. OT = specialized control systems in factories, power plants, transportation systems, the utilities sector, and the extraction, processing and other heavy industries. Yes – infrastructure; yes – often critical infrastructure. And yes again – it’s in this industrial/critical infrastructure where “dead” computer viruses are found today alive and kicking: around 3% of cyber incidents involving OT-computers these days are caused by this type of malware.

How so?

Read on…

Naming products and services – and also their many different functions and features – in the infosec domain is, in a word, tricky. Why? Complexity…

Cybersecurity: it’s not a one-dimensional object like, say, a boat. There are different sized boats, different types of boats, but a boat is mostly always a boat. But in infosec, a modern system of enterprise cybersecurity does a great many technically complex things, and the question arises: how can it all be labeled simply and catchily (if that’s at all possible) so as to be reasonably easy to understand? And how can you differentiate one security system from another? Often it’s difficult explaining such differences in a long paragraph – let alone in the name of a product or service. Like I say: tricky.

Maybe that’s why Kaspersky is still associated by some with “antivirus software”. But actually, detecting and neutralizing malware based on an antivirus database is today just one of our security technologies: over a quarter century we’ve added to it a great many others. The word antivirus today is more of a metaphor: it’s known, understood, and thus is a handy (if not too accurate or up-to-date) label.

But what are we supposed to do if we need to tell folks about complex, multifunctional protection for enterprise IT infrastructure? This is when strange sets of words appear. Then there are all the abbreviations that come with them, whose original idea was simplification (of those strange sets of words) but which often just add to the confusion! And with every year the number of terms and abbreviations grows, and memorizing them all becomes increasingly… tricky! So today, let me take you on a brief excursion of all this gobbledygook  some of these complex but necessary names, terms, descriptions and abbreviations – so that, hopefully, we achieve the thing the abbreviations themselves struggle with: bringing clarity.

Read on…

In my review of 2021, I gave a few teasing clues about some upcoming ‘super releases’ of our desktop and mobile products, going so far as promising that this year’s newbie-upgrades will be nothing short of being head-spinningly, show-stoppingly staggering. Well today, finally, in this here post – I’ll be announcing what’s what with all this super-release talk…

Actually, the word ‘super’ isn’t just me bigging up our new and improved tech and products; for we’ve gone and come up with a dedicated cybersecurity super-app for our users in which they can access, control, and tweak all their cyber-protection (plus computer hygiene) needs! No, you’re not having a dream. This is real folks!

All righty. I’ve got your attention, I hope. Now let’s dive in!…

First, as per, a spot of background-history…

Read on…

Hi folks!

For those still sweating it out in the office, not lucky enough to have left for some serious digital detox vacationing, herewith, to keep your mind off the heat, some juicy iNews, aka Dark (and Light) Tales from the Cyber Side – yet more extraordinary, hard-to-believe stories from the world of cybersecurity.

Crypto-decrepito

The gaming community will no doubt recall how, this spring, Axie Infinity, the online crypto-game (perhaps most notable for permitting virtual winnings to be exchanged into real money), suffered one of the largest robberies of all time. It appears highly likely that North Korean hackers broke into the Ronin blockchain that controls the game, and proceeded to steal around $625 million (the exact figure varies depending on the source) from users’ accounts! The incident went unannounced for a time, highlighting the vulnerability of the game’s security system, and putting the reputation of its developer behind – Sky Mavis – on the line too.

Oh my gigantic sum! But wait – that’s not all; there’s more!…

Earlier this month it was revealed precisely how the hackers managed to break into the blockchain. Are you sitting down?!…

Several months ago fake employees of a fake company on LinkedIn sent info about fake job vacancies to employees of Sky Mavis. A senior Axie Infinity developer decided to apply. He even got through several rounds of (fake) interviews, after which he was offered an extremely attractive (fake) salary and benefits package. Basically, he was made an offer he couldn’t refuse.

Said offer eventually arrived in the developer’s inbox in the form of a pdf document, which he had no qualms about downloading and opening on his work computer. And that was that – the bad guys were in. Henceforth it was all just a matter of technique: an espionage program infiltrated Ronin, via which they were able to seize four of the nine validators that protect the network. Access to the fifth validator (needed to complete the hack and then steal all the money) was gained by the hackers via the Axie Decentralized Autonomous Organization – a group set up to support the gaming ecosystem. Result – bingo; jackpot!

Read on…

When the past is studied carefully, a detailed and precise picture of the present can be formed; then, the expert’s analytical mind (better – lots of experts’ analytical minds) can warn about – even predict – the foreseeable future. This is precisely how we here at K can often guess predict accurately how the upcoming evolution of digital maliciousness will pan out. It’s also how we keep abreast of the latest cyberattack trends, which allows us to timely develop the corresponding technologies needed in the fight against the cyber-unpleasantnesses around the corner. There’ve been times when we were mistaken in this expertise-based cyber-prophecy of ours: some types of cyber-awfulness is pretty hard to predict at all – but those instances have always been the exception to the rule; more often than not we’ve been bang on the money.

So how do we manage it? Is it just bearded geeky super-brainy types who do all this analysis and cyber-prophesizing? Actually – no. A lot of it is automated. And that’s to be applauded: a human – no matter how brainy – can’t compete with today’s computing power and algorithms and robots and AI machine-learning. The brainy human is still needed, of course; but why do all the heavy-lifting alone?

It’s the heavy-lifting that I’ll be telling you about today in this post. Technological, science-based heavy-lifting that allows us to predict the future (no mystical fortune-telling à la Baba Vanga:).

Let me start off by telling you about the evolution of our Threat Intelligence Platform (TIP).

I’ll break it down just like in the title: how we analyze the past, test the present, and then we crystal ball predict the future…

Read on…

Hi folks!

We all know perfectly well that the internet is awash with all kinds of malware – from the primitive amateur-grade to the sophisticated pro-grade. And over the last three months things have gotten a lot worse. The cyberswine are becoming all the more daring, and their methods – all the more advanced and refined. And though battling the cyber-baddies is both worthy and wholly necessary, prevention is always better than cure.

That is, being able to recognize cyber-evil for what it is and in good time is a task of vital strategic importance; all the more so when we’re talking not simply about protecting businesses, but about protecting critical infrastructure – the kit that provides us with the safe, comfortable and stable conditions in which to live.

Accordingly, educating employees how to spot cyberattacks on corporate networks is real important. And yes, we’re the world’s biggest fans of such cyber-enlightenment: we regularly conduct trainings of all different kinds – and also formats: both online (including in real time) and offline, and all under the caring and attentive gaze of our experts.

Not so long ago I wrote on this here blog of mine about our training programs on identifying cyberattacks based on sets of malware characteristics (you can read more about YARA rules here). But here at K, we never stand still, so we’ve gone and upgraded, and today I want to tell you about our new course, which has just been added to our educational portfolio of online training for experts.

So here it is folks – introducing… training on how to respond to (Windows OS) incidents (including ransomware) – the Kaspersky Windows Incident Response course. Btw, earlier this course existed only in offline format and was the most popular among our customers; however, it’s intended for internal teams just as much as for independent cybersecurity specialists who want to further improve their knowledge and raise their qualifications.

Now, according to recent research, top managers of (non-IT) companies, and also owners of businesses seem to overestimate their ability to deal with ransomware – especially if they’ve never come across the problem. And ~73% of companies aren’t able to cope with a ransomware attack even with the help of their IT service contractors. Yes – that’s plenty!

Read on..

It’s been a while since my last post on new/updated products, so here’s making up for that…

Our Kompany mission is to protect any and all citizens of the digital world – anywhere and any-when – against all cyber-evil in all its many flavors, stripes and categories. And that protection of course includes protection of the world’s most vulnerable internet users – children.

We firmly believe in advising kids on how to recognize potential threats on the internet, as well as how to conduct oneself properly on the internet in general. Then, hopefully, there’s nothing embarrassing or even painful accompanying a child online for the rest of his/her life; after all, whatever’s put on the internet stays there – forever. We do our bit in this in various ways; for example: with webinars, public speaking appearances, joint educational projects, books, cartoons, videos and research.

And we also provide protection for kids with our parental-controls app – Kaspersky Safe Kids.

Up and running several years already, the app is constantly improved and fine-tuned so as to better suit the particular needs of children and their parents when it comes to using digital devices safely.

But it hasn’t always been plain sailing for us: a couple years ago we had to… – get this: “fight for the right to protect children” with our app. Eh?! Indeed, we had to resort to legal action in connection with a certain famous apple-emblazoned company to prevent its using unfair competitive advantages for its own parental-controls function included in its mobile operating system. Still, as is our wont with legal battles, we won the antitrust case, and the functionality that wasn’t permitted before was enabled; fairness, common sense and justice prevailed! Interested in how the Federal Antimonopoly Service case went? Then check out this, this and this.

Ok – back to our fully-functional Safe Kids app. I think I’ve already mentioned that we constantly improve it. Well let me tell you about the latest improvements…

In the very latest version of the app for iOS we’ve expanded the functionality for parents – adding more features for supervising their offsprings’ online activity. Thus, parents (or guardians) can now more thoroughly filter undesirable online content as per specific categories, learn more about the preferences and interests of their children (in particular, by monitoring what YouTube videos are watched), and set screen-time limits.

Here are a few screenshots of the interface for parents:

Read on…

Hi boys and girls!

It’s been a while since my last installment of iNews, aka – uh-oh cyber-news, aka – cyber-tales from the dark side, so here’s reviving the series to get back on track in giving you highlights of jaw-dropping cyber-astonishments you might not hear about from your usual sources of news…

In this installment – just one iNews item for you, but it’s plenty: an added item might have watered down the significance of this one (hardly appropriate when there’s ‘watershed’ in the title:)…

Briefly about the iNews: after lengthy legal proceedings in the U.S., a court has ruled in favor of big-pharma company Merck against its insurer for a payout of US$1.4 billion (!!) to cover the damages Merck suffered at the grubby hands of NotPetya (aka ExPetr or simply Petya) in 2017.

Quick rewind back to 2017…

In June of that year, all of a sudden a viciously nasty and technologically advanced encryptor worm – NotPetya – appeared and spread like wildfire. It initially targeted Ukraine, where it attacked victims via popular accounting software – affecting banks, government sites, Kharkov Airport, the monitoring systems of the Chernobyl Nuclear Power Plant (!!!), and so on and so on. Next, the epidemic spread to Russia, and after that – all around the world. Many authoritative sources reckon NotPetya was the most destructive cyberattack ever. Which looks about right when you count the number of attacked companies (dozens of which each lost hundreds of millions of dollars), while overall damage to the world economy was estimated at a minimum 10 billion dollars!

One of the most notable victims of the global cyberattack was the U.S. pharmaceuticals giant Merck. It was reported 15,000 of its computers were zapped within 90 seconds (!) of the start of the infection, while its backup data-center (which was connected to the main network), was lost almost instantly too. By the end of the attack Merck had lost some 30,000 workstations and 7,500 servers. Months went into clearing up after the attack – at a cost of ~1.4 billion dollars, as mentioned. Merck even had to borrow vaccines from outside sources for a sum of $250 million due to the interruptions caused to its manufacturing operations.

Ok, background out the way. Now for the juiciest bit…

Read on…

The new working year is up and away, cruising steadily and assuredly like… a long-range airliner flying east. Out the window it’s getting brighter: in Moscow daylight has increased by nearly an hour daily since a month ago; in New York – by 40 minutes; and in Reykjavik – by more than two hours. Even in Singapore there’s… one more minute of sunlight in a day compared to a month ago.

However, the year 2021 simply won’t let go! First there was my review of the year (all positive); then there was the 2021 K-patents review (all positive). There’ll be a corporate/financial-results review a bit later (all positive:). And now, here, today – I’ve another review for you!…

Several reviews of a single year? If some of you have had enough of 2021 and want to leave it behind, forget it, and get on with this year, this one’s for you! ->

Actually, you can download the calendar the above pic’s taken from – here (and, jic, what the above pic’s about is here:).

Right, back to that fourth 2021-review…

And it just so happens to be – a professional review, as in: of the product and technological breakthroughs we made throughout our very busy 2021 – and all in the name of protecting you from cyber-evil. But first – some product/tech history…

Read on…

Our Threat Intelligence service (further – TI) is a set of important services that help orientate businesses in the anything-but-straightforward cyberthreat landscape and take the right decisions for enhancing their cybersecurity. In a nutshell, it’s all about the collection and analysis of data about the epidemiological situation within and outside a corporate network, professional tools for investigating incidents, analytical reports about new targeted cyberattacks, and much more besides. And it’s what every developer of corporate systems of cybersecurity has – or should have – in their product-ecosystem; it’s like a trump card or panic button, without which the ecosystem is like… a chair with weak, creaking legs. At any moment you can be in for a fall – a very painful one.

With TI, a cybersecurity expert can keep an all-seeing eye on the surroundings around their cyber-fortress (and even see over the horizon). He or she is able to keep track of what the enemy is up to – where they’re coming and going, how well they’re armed, what’s in their minds, and what strategies, tactics and intelligence they use. Without TI, even with the best defensive weaponry and bomb-proof walls, the fortress is still vulnerable: the enemy won’t necessarily come through the main gate; it could tunnel its way in or go for an aerial attack. Not good Disaster.

// Commercial-break button – ON:

We at K started to develop our own TI portal back in 2016. Since then it’s come on leaps and bounds – so much so that last year the analytical agency Forrester recognized us as a world leader in the market. And many big names around the world agree with Forrester, having become users of our TI services long ago: for example Telefonica, Munich Airport, Chronicle Security, and CyberGuard Technologies.

// Commercial-break button – OFF.

Perhaps the jewel in our TI-crown is the Digital Footprint Intelligence service (further – DFI)…

Read on…