Tag Archives: Seongsu Park

The Truth On Cyberespionage @ 3rd Kaspersky APAC Conference

The Truth On Cyberespionage @ 3rd Kaspersky APAC Conference

October 13, 2017, 2017 – Kaspersky Lab unriddles today the mysterious threat of cyberespionage against countries, critical infrastructure, and companies in the region as part of its 3rd Asia Pacific (APAC) Cyber Security Weekend in Phuket, Thailand.

The company’s annual cybersecurity conference in the region will bring together its top security experts along with industry professionals and journalists from 11 countries across APAC. The four-day event will highlight presentations from its top security researchers to reveal the truths and bust myths about cyberespionage, an alarming threat which has crossed the worlds of fiction and reality.

“Cyber espionage is a dangerous and costly threat targeting nations and corporations around the world, including nations right here in the Asia Pacific region. Kaspersky Lab today aims to sound the alarm louder about this imminent danger so we can step up our efforts to strengthen our infrastructure and protect the public,” says Stephan Neumeier, Managing Director at Kaspersky Lab APAC.

Don’t forget to check out our earlier article – The Kaspersky Palaeontology of Cybersecurity Conference!

 

Kaspersky Cybersecurity Experts On Cyberespionage

Four cybersecurity experts from Kaspersky Lab’s Global Research & Analysis Team (GReAT) topbill this year’s APAC Cyber Security Weekend and will zero in on the state of targeted attacks in APAC countries from past to present and how governments, businesses, and concerned industrial sectors can beef up their cyber defenses.

Vitaly Kamluk, Kaspersky Lab’s Director of GReAT in APAC, will open up the discussion by looking back at major cyber attacks that have hit public and private organizations over the past years in countries around the region.

“Cyberespionage, a subset of intelligence activities in cyberspace, is covert by nature. The new generation of spies are not doing physical James Bond-style operations anymore — they are regular software developers and system operators. Their achievements remain in the darkness until researchers like Kaspersky GReAT discover and document their activities. The attackers are not writing the history of cyberattacks, but researchers do. And it doesn’t come as easy making documentaries or writing memoirs. The work of researchers require high concentration and solving of multiple difficult logical problems on the way, which is why these stories are so valuable,” explains Kamluk.

Also by Vitaly Kamluk – The Palaeontology of Cyberattacks and The BitScout Free Cyber Forensics Tool.

Kaspersky Lab’s 2016 report titled “Measuring the Financial Impact of IT Security on Businesses” has found that targeted attacks, including cyberespionage, are among the most expensive types of attack. The study further shows these threats can cost up to $143,000 in losses for small businesses and $1.7 million for enterprises.

The global cybersecurity company’s cyberespionage report also reiterates that businesses in all sectors and of all sizes are vulnerable to a targeted attack. A Fortune 500 company is at risk as a two-man startup as both entities hold business data.

Aside from monetary loss, businesses and even government agencies lose confidential data and the trust from their stakeholders and customers in the wake of a successful cyberespionage campaign.

Seongsu Park, GReAT’s Senior Security Researcher based in South Korea, will specifically talk about the role of a company’s infrastructure in a successful targeted attack.

Park is among the Kaspersky Lab researchers who have been closely monitoring the activity of the high-profile cyberespionage group, Lazarus, a cybercriminal gang believed to be behind the $81-million Bangladesh Bank heist last year. He said thorough analysis on this group proved that many servers of big corporations are being used by the cybergang as launchers of their attacks against these same enterprises.

Also by Seongsu Park – The South Korean Cyberattacks – From Military To ATM

To answer the who’s and how’s of a cyberespionage campaign, Noushin Shabab, Senior Security Researcher at Kaspersky Lab’s GReAT based in Australia, will discuss the forensic techniques and critical analysis being carried out by researchers for years to be able to understand an attack and to unmask its perpetrators.

“Like paleontologists collecting the tiniest bones to be able to unearth a full artefact, cybersecurity researchers examine the leftovers of a malicious campaign, chase the trail of clues until we have gathered all the necessary pieces of the puzzle, and collate and compare evidences with fellow experts to be able to know the attackers behind an attack, their main goal, their techniques, and the length of their attacks. All the historic information we have gathered through investigating targeted attacks all these years helped us discover the truths and the myths of cyberespionage in the Asia Pacific region,” says Shabab.

Also by Noushin Shabab – Tracking The Spring Dragon Advanced Persistent Threat

[adrotate group=”2″]

Yury Namestnikov, Senior Malware Analyst at Kaspersky Lab’s GReAT, will explain the trend of cyberespionage groups focusing on attacking financial organizations in the region using the now infamous ransomware to gain monetary rewards. He will also reveal the techniques used by these groups to mask destructive wiper-attack as an ordinary cybercriminal activity.

Aside from elite cybersecurity experts from Kaspersky Lab, the global cybersecurity company’s “Data Guardian” named Midori Kuma will also grace the conference. Midori Kuma, who will be in Asia Pacific for the first time, is Kaspersky Lab’s original character tasked to remind internet users on how to keep their data safe from cybercriminals.

Guest speaker Kyoung-Ju Kwak, Security Researcher at the Computer Emergency Analysis Team of Korea’s Financial Security Institute will talk about Andariel, a threat actor connected to the Lazarus group and responsible for card leakage and illegal ATM withdrawals in South Korea.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Kaspersky Palaeontology of Cybersecurity Conference

Last week, Kaspersky Lab invited us to their security conference on the sidelines of INTERPOL World 2017. Titled as the Palaeontology of Cybersecurity, it focused on Kaspersky Lab’s efforts and abilities in dissecting malware and cyberattacks and tracing their sources.

It was a riveting look at how they tackled the thousands of cybersecurity threats that are active every day – from those that hit the news, like WannaCry and NotPetya, to those that continue to quietly cause damage and losses to consumers and corporations alike.

We also had the opportunity to hear from Eugene Kaspersky himself, as well as Jason Wells, an ex-military intelligence officer, who now helps companies tackle electronic surveillance and corporate espionage. Finally, we had a whole hour to grill them all on anything we wanted!

A lot was covered during the conference, so we will split them up into multiple articles :

We also had the opportunity to grill Eugene Kaspersky on his run-in with the US Senate. Make sure you check out our exclusive conversation with him :

For the video clips and a quick summary of each, please continue below.

 

The Palaeontology Of Cyberattacks

He shared how Kaspersky Labs performed digital forensics, literally the palaeontology of digital monsters, to trace their creators and to learn how to shut them down.

Please check out the full article on his presentation > The Palaeontology of Cyberattacks by Vitaly Kamluk.

[adrotate group=”1″]

 

The BitScout Cyber Forensics Tool Revealed!

BitScout is a free and open-source tool that can be used for the remote forensic investigation or collection of data from a compromised system, without risk of contamination or loss of data.

Please check out the full article on BitScout > The BitScout Free Cyber Forensics Tool Revealed!

 

South Korean Cyberattacks – From Military To ATM

Seongsu Park details how Kaspersky GReAT researchers traced the disparate South Korean cyberattacks and found the similarities that connected them.

Please check out the full article on his presentation > The South Korean Cyberattacks – From Military To ATM

Next Page > The Palaeontology of Cybersecurity Conference Part 2

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Spring Dragon / Lotus Blossom Advanced Persistent Threat

Noushin Shabab recounts how her team tracked the Spring Dragon APT (Advanced Persistent Threat) attacks across the South China Sea region.

Please check out the full article on her presentation > Tracking The Spring Dragon Advanced Persistent Threat.

 

The Latest Cyber Technical Surveillance Counter-Measures (TSCM)

Former military intelligence officer Jason Wells gives an overview of cyber technical surveillance counter-measures over the years and in the future!

Please check out the full article on his presentation > The Latest Cyber Technical Surveillance Counter-Measures (TSCM)

 

Cyberspace – The Survival Guide

In this engaging 35-minute talk, Eugene Kaspersky shares with us his opinions on the evolving cybersecurity threats and how we can survive them.

Please check out the full article on his presentation > Eugene Kaspersky Presents Cyberspace –  The Survival Guide

[adrotate group=”1″]

 

The Kaspersky Lab Security Conference Q&A Session

At the end of the conference, we had an hour to question the Kaspersky Lab experts, Eugene Kaspersky and Jason Wells. Check out the complete Q&A session!

 

Eugene Kaspersky Interview Exclusive : No Kremlin Ties!

I took the opportunity to grill Mr. Kaspersky on his run-in with the US Senate over accusations of personal ties to the Kremlin and close affiliation with Russian intelligence agencies. Check out this exclusive video of our exchange!

Please check out the full article on this exclusive interview > Eugene Kaspersky Interview Exclusive : No Kremlin Ties!

Go Back To > First PageEvents | Home

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The South Korean Cyberattacks – From Military To ATM

Following a detailed malware analysis, Kaspersky Lab researchers have connected a 2016 cyberattack on South Korea’s defense agency with a later cyberattack that infected 60 ATMs and stole the data from over 2,000 credit cards. The malicious code and techniques used in both cyberattacks share similarities with earlier cyberattacks widely attributed to the infamous Lazarus group.

At the Kaspersky Lab Palaeontology of Cybersecurity conferenceSeongsu ParkSenior Security Researcher, Global Research & Analysis Team, APAC, detailed how Kaspersky GReAT researchers traced the disparate South Korean cyberattacks and found the similarities that connected them.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

 

The South Korean Cyberattacks – From Military To ATM

In August 2016, a cyberattack on South Korea’s Ministry of National Defense infected around 3,000 hosts. The Defense Agency reported the incident publically in December 2016, admitting that some confidential information could have been exposed.

Six months later, at least 60 South Korean ATMs, managed by a single local vendor, were compromised with malware. The incident was reported by the Financial Security Institute and, according to the Financial Supervisory Service (FSS), resulted in the theft of the details of 2,500 financial cards and the illegal withdrawal in Taiwan of approximately US$ 2,500 from these accounts.

Kaspersky Lab researched the malware used in the ATM incident and discovered that the machines were attacked with the same malicious code used to hit the Korean Ministry of National Defense in August 2016. Exploring the connection between these attacks and earlier hacks, Kaspersky Lab has found similarities with the DarkSeoul malicious operations, and others, which are attributed to the Lazarus hacking group.

The commonalities include, among other things, the use of the same decryption routines and obfuscation techniques, overlap in command and control infrastructure, and similarities in code.

 

What Is The Lazarus Group?

Lazarus is an active cybercriminal group believed to be behind a number of massive and devastating cyberattacks worldwide including the Sony Pictures hack in 2014 and the $81 million Bangladesh Bank heist last year.

 

Preventive Measures

In order to reduce risk, Kaspersky Lab recommends implementing the following security measures:

  • Introduce an enterprise-wide fraud prevention strategy with special sections on ATM and internet banking security. Logical security, physical security of ATMs and fraud prevention measures should be addressed altogether as attacks are becoming more complex.[adrotate group=”2″]
  • Ensure you have a comprehensive, multi-layered security solution in place. For financial organizations, we recommend using specialized solutions with Default Deny and File Integrity Monitor capabilities such as Kaspersky Embedded Systems Security. These solutions can detect any suspicious activity within the payment devices infrastructure. We also recommend implementing network segmentation for ATM or POS devices.
  • Conduct annual security audits and penetration tests. It is better to let professionals find vulnerabilities than to wait for them to be found by cybercriminals.
  • Consider investing in threat intelligence so that you can understand the rapidly evolving and emerging threat landscape and can help your organization and customers to prepare. Find out more at intelreports@kaspersky.com.
  • Train your employees so they can better spot suspicious emails that could be the first stage of an attack.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

Next Page > The South Korean Cyberattacks Presentation Slides

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The South Korean Cyberattacks Presentation Slides

Here is the complete set of slides from Seongsu Park’s presentation on the South Korean cyberattacks.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

Go Back To > First PageArticles | Home

[adrotate group=”2″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!