Live At The Lab: Eugene Kaspersky, Malware Experts Talk Threat Landscape10:00 AM EST Tue. Jul. 30, 2013
Kaspersky Lab held a media day this month at its new headquarters in Moscow. About 1,500 Kaspersky Lab employees moved to the new facility, located along the Moscow River, in March. At the event, Eugene Kaspersky and several of his top malware researchers talked about the constantly changing threat landscape impacting consumers and businesses. They said cybercriminals have developed complex business networks to carry out attacks. Kaspersky said his company is working with Interpol to help law enforcement crack down on financially motivated cybercriminals. Meanwhile, the company continues to detect targeted attacks as part of nation-state cyberespionage activity.
Here's a look behind the scenes of Kaspersky's new lab, giving insight into to what's coming up around the security bend.
The Kaspersky Lab war room consists of a bank of Dell computers used by reverse engineers and threat analysts that create malware signatures. The room is one of several spread out around the world. It consists of malware analysts who work alongside an automated system that can quickly create thousands of signatures for malware variants. When a suspicious file is flagged, the threat researchers pick it apart to learn about new techniques used by malware authors. The company detects more than 200,000 malicious programs every day.
Two-factor authentication adds security when logging into an online bank account or social media service, but it doesn't protect against man-in-the-middle attacks, said Dmitry Bestuzhev, head of Kaspersky Lab's Global Research and Analysis Team for Latin America.
Bestuzhev said financially motivated cybercriminals have perfected the attack technique, using dangerous Trojans to inject code into a banking site to steal account credentials and other personally identifiable information. Zeus, SpyEye and Carberp are the most dangerous banking Trojans on the black market, Bestuzhev told reporters.
Targeted attacks designed to steal intellectual property or conduct surveillance activities on individuals are rising in sophistication, said Sergey Golovanov, a Moscow-based Kaspersky Lab malware expert in the company's Russian Research Center. Golovanov's chief focus is on nation-state driven cyberespionage attacks, and he's led research on Stuxnet, Duqu and Flame.
At the Kaspersky event, Golovanov talked about ransomware, which paralyzes a system and then attempts to demand money from the victim to unlock the files. "The software that is blocking the computer is easy to create," Golovanov said. "Any high school guy can create it because there's nothing specific for stealing the passwords; just block the computer and show the full screen images and nothing else."
More advanced versions of ransomware can carry out full hard drive encryption or worse, fully wipe a victim's hard drive.
Far too many people use open Wi-Fi hotspots without adequate protection, said Stefan Tanase, a senior security researcher on the Kaspersky Lab global research and analysis team. Wi-Fi networks that don't use the WPA encryption standard can be used by an attacker to view a victim's browsing session, steal passwords and hijack accounts, Tanase said.
One in two Wi-Fi networks can be sniffed, Tanase said. In addition, many mobile applications are still using insecure communications protocols, such as HTTP instead of HTTPS, and exposing data on open networks. Using a virtual private network (VPN) provides the best protection on open Wi-Fi networks, Tanase said.
Nikolay Grebennikov, chief technology officer of Kaspersky Lab, unveiled the company's Multi-Device Protection Software. The product enables users to protect their mobile devices, laptops and desktop systems using a single license. Grebennikov said the change was needed because of the increased use of mobile devices and tablets. In addition to a new portal to manage passwords, device location and remote wipe capabilities, the company bolstered antiphishing protections and added a new feature designed to help people unlock their systems infected with ransomware.
Kaspersky Lab CEO Eugene Kaspersky said the United States is in a "difficult" situation as it attempts to use diplomacy to get NSA whistle-blower Edward Snowden back to the U.S. Speaking with reporters at his new headquarters, Kaspersky called Snowden a spy according to U.S. laws, but added that many countries face the difficulties of balancing security and surveillance activities.
In addition, Kaspersky told reporters that his company was working to identify sophisticated, targeted attacks driven by nation-states. Threat engineers will also be dispatched to a new facility in Singapore to work with Interpol in tracking down cybercriminals and bringing them to justice, he said. The facility is set to open next year.