Kaspersky Lab is one of the most fast-growing companies working for information security; it operates in over 200 countries of the world. Kaspersky products and technologies protect more than 300 million users all over the globe. The Lab employs about 3000 professionals and its staff grows annually by 6%.
The most valuable asset of the company is its expertise accumulated over the years of struggle against cyber threats. Thanks to its vast experience, the Lab is one of the leaders in the information security industry and provides its customers with advanced methods of protection against new types of cyberattacks.
In 2008, Kaspersky Lab started its Global Research Center whose aim is to investigate cyber incidents, monitor threats, and develop innovations. The Global Center participates in investigating cyber incidents including those involving the use of espionage and sabotage tools.
Kaspersky Lab cooperates with the global community dealing with information security, international agencies, national and regional law enforcement bodies (Interpol, Europol, National Hi-Tech Crime Unit – NHTCU - of the Netherlands police, the London police, etc.), as well as with computer emergency response teams (CERT) all over the world.
In the interview to We&WE, the leading Kaspersky Lab experts told us about joint cyber incident investigations and the current computer threats.
Kaspersky Lab Vice President for Public Affairs Anton Shingarev
Anton, we know that Kaspersky Lab cooperates with international agencies and with both national and regional law enforcement bodies in investigating cyber incidents. Do you also interact with the police authorities in Azerbaijan?
We are ready to help Azerbaijani law enforcement authorities in cyber security investigations. We closely cooperate with Interpol, we are Europol’s official strategic partner: we support Europol’s cyber investigations, organize skills workshops and train their experts. We also have close ties with the police of the Netherlands, Germany, Great Britain, France, Italy, and other countries. Not long ago we signed a memorandum of understanding and information exchange with the law enforcement authorities of Denmark. Similar contacts are being built with Azerbaijan: for example, we had a bilateral top-level meeting at the conference on security in Munich earlier this year. Different countries assess cyber threats on different levels: they can be viruses or hacker attacks. It is noteworthy that Azerbaijani leadership realizes the importance of protecting industrial objects. We hope that after the meeting I mentioned our contacts with Azerbaijan will progress and develop.
Do you think that threats differ in different regions?
Yes, there are countries where unique threats prevail. For instance, in South Korea gaming market is very well developed, and the main cybercrimes there involve stealing game characters. And this cyber theft market is estimated in tens of thousands dollars.
The market of the post-Soviet states also has its specific features. A strong education system is typical of our region and that is why, in my opinion, our countries have a fairly well developed protection. I mean we have enough experts working on security algorithms. I am sure that Azerbaijan is well advanced in terms of protecting its banking system and the financial sphere in general as this sector undergoes attacks most often.
Does Kaspersky Lab cooperate with intelligence? If it does, what is the basis of your cooperation?
Though Kaspersky Lab is based in Russia, our main markets are in Europe, Asia, and the USA. We are often asked questions about our contacts with intelligence. Yes, we do cooperate with the Russian Federal Security Service, as well as with the American CIA or the British GCHQ. But this cooperation is aimed exclusively at cyber security. For example, secret services turn to us for certification. In this respect we are transparent even in comparison to our American counterparts, including the disclosure of the original code. We will be happy to work with the Azerbaijani special services whose responsibility is cyber security.
Speaking of different types of cyberattacks, I should mention that the aim of the majority of attacks is espionage, though criminal attacks also take place. Recently, there also emerged mixed-type attacks. Computer crime has become a kind of business, a diversified business with its own supply chain. Suppose, there are scumware designers who sell it to those who infect computers and own a botnet; then botnet owners sell the stolen data to other interested parties, and so on. In other words, it is a business industry, with its partnership conferences. And the hacker is not at all the guy we all know from the Hollywood movies. He is a common person, with an eight-hour working day who found his job through Internet ads.
Chief Security Expert at Kaspersky Lab Alexander Gostev speaks on future cyber threats and sophisticated techniques violators use in the virtual media.
Alexander, what makes programmers take the wrong turning and become violators using network holes for personal advantage? How serious is the situation in our region?
First, I anticipate the decline in the number of hackers in the former Soviet Union in the next three to five years. The army of cyber criminals involved in this industry will decrease to about 1500 people.
One of the principal reasons for the rise of cybercrime within the post-Soviet space was economic recession. In Russia, computer crime developed in the late 90ies when a lot of highly skilled programmers who graduated from universities were unable to find jobs with a salary matching their qualification. With the improvement of the economic situation, the number of such people went down. So the number of violators depends primarily on the situation in economy.
One or two people out of 100 hackers can succeed in pulling a major theft in the virtual environment. All the others will eventually leave this business. Of course, some new guys will come to replace them but I doubt if they can be truly successful. I believe that, in due course, more and more hackers will be failing which will result in the decline of their interest in this area. As for the hacking targets, abusers will focus on attacking companies while the number of attacks at home users will be decreasing (except the mobile gadget users).
Hackers’ main goal will be big "earnings". Attacking a major company, a hacker can steal – figuratively – a million dollars. It’s unlikely that a computer burglar will be willing to infect a million users to steal a dollar from each of them: a million victims would cause a police investigation and he will eventually be caught. But in case of a large company, it is much more difficult to find the violator while the company itself can be unaware of being infected.
Another modern trend is the rapid migration of cyber criminals from traditional PCs to mobile gadgets. While in 2010 Kaspersky Lab detected 2 to 5 Trojan programs for mobile telephones every day, now thousands of such malicious programs are detected daily. New methods to earn money by infecting telephones emerge. Some time ago hackers used primitive techniques to steal money from the account of a user who sent a text message to a premium number. Now hackers have learned to block a telephone and claim money for its unblocking; fully functional spy software appeared enabling a hacker to steal all the information from a smartphone, to switch on secretly its camera or sound recording, etc. Trojan software is sold as a service and any cybercriminal can acquire his own Trojan to infect smartphones.
What shall we watch out for now and in the next two years?
We consider as very serious the incidents involving encrypting programs. Being an anti-virus company, we often do not have an opportunity to restore encrypted documents. Yes, we are ready to prevent infection but if the system is already infected we are unable to do anything in 90% of cases. Cybercriminals know that users have no chance to restore their data unless they have made data back-up. So the victims have no choice but to pay the intruder. As a rule, they pay in bitcoins, which provides for the anonymity of the criminals as these payments cannot be traced. Today any cybercriminal can buy a ready-made encrypting program and distribute it himself.
Earlier this year there has been an incident in North America: a virus infected a hospital and encrypted the information concerning all its patients. The work was actually paralyzed. The hospital had to pay the criminals three million dollars for decoding the data. This is a very serious problem. I think encryptors will remain the principal threat this year, and they will also give us a lot of hard time in the coming years.
Senior Security Researcher at Kaspersky Lab Sergey Lozhkin speaks on the relevance of cyber threats in the context of industrial objects and "smart homes".
Information richness of cities and industrial facilities is a sign of progress but also involves a threat of being a target for cybercriminals. The consequences can be too bad. How well do you think the information systems of "smart cities" or vitally important sites like hospitals and other medical institutions are protected against malefactors?
You are right, the increasing number of the city sites gain information richness. If earlier attacks threatened only automated control systems of physical entities, now basically all the Internet devices can be attacked. I have made a research: I did a full-scale test of a hospital’s information system, discovered its vulnerability, penetrated into the system and got access to tomographs, to patients’ data, to their case records. I am speaking about one of Moscow hospitals. So, as you see, medical institutions are vulnerable. Moreover, now doctors practice distant surgeries conducting on-line operations. Just imagine what might happen if a hacker gets access to such surgeries.
Today payment technologies are rapidly developing, contactless payments and other types of electronic payments are being introduced. Knowing that e-payments are locked to their bank cards, many users are afraid of becoming violators’ victims. To what extent are these fears warranted?
For people using their credit cards to pay on-line for services or goods, there is a very simple technique which I also use. One should have a separate card for such transactions, with a limited sum of money.
We cannot hide from the progress. All types of electronic payments – contactless, mobile, and others, as well as distant service banking systems, will be developing, this is inevitable.
On the other hand, the ‘Internet of Things’ market is growing at an exponential rate. According to various estimations, by 2020 75% of all cars will be connected to the Internet. That means that all the telemetric measurements will be done online and the condition of all the car units will be monitored from the dealer’s center. Thus, the dealer’s center workers, knowing in advance of the expiry date of different car units, will call the car owner and notify him respectively. At present, this method is practiced only for servicing premium class cars. More than that, by 2030 cars will be able to drive without drivers. And now imagine what could happen if criminals get access to controlling unmanned vehicles…
It’s great that automation is becoming a major part of our everyday life but codes are written by people, and no man is faultless. Errors testify to potential vulnerability. For instance, if a cybercriminal knows that your home is connected to the Internet he could start with connecting to your surveillance cameras, to your fridge or TV set which are also equipped with cameras today, and watch you. Here a question arises: how much do you trust the manufacturers of all these devices?
A lot of people today are concerned about Internet spying, including even Facebook founder Mark Zuckerberg. Just remember his recent photo in the media where his notebook’s camera and mikes were closed with a sticky tape. What would you recommend to social media users?
First of all, you should know that when you register with a social network you accept the articulate provisions of the agreement stating what kind of your personal information will be accumulated, how the network will handle your data, where and for what purposes it will be transferred.
Certainly, social media collects a lot of private information about the user: which websites you visit, what you like, where you are registered, to which events you are invited, which air companies you prefer, and so on. But the question is how well protected this info is. Just think of a situation when this data becomes available to ‘bad guys’. We are speaking about the information concerning millions of users. Of course that may bring about very sad consequences.
Nevertheless, data is being collected and we cannot do anything about it. The amount of data will grow and information will be increasingly private. Using social media, we disclose our private life to the outer world. Everybody is aware of that. That same Google admits that it reads your gmail correspondence using computer logic. That is why we receive targeted email ads. If you wish to defend yourself against things like that it is enough not to use social networks and other public services.
Free subscription to the web version of the We & World Economics:
Follow us on: