Was it just fortuitous timing for the Russian-founded international cyber-security company Kaspersky Lab that there was such even-handedness in this week's disclosures, with one being the Russia-based Carbanak criminal gang, believed responsible for the biggest known online banking heist to date, and the other, Equation, ‘the world's most advanced threat actor', unidentified, but with fingers all pointing to the NSA?
When SC rang Kaspersky Labs founder, chairman and CEO, Eugene Kaspersky during the Kaspersky Threatpost Security Analyst Summit in Cancun, Mexico, he responded by telling SC how Kaspersky issues research reports throughout the year, but seeks to have major announcements at its February conference, and last year too it had reports of both Russian and English speaking threat actors, and has reported on French actors too in previous years. So yes, it was a coincidence.
Given the sophistication of the threats faced, as demonstrated by the techniques used in these reports, Kaspersky was asked, where does that leave anti-virus vendors, when there are now so many ways to access the data that don't require breaching a perimeter – and when even white-listed software can't be trusted? Is a change of direction needed? Kaspersky responded: “The company has changed direction over the past few years to look at other areas. We are also engaged in carrying out or assisting customer requests to investigate incidents if they are not able to undertake all the forensics and other investigative work themselves, identifying attackers and their methods. That includes assisting enterprises, as well as police forces, including Interpol and Europol.
“We are also involved in other areas of providing a layered defence and recognise that a stand-alone anti-virus solution is not enough. Which is why we started to provide different services some years ago, including technical training in IT security, which we have provided for cyber-police in several countries, including for the City of London Police.”
Nonetheless, Kaspersky insisted that AV would remain a key part of its offering, and expansion would remain in the field of cyber-security. Describing the company offering, Kaspersky said: “First is anti-virus and endpoint security, and our work here has enabled us to accumulate a lot of data and experience. (Our installed base) generates data and knowledge which we are able to share with governments and enterprises. We have our forensic services for customers, and we also have anti-DDoS solutions, and we are now working on developing our security audit team for enterprises."
Asked whether creation of a security audit team was a move to get into the growing market for cyber-insurance, Kaspersky answered: “Cyber-security insurance is something people have been talking about for many years, but we have not found a right way (to participate directly), but we have the knowledge and have experts ready to provide their expertise.”
As a genuinely international company that originally came out of Russia, a territory whose government and criminal fraternity are both viewed as threats by western governments and companies, Kaspersky was asked how this impacted its business, and to what extent is it still a Russian company.
“Twenty years ago it was purely a Russian company. Now the company and its security experts are international – though 80 percent of our software engineers are Russian – as Russians are acknowledged as the best. Our R&D is also Russian-based. In the US government there is only business for US companies, so it's difficult for others, not just Russians but say French or German too. Washington does take our reports but not our technology, though in the future we are seeing some of our technology being adapted and redesigned for US use.”
And looking at the level of sophistication demonstrated by the threat actors recently reported on – can CISOs compete, and what are the threats to be concerned about? “Such actors demonstrate the complexity of attacks and indicate how malware can be infiltrated into a system and hidden in such a way that it's almost impossible to find. It is very complicated and very professional, what both groups do. The concern is that now that it is known, other actors including terrorists will learn how to use the same technology by reverse engineering. There is strong cross-border cooperation in the criminal world, including between Russian and Chinese actors who have been found using the same technology. I don't believe they are working together, but they are selling or exchanging technologies.”
Another anticipated growth area for attacks is industrial control systems. “Critical infrastructures – power, trains, ships, healthcare, communications – are all under threat. The systems used were not designed on secure platforms, so security was added on top. This is a vulnerability, and going forward control systems must be designed on secure systems where the application is built on top of a very secure platform. I do believe that eventually we will get to a level where even critical systems can be connected to networks and be safe. Right now there are examples of some plants, such as a Japanese nuclear power station, that was connected to the internet, and the control room was affected by criminal malware establishing remote control. So it's not ready yet. And we will see more attacks on industrial controls on critical infrastructure – the ability to do so was also demonstrated with the recent attack on German steel mills.”
Kaspersky suggests that any Internet of Things (IoT) attacks likely in the year ahead can be expected to focus on consumers,including cyber-criminals targeting smart TVs.