Redundant systems, offline backups and parallel networks could help thwart some cyberattacks and defend critical infrastructure facilities from serious nation-state threats, according to the highly vocal chief executive of Kaspersky Lab
"Businesses must invest more and more in cybersecurity," said Eugene Kaspersky, who addressed about 150 channel partners at his company's 6th Annual North American Partner Conference in Playa del Carmen, Mexico. "We need government regulation, more government attention to these issues and international cooperation."
While financially motivated attacks cause serious problems, weaponized malware is the most dangerous threat to businesses large and small, Kaspersky said. Cyberwar carried out by a nation-state can have serious repercussions from collateral damage to a response that can bring down a nation's infrastructure.
"You send a missile, but a cyber-missile can spread and have a wider impact," Kaspersky said. "If you send out one cyber-missile, you will have thousands in return."
The Kaspersky Lab threat researchers have uncovered and analyzed dozens of threats believed to be tied to nation-state activity. Stuxnet was designed to disrupt the programmable logic controllers in an industrial control system at an Iranian nuclear centrifuge program. Gauss and Flame were targeted cyberespionage malware attacks designed to remain stealthy and prevalent on networks, exposing data for months and sometimes years. Kaspersky said it is very likely that financially motivated cybercriminals are being hired by nation-states to carry out cyberespionage campaigns.
"If you had a conference of cybercriminals here, I think there would be more wealthy people here," Kaspersky said pointing to the partners in the audience.
Red October, the latest threat analyzed by Kaspersky Lab, is one of the most innovative threats Kaspersky said he's seen. The attack was designed to be finely tuned for specific victims. The malware toolkit contains 30 different modules and infected hundreds of people in high-profile government agencies, scientific and research organizations, and industrial and defense industries.
Kaspersky highlighted the Shamoon attack in 2012 that crippled Saudi Aramco as an example of the need for offline backups and parallel systems. Aramco had a backup, but it was connected to its network and was erased along with data on its desktops and servers, Kaspersky said. "For two days the company was paralyzed; it was a critical problem," he said. A parallel network known only to IT teams can help a business keep operations functioning while a threat is contained and systems are brought back online, he said.
Meanwhile, industrial control systems at critical infrastructure facilities should be completely disconnected from the network, Kaspersky said. Data traveling from engineers should be protected at the perimeter by running it through a different operating system. For example, if a SCADA system is running on Windows, engineering data should be sent through a Linux system. Sensors could also be set up to help recognize if an attack is coming.
Kaspersky Lab has an engineering team working on a highly secure operating system for industrial control systems, and the CEO told channel partners to expect an announcement on the hardened OS in the future. In earlier discussions, Kaspersky described the secure operating system as a platform that can be used to create management systems that isolate processes to tightly control trusted applications and monitor and restrict their behavior.
"Defense is much harder than offense," Kaspersky said. "Cybercriminals have become more professional and organized, and now there are international gangs in cyberspace. Some of these are very bad guys against us and some of them are focused on consumers, some mobile systems, but many are focused on enterprises and small and medium businesses."
PUBLISHED FEB. 8, 2013