Tag Archives: Stephan Neumeier

Kaspersky Selects Malaysia For APAC Transparency Center!

Kaspersky Selects Malaysia For APAC Transparency Center!

Kaspersky just announced that they have selected Malaysia as the site for their APAC Transparency Center!

Here is everything you need to know about the third Kaspersky Transparency Center, and why they chose Malaysia.

 

The Kaspersky Global Transparency Initiative

The Kaspersky Global Transparency Initiative began in October 2017, as a way to allay fears that Kaspersky Lab products and services had backdoors built-in.

It was really an extension of Eugene Kaspersky’s offer to show Kaspersky Lab source codes to the US government.

For a more detailed take on the Kaspersky Global Transparency Initiative, we recommend :

 

Kaspersky Global Transparency Initiative APAC Update

The Managing Director for Asia Pacific at Kaspersky, Stephan Neumeier, kicked off the launch with an update on the Kaspersky Global Transparency Initiative, with a focus on the APAC region.

  • Started relocating customer data storage and processing infrastructure for European users from Russia to Zurich, Switzerland, to be completed by the end of 2019.
  • Opened two Transparency Centers in Europe – in Zurich (November 2018) and Madrid (June 2019). The Spanish Center also serves as a briefing center for key company stakeholders.
  • Successfully completed the Service Organization Control for Service Organizations (SOC 2) Type 1 audit. The final report, issued by one of the Big Four accounting firms, confirms that the development and release of Kaspersky’s threat detection rules databases (AV databases) are protected from unauthorised changes by strong security controls.
  • Since announcing the Bug Bounty program’s extension, Kaspersky resolved 66 bugs reported by security researchers and awarded almost $45,000 in bounty rewards.
  • Kaspersky also supports the io framework which provides Safe Harbor for vulnerability researchers concerned about potential negative legal consequences of their discoveries.
[adrotate group=”1″]

 

Why Kaspersky Selected Malaysia For The APAC Transparency Center

Kaspersky revealed that their APAC Transparency Center will be located in Cyberjaya, in partnership with CyberSecurity Malaysia.

Cyberjaya was selected because of its central location and close proximity to many key Kaspersky clients in APAC, as well as other security- and infrastructure-related reasons.

 

What Is The Kaspersky APAC Transparency Center For?

The new Kaspersky APAC Transparency Center in Malaysia will serve as the third trusted code review facility, after Zurich and Madrid.

Government regulators and Kaspersky enterprise clients can request to come to the Kaspersky APAC Transparency Center to examine or review :

  • source code of Kaspersky consumer and enterprise solutions, like Kaspersky Internet Security (KIS), Kaspersky Endpoint Security (KES) and Kaspersky Security Center (KSC)
  • Kaspersky’s threat analysis, secure review and application security testing process
  • all versions of Kaspersky software builds, and AV database updates
  • data feeds that are sent by Kaspersky products to the cloud-based Kaspersky Security Network (KSN)

It will also function as a briefing centre, where guests will be able to learn about Kaspersky’s engineering and data processing practises.

This new Kaspersky Transparency Center is slated to open for its first visitors in early 2020. Like the other Transparency Centers, access is available only upon request.

 

Suggested Reading

Go Back To > Cybersecurity | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Truth On Cyberespionage @ 3rd Kaspersky APAC Conference

October 13, 2017, 2017 – Kaspersky Lab unriddles today the mysterious threat of cyberespionage against countries, critical infrastructure, and companies in the region as part of its 3rd Asia Pacific (APAC) Cyber Security Weekend in Phuket, Thailand.

The company’s annual cybersecurity conference in the region will bring together its top security experts along with industry professionals and journalists from 11 countries across APAC. The four-day event will highlight presentations from its top security researchers to reveal the truths and bust myths about cyberespionage, an alarming threat which has crossed the worlds of fiction and reality.

“Cyber espionage is a dangerous and costly threat targeting nations and corporations around the world, including nations right here in the Asia Pacific region. Kaspersky Lab today aims to sound the alarm louder about this imminent danger so we can step up our efforts to strengthen our infrastructure and protect the public,” says Stephan Neumeier, Managing Director at Kaspersky Lab APAC.

Don’t forget to check out our earlier article – The Kaspersky Palaeontology of Cybersecurity Conference!

 

Kaspersky Cybersecurity Experts On Cyberespionage

Four cybersecurity experts from Kaspersky Lab’s Global Research & Analysis Team (GReAT) topbill this year’s APAC Cyber Security Weekend and will zero in on the state of targeted attacks in APAC countries from past to present and how governments, businesses, and concerned industrial sectors can beef up their cyber defenses.

Vitaly Kamluk, Kaspersky Lab’s Director of GReAT in APAC, will open up the discussion by looking back at major cyber attacks that have hit public and private organizations over the past years in countries around the region.

“Cyberespionage, a subset of intelligence activities in cyberspace, is covert by nature. The new generation of spies are not doing physical James Bond-style operations anymore — they are regular software developers and system operators. Their achievements remain in the darkness until researchers like Kaspersky GReAT discover and document their activities. The attackers are not writing the history of cyberattacks, but researchers do. And it doesn’t come as easy making documentaries or writing memoirs. The work of researchers require high concentration and solving of multiple difficult logical problems on the way, which is why these stories are so valuable,” explains Kamluk.

Also by Vitaly Kamluk – The Palaeontology of Cyberattacks and The BitScout Free Cyber Forensics Tool.

Kaspersky Lab’s 2016 report titled “Measuring the Financial Impact of IT Security on Businesses” has found that targeted attacks, including cyberespionage, are among the most expensive types of attack. The study further shows these threats can cost up to $143,000 in losses for small businesses and $1.7 million for enterprises.

The global cybersecurity company’s cyberespionage report also reiterates that businesses in all sectors and of all sizes are vulnerable to a targeted attack. A Fortune 500 company is at risk as a two-man startup as both entities hold business data.

Aside from monetary loss, businesses and even government agencies lose confidential data and the trust from their stakeholders and customers in the wake of a successful cyberespionage campaign.

Seongsu Park, GReAT’s Senior Security Researcher based in South Korea, will specifically talk about the role of a company’s infrastructure in a successful targeted attack.

Park is among the Kaspersky Lab researchers who have been closely monitoring the activity of the high-profile cyberespionage group, Lazarus, a cybercriminal gang believed to be behind the $81-million Bangladesh Bank heist last year. He said thorough analysis on this group proved that many servers of big corporations are being used by the cybergang as launchers of their attacks against these same enterprises.

Also by Seongsu Park – The South Korean Cyberattacks – From Military To ATM

To answer the who’s and how’s of a cyberespionage campaign, Noushin Shabab, Senior Security Researcher at Kaspersky Lab’s GReAT based in Australia, will discuss the forensic techniques and critical analysis being carried out by researchers for years to be able to understand an attack and to unmask its perpetrators.

“Like paleontologists collecting the tiniest bones to be able to unearth a full artefact, cybersecurity researchers examine the leftovers of a malicious campaign, chase the trail of clues until we have gathered all the necessary pieces of the puzzle, and collate and compare evidences with fellow experts to be able to know the attackers behind an attack, their main goal, their techniques, and the length of their attacks. All the historic information we have gathered through investigating targeted attacks all these years helped us discover the truths and the myths of cyberespionage in the Asia Pacific region,” says Shabab.

Also by Noushin Shabab – Tracking The Spring Dragon Advanced Persistent Threat

[adrotate group=”2″]

Yury Namestnikov, Senior Malware Analyst at Kaspersky Lab’s GReAT, will explain the trend of cyberespionage groups focusing on attacking financial organizations in the region using the now infamous ransomware to gain monetary rewards. He will also reveal the techniques used by these groups to mask destructive wiper-attack as an ordinary cybercriminal activity.

Aside from elite cybersecurity experts from Kaspersky Lab, the global cybersecurity company’s “Data Guardian” named Midori Kuma will also grace the conference. Midori Kuma, who will be in Asia Pacific for the first time, is Kaspersky Lab’s original character tasked to remind internet users on how to keep their data safe from cybercriminals.

Guest speaker Kyoung-Ju Kwak, Security Researcher at the Computer Emergency Analysis Team of Korea’s Financial Security Institute will talk about Andariel, a threat actor connected to the Lazarus group and responsible for card leakage and illegal ATM withdrawals in South Korea.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Eugene Kaspersky Interview Exclusive : No Kremlin Ties!

At the end of the Kaspersky Lab Palaeontology of Cybersecurity conference, members of the press were allowed to question the panel of speakers, including Kaspersky Lab Chairman and CEO, Eugene Kaspersky himself.

I took the opportunity to grill Mr. Kaspersky on his run-in with the US Senate over accusations of personal ties to the Kremlin and close affiliation with Russian intelligence agencies. Check out this exclusive video of our exchange!

Don’t forget to check out the Kaspersky Palaeontology of Cybersecurity presentations!

 

Eugene Kaspersky On His Alleged Kremlin Ties

On 27 June 2017, FBI agents visited the homes of some Kaspersky Lab employees in the US. The very next day, Jeanne Shaheen (D-NH) introduced an amendment to a Pentagon spending bill that prohibits the US Department of Defense from “using software platforms developed by Kaspersky Lab“.

In response, Eugene Kaspersky (also known as Yevgeny Kaspersky) said that he would be willing to appear before the US Senate. He also offered to show Kaspersky’s source codes to the US government, if that will help assure them that there is nothing malicious in them.

 

The Eugene Kaspersky Interview Transcript

Here is a transcript of the exchange, with some paraphrasing. The Kaspersky APAC Director of GReAT, Vitaly Kamluk, also chipped in his 2 cents, as did Stephan Neumeier, the Managing Director of Kaspersky Lab Asia Pacific.

Tech ARP : You said that you would testify before the US Congress and share your source codes. Have they requested you to testify or share your source codes?

Eugene Kaspersky : We are under strange pressure from the United States. They point a finger at us, and say that we are a danger to the United States, without evidence.

They suspect that we have very strong ties with the Russian government. I’m very curious what’s [the evidence]? If not the names of the people, then at least the names of the agencies involved. Silence. So they don’t have any facts.

Okay, ask me to testify before the Senate, please.[adrotate group=”2″]

Tech ARP : Have they done so?

Eugene Kaspersky : No! No, no, no.

Tech ARP : What about your offer to release the source codes to them? Have they accepted the offer?

Eugene Kaspersky : No! They speak a lot about us, but when we say “Let’s do some real investigation. We can open anything you want.“… Silence.

Tech ARP : What about your offer to release the source codes also extend to other countries, like China, for example?

Eugene Kaspersky : No! Not like this in any other country.

Tech ARP : So [the offer to release the source codes] is only for the United States?

Eugene Kaspersky : Actually we disclose some technologies in some other countries, but I’m not going to name those countries. We did it to comply with government contract requirements.

We are a transparent company. If you have any questions, just ask us. It’s not a problem at all. So we don’t have this kind of problem in any other country but the United States.

Tech ARP : Beyond the source code, there is also the concern about data collection on US DOD employees by Kaspersky Lab, which is a Russian company. Do you have a comment on this?

Eugene Kaspersky : We only collect suspicious pieces of data, that might be malware samples. We do not collect the user’s data.

Well, we collect the user’s data if the user is a cybercriminal. If he’s developing malicious code on a computer, we will take it (the malicious code) because it looks suspicious. But the rest of the data – we do not touch, and we don’t collect any user-identifiable data.

Actually, it’s very strange when the United States say that I can cooperate with the (Russian) secret services and disclose data, but I don’t have this data.

The most confidential information that we have in our company are the cyberattack incidence reports involving our customers. We help our customers to investigate these cyberattacks but we don’t share this data with anyone. There could be information about ongoing investigations, but we don’t share this information with anyone but the law enforcement agencies that are handling the case. That’s it.

We don’t have any user-identifiable data or enterprise data, unless it’s for an investigation of a cyberattack.

Vitaly Kamluk : I also want to add that the control of whether to share data (or not) is always in the user’s hands. We never force the collection of user’s data. You can switch it on or off.

We do not hard-code the collection of data. There is a control and it’s in the user’s hands. So if certain organisations or individuals are concerned about the collection of data, they can switch it off.

Eugene Kaspersky : Yes, they can switch it off.

Tech ARP : What about telemetry, statistics, etc?

Vitaly Kamluk : You can switch it off – malware detection statistics and even malware samples. This is in the user’s control – to share or not to share.

Eugene Kaspersky : In most of the cases, we don’t know who our users are. We see their product ID when their Kaspersky product connects to the cloud for updates, but we don’t know the name of their user.

Tech ARP : There are claims that you have connections or links to the Kremlin. Can you deny or acknowledge these claims?

Eugene Kaspersky : They are my customers. We cooperate with the cyber police forces in Russia.

Tech ARP : Are you Vladimir Putin’s friend?[adrotate group=”2″]

Eugene Kaspersky : No. Is Putin my friend? No.

Mark (Moderator) : Is Donald Trump your friend?

Eugene Kaspersky : <Laughs> No. In my office, there is only one picture – my handshake with Angela Merkel. No more.

Stephan Neumeier : True.

Eugene Kaspersky : Did you see it?

Stephan Neumeier : Yes.

Eugene Kaspersky : Once I had a handshake with Lee Kuan Yew (former Prime Minister of Singapore), but unfortunately, I don’t have a picture of that.

Don’t forget to check out the Kaspersky Palaeontology of Cybersecurity presentations!

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!