An interview with Kaspersky Lab: the new era of data-driven security

In an increasingly digitalised and globalised world, the rapid proliferation of new technologies offers new opportunities for development in many fields, but also hides pitfalls relating to the security of systems and devices. These vulnerabilities, together with the increasing dependence on technologies, make cyber security one of the main issues for society and business in all industries. Against this backdrop, Kaspersky stands as an innovative technology leader whose goal is to transform security intelligence into real protection. Its offering, which targets both private and business customers, enables you to securely use technologies and services in your daily life and in your organisation without worrying about cyber security risks. Private users can choose from a wide range of products to protect their privacy, money and confidential data. For business customers, Kaspersky offers small businesses unique, multi-layered solutions that are easy to manage and provide effective protection. And it meets all the needs of large businesses with a comprehensive enterprise platform that helps prevent all types of cyber threats, detects the most sophisticated attacks, responds to security incidents and predicts the evolving threat landscape.

This is achieved through an advanced and comprehensive portfolio of solutions that combine our unique blend of business expertise, threat intelligence and machine learning, and through continuous research and investment that enables us to develop trusted technologies to detect, block and prevent cyber attacks. In addition, as a technology company, Kaspersky invests heavily in research and development and employs a team of professionals from around the world. More than a third of the qualified experts working for Kaspersky are Research & Development (R&D) specialists who develop and maintain all of its solutions in-house – a key factor in a holistic approach to security. In addition, in 2008, Kaspersky established the Global Research and Analysis Team (GReAT) – an elite group of researchers who provide a world-class threat research and analysis service. Today, GReAT has more than 40 experts working across Europe, Russia, the Americas, Asia and the Middle East. The team is known for discovering and analysing some of the world’s most sophisticated threats such as Regin, Flame and Operation ShadowHammer, including threats related to cyber espionage and cyber sabotage. Translated with (free version)

“One of Kaspersky’s most important investigations is the APT (Advanced Persistent Threat) cyber gang Turla, also known as Snake & Uroboros, one of the most advanced criminal groups in the world and one of the oldest still active,” said Giampaolo Dedola, Senior Security Researcher, Global Research and Analysis Team, Kaspersky. The Turla group is known for several operations against several countries, mainly Western and Central Asian countries. For example, during the “Epic Turla” operation, it infected hundreds of computers in more than 45 countries, including most European countries as well as Kazakhstan, Russia, and the United States. The affected organisations included government institutions and embassies as well as military, education, research and pharmaceutical companies. In the course of investigating the criminal group, Kaspersky’s researchers discovered how it evades detection systems, preventing the tracking and discovery of activities.

Giampaolo Dedola – Security Researcher (GReAT) Kaspersky Lab

“Another aspect that makes Turla particularly dangerous is not only the complexity of its tools, but above all its dynamism and ability to continuously innovate its attack methods. For instance, Turla distinguished itself by the systematic use of a particularly original command-and-control (C&C) mechanism, based on satellite connections and used mainly in the final part of the attack.

“This particular type of approach has proven to be very advantageous since neither the location of the C&C server nor the hardware actually used can be identified; at the same time, this practice avoids ‘physical’ seizures of the equipment used, as is the case for domains and servers deployed for command and control (C&C) operations, which are sometimes shut down by the ISPs themselves. Satellite Internet receivers can in fact be located anywhere within the geographical area covered by a given satellite. The method used by the Turla group was highly anonymous and did not require any kind of subscription to be able to use the Internet via the satellite link. This system is therefore incredibly simple, as well as very cheap and convenient in terms of operation and management”.

“The unusual approach initially made it difficult to establish the nature of the links being monitored by the researchers from Kaspersky’s GReAT team. The satellite range used by the operators in these countries also did not cover European and North American territories, complicating research into this type of attack. Despite the complexity of the operation, through analysis of the malware used, the researchers were able to identify the vast attack campaign that had allegedly been going on undisturbed for almost eight years, and implement countermeasures to stop the threat”.

“Over the years, the tools and attack techniques exploited by the Turla group have been continually updated, but through constant research, Kaspersky’s products are able to provide a high level of protection against this type of threat”.

In the modern world, cyber security is not simply about protecting devices, but also involves developing an ecosystem where any object connected through technology is immune to cyber threats. As Morten Lehn, General Manager Italy, Kaspersky points out: “Today, most of the available intelligent systems are designed without security in mind, but in the Cyber Age, the concept of traditional cybersecurity will soon become obsolete”. It is for this reason that, in recent years, Kaspersky has been promoting a shift from the concept of ‘cyber security’ to the broader concept of ‘cyber immunity’. The basic idea of cyber immunity is to employ a level of protection such that the costs of an attack exceed the costs of any damage caused by the attack. “Nowadays, no cybersecurity expert can guarantee 100% protection. The way computer technology has developed, you can ‘hack’ anything, so the only question is how much effort cyber criminals are willing to put into an attack”.

Morten Lehn, General Manager Italy Kaspersky Lab

“Consequently, the only way to avoid an attack is to ensure that it is not economically advantageous for potential criminals. This can only be achieved if we move beyond the old concept of cybersecurity to cyber immunity, which implies building products that are secure by design, i.e. implicitly difficult to attack. This means building products that are secure by design, i.e. implicitly difficult to attack. Kaspersky, for example, has thought about the operating system, creating KasperskyOS from scratch, based on an architecture that ensures that software runs securely, including non-secure applications, which provides protection against random software errors and improper user actions. In addition, Kaspersky is collaborating with various industrial companies to build secure hardware components”.

“In this regard, just recently, it presented IoT Secure Gateway 100, the first Cyber Immune solution that allows a direct and secure connection to industrial domains with pumps, CNCs, conveyors and many other expensive fixed assets. This first product was developed based on Siemens Simatic IoT2040 hardware and KasperskyOS, and according to Kaspersky’s cyber immunity concept. Thanks to the Kaspersky Security System, the KasperskyOS microkernel and the MILS (Multiple Independent Levels of Security) architecture, the gateway can only perform the actions intended in the design phase. This means that most cyber attacks on the Cyber Immune gateway are ineffective and cannot affect its core functions. Therefore, there is no need for additional protection for the gateway and connected equipment, such as antivirus, device control or data diode solutions. Making the world a safer place is not possible without collaboration, which is the most effective tool in the fight against cyber criminals. At Kaspersky, we believe that security has no boundaries. To this end, we share our expertise, knowledge and technical discoveries with the global security community”.

“Governments around the world are working on strategies that effectively balance the need to digitise the core functions of society with the need for measures to tackle cybercrime and ensure the safety and well-being of their citizens. The complex nature of cybercrime makes it difficult not only to combat, but also to detect and understand. This is why Kaspersky has always supported the importance of collaboration, especially considering the fact that cyber threats have no borders. Kaspersky supports INTERPOL by providing the organisation with experts, training and threat intelligence data on the latest cybercrime activities, strengthening the organisation’s threat hunting capabilities. Kaspersky shares information obtained through its own cyber threat investigations and provides the necessary tools to support digital forensics and consolidate efforts to prevent cyberattacks. As of this year, INTERPOL is supporting the Coalition Against Stalkerware in the fight against digital abuse. The International Criminal Police Organisation (INTERPOL) aims to improve the ability of law enforcement agencies globally to combat stalkerware by providing the means to investigate the use of such software and support victims who request assistance. INTERPOL will promote the training sessions developed by the Coalition Against Stalkerware in its 194 member countries to improve the capacity to investigate the use of stalkerware, support victims who seek assistance and ensure that perpetrators are punished. INTERPOL’s commitment to combating domestic violence, stalking and abuse is very important to us, especially as law enforcement agencies are able to identify and respond to these threats.Le tecniche di attacco dei criminali informatici sono sempre più sofisticate e proprio per questo la collaborazione tra diversi ecosistemi, così come la condivisione delle competenze, è più che mai cruciale”.

The importance of training to combat cybercrime

Another key factor in making the world a safer place is undoubtedly cybersecurity training. The cybersecurity industry is experiencing a major problem: a lack of talent. Although education systems are actively adapting to address the problem, not enough is being done to overcome the anticipated shortage. No country in the world has a sufficient number of cybersecurity experts and it is important that more and more young people choose this path. Talented young people need to be encouraged to pursue a career in cyber security. “According to our recent survey” Morten Lehn continues, “just over half of Italians under the age of 25 would like to be involved in the fight against cybercrime. However, employers are currently failing to direct the interest and talent of young people into this field. Many companies do not offer entry-level roles in cyber security; most promote internal staff, providing training if necessary, and recruit senior security professionals externally. Involving new recruits in cybersecurity is not an option, but a necessity. By ignoring young people, the industry is giving up on getting the best out of a valuable and growing resource. It is time to address the limitations of hiring in the cyber security field before it is too late. Failure to motivate this generation for a career in our industry can be costly: cybercrime costs the world $450 billion every year, 13 times the global expenditure on space missions”.

“When we talk about training, we’re not just talking about training new IT security experts, but we believe it should also be extended to companies and employees. More than ever, training has become crucial for companies that want to protect their data, because remote working has given hackers a unique opportunity to target devices, especially those that do not have efficient IT security measures in place. Organisations today have to cope not only with the increase in remote network traffic, but also with the use of third-party services to exchange data. For example, during the pandemic there was a significant increase in the percentage of ICS (Industrial Control Systems) computers that could be accessed remotely via RDP (Remote Desktop Protocol), and the use of these tools poses a potential threat to an organisation’s security. In fact, since the beginning of March 2020, the number of bruteforce attacks against RDPs has skyrocketed across almost the entire planet. Against this backdrop, any company that has not taken steps to ensure its employees have undergone basic cybersecurity training is more likely to be compromised. According to our recent global report, ‘How COVID-19 changed the way people work’, 73 per cent of employees who work from home have not yet received any specific cybersecurity guidance or training to protect themselves from risks and, for example, only 53 per cent of them use a VPN to connect to company networks. It is therefore clear that remote working, without specific training, can really represent a major security risk for the organisation. When it comes to adapting business processes to the new reality, the company has a key role to play in keeping its employees up to date by providing security training. But for them to be effective they must be part of a joint effort by both the organisation and its employees”.

Cybersecurity cannot exist without a solid foundation of trust and transparency

“Our mission has always been to protect people and the world from cyber threats” keep saying Lehn “but this cannot be possible without certain fundamental principles such as transparency. In an industry like ours, which is changing rapidly, we need to be able to adapt to the evolving needs of our customers, stakeholders and partners. Transparency is one of these needs, which is why we decided to rethink our infrastructure and move our data processing facilities to Switzerland. We believe that such a move will become a global trend for the cybersecurity world and that a policy based on trust will spread throughout the industry and become a fundamental basic requirement. In 2017, Kaspersky announced the Global Transparency Initiative (GTI), proposing a pioneering approach to the cybersecurity industry based on increased transparency and accountability. The initiative aimed to engage the cybersecurity community and industry stakeholders in validating and verifying the trustworthiness of its products, internal processes and business operations. To this end, the company provided its software source code for independent review, underwent a series of third-party assessments, including the SOC2 audit by one of the Big Four auditing firms. And it has achieved ISO27001 certification for its services. Kaspersky also moved its data processing infrastructure from Russia to Switzerland”.

Antonino Caffo has been involved in journalism, particularly technology, for fifteen years. He is interested in topics related to the world of IT security but also consumer electronics. Antonino writes for the most important Italian generalist and trade publications. You can see him, sometimes, on television explaining how technology works, which is not as trivial for everyone as it seems.