Tag Archives: Vitaly Kamluk

Kaspersky on APAC Digital Reputation Threats!

Kaspersky on APAC Digital Reputation Threats!

Vitaly Kamluk, Kaspersky Director of Global Research and Analysis for APAC, explores the impact of social media activities on our digital reputation, as well as those of brands and companies!

 

Digital Reputation : What Is It?

Digital reputation is the online version of good old fashion reputation. The only difference is that it is defined by our online behaviour and what people are saying about us, or the brand.

In short, our digital reputation is a combination of our digital footprint, and the impact it has on how other people perceive us, or the brand.

As the world becomes more connected, digital reputation is becoming more than just important – it is now critical to the future and success of any individual or corporation.

This has led to a shift in how people and brands behave online these days…

As Jesmond Chang, Head of Corporate Communications for Kaspersky APAC, shared above :

  • 32% of social media users in APAC use anonymous accounts
  • 50% of social media users in APAC avoid companies that are involved in a scandal, or had received negative news coverage online
  • 40% also stopped using a company’s or brand’s products once they are embroiled in some kind of online crisis.

 

Kaspersky on APAC Digital Reputation Threats!

At the 6th Vitaly Kamluk, Kaspersky Director of Global Research and Analysis for APAC, shared the latest threats to digital reputation in the APAC region, which is precipitated by the COVID-19 pandemic.

“One of the most visible effect of this pandemic is how it forced everyone, from individuals to the biggest companies, to shift a lot of their activities online.

This dependence, triggered by our need to secure our physical health, also pushed us to increase our social media use, either to connect with our distant loved ones, to give support to our community, to entertain ourselves, or to get hold of products and services that we need.

Parallel to this trend is the opening of wider doors for cybercriminals to exploit”

With many employees working from home, cybercriminals have found new ways to exploit this situation :

  • brute force attacks on database servers increased 23% in April 2020
  • Malicious files planted on websites increase 8% in April 2020
  • Network attacks and phishing emails also rose

Kaspersky themselves reported an increase of unique malware samples from 350,000 per day pre-COVID, to 428,000 per day!

With the increased reliance on online services, including remote work and learning, e-commerce purchases and a greater adoption of e-wallets, the 2020 threat landscape appears to favour cybercriminals.

 

Recommended Reading

Go Back To > Cybersecurity | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The Truth On Cyberespionage @ 3rd Kaspersky APAC Conference

October 13, 2017, 2017 – Kaspersky Lab unriddles today the mysterious threat of cyberespionage against countries, critical infrastructure, and companies in the region as part of its 3rd Asia Pacific (APAC) Cyber Security Weekend in Phuket, Thailand.

The company’s annual cybersecurity conference in the region will bring together its top security experts along with industry professionals and journalists from 11 countries across APAC. The four-day event will highlight presentations from its top security researchers to reveal the truths and bust myths about cyberespionage, an alarming threat which has crossed the worlds of fiction and reality.

“Cyber espionage is a dangerous and costly threat targeting nations and corporations around the world, including nations right here in the Asia Pacific region. Kaspersky Lab today aims to sound the alarm louder about this imminent danger so we can step up our efforts to strengthen our infrastructure and protect the public,” says Stephan Neumeier, Managing Director at Kaspersky Lab APAC.

Don’t forget to check out our earlier article – The Kaspersky Palaeontology of Cybersecurity Conference!

 

Kaspersky Cybersecurity Experts On Cyberespionage

Four cybersecurity experts from Kaspersky Lab’s Global Research & Analysis Team (GReAT) topbill this year’s APAC Cyber Security Weekend and will zero in on the state of targeted attacks in APAC countries from past to present and how governments, businesses, and concerned industrial sectors can beef up their cyber defenses.

Vitaly Kamluk, Kaspersky Lab’s Director of GReAT in APAC, will open up the discussion by looking back at major cyber attacks that have hit public and private organizations over the past years in countries around the region.

“Cyberespionage, a subset of intelligence activities in cyberspace, is covert by nature. The new generation of spies are not doing physical James Bond-style operations anymore — they are regular software developers and system operators. Their achievements remain in the darkness until researchers like Kaspersky GReAT discover and document their activities. The attackers are not writing the history of cyberattacks, but researchers do. And it doesn’t come as easy making documentaries or writing memoirs. The work of researchers require high concentration and solving of multiple difficult logical problems on the way, which is why these stories are so valuable,” explains Kamluk.

Also by Vitaly Kamluk – The Palaeontology of Cyberattacks and The BitScout Free Cyber Forensics Tool.

Kaspersky Lab’s 2016 report titled “Measuring the Financial Impact of IT Security on Businesses” has found that targeted attacks, including cyberespionage, are among the most expensive types of attack. The study further shows these threats can cost up to $143,000 in losses for small businesses and $1.7 million for enterprises.

The global cybersecurity company’s cyberespionage report also reiterates that businesses in all sectors and of all sizes are vulnerable to a targeted attack. A Fortune 500 company is at risk as a two-man startup as both entities hold business data.

Aside from monetary loss, businesses and even government agencies lose confidential data and the trust from their stakeholders and customers in the wake of a successful cyberespionage campaign.

Seongsu Park, GReAT’s Senior Security Researcher based in South Korea, will specifically talk about the role of a company’s infrastructure in a successful targeted attack.

Park is among the Kaspersky Lab researchers who have been closely monitoring the activity of the high-profile cyberespionage group, Lazarus, a cybercriminal gang believed to be behind the $81-million Bangladesh Bank heist last year. He said thorough analysis on this group proved that many servers of big corporations are being used by the cybergang as launchers of their attacks against these same enterprises.

Also by Seongsu Park – The South Korean Cyberattacks – From Military To ATM

To answer the who’s and how’s of a cyberespionage campaign, Noushin Shabab, Senior Security Researcher at Kaspersky Lab’s GReAT based in Australia, will discuss the forensic techniques and critical analysis being carried out by researchers for years to be able to understand an attack and to unmask its perpetrators.

“Like paleontologists collecting the tiniest bones to be able to unearth a full artefact, cybersecurity researchers examine the leftovers of a malicious campaign, chase the trail of clues until we have gathered all the necessary pieces of the puzzle, and collate and compare evidences with fellow experts to be able to know the attackers behind an attack, their main goal, their techniques, and the length of their attacks. All the historic information we have gathered through investigating targeted attacks all these years helped us discover the truths and the myths of cyberespionage in the Asia Pacific region,” says Shabab.

Also by Noushin Shabab – Tracking The Spring Dragon Advanced Persistent Threat

[adrotate group=”2″]

Yury Namestnikov, Senior Malware Analyst at Kaspersky Lab’s GReAT, will explain the trend of cyberespionage groups focusing on attacking financial organizations in the region using the now infamous ransomware to gain monetary rewards. He will also reveal the techniques used by these groups to mask destructive wiper-attack as an ordinary cybercriminal activity.

Aside from elite cybersecurity experts from Kaspersky Lab, the global cybersecurity company’s “Data Guardian” named Midori Kuma will also grace the conference. Midori Kuma, who will be in Asia Pacific for the first time, is Kaspersky Lab’s original character tasked to remind internet users on how to keep their data safe from cybercriminals.

Guest speaker Kyoung-Ju Kwak, Security Researcher at the Computer Emergency Analysis Team of Korea’s Financial Security Institute will talk about Andariel, a threat actor connected to the Lazarus group and responsible for card leakage and illegal ATM withdrawals in South Korea.

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Kaspersky Palaeontology of Cybersecurity Conference

Last week, Kaspersky Lab invited us to their security conference on the sidelines of INTERPOL World 2017. Titled as the Palaeontology of Cybersecurity, it focused on Kaspersky Lab’s efforts and abilities in dissecting malware and cyberattacks and tracing their sources.

It was a riveting look at how they tackled the thousands of cybersecurity threats that are active every day – from those that hit the news, like WannaCry and NotPetya, to those that continue to quietly cause damage and losses to consumers and corporations alike.

We also had the opportunity to hear from Eugene Kaspersky himself, as well as Jason Wells, an ex-military intelligence officer, who now helps companies tackle electronic surveillance and corporate espionage. Finally, we had a whole hour to grill them all on anything we wanted!

A lot was covered during the conference, so we will split them up into multiple articles :

We also had the opportunity to grill Eugene Kaspersky on his run-in with the US Senate. Make sure you check out our exclusive conversation with him :

For the video clips and a quick summary of each, please continue below.

 

The Palaeontology Of Cyberattacks

He shared how Kaspersky Labs performed digital forensics, literally the palaeontology of digital monsters, to trace their creators and to learn how to shut them down.

Please check out the full article on his presentation > The Palaeontology of Cyberattacks by Vitaly Kamluk.

[adrotate group=”1″]

 

The BitScout Cyber Forensics Tool Revealed!

BitScout is a free and open-source tool that can be used for the remote forensic investigation or collection of data from a compromised system, without risk of contamination or loss of data.

Please check out the full article on BitScout > The BitScout Free Cyber Forensics Tool Revealed!

 

South Korean Cyberattacks – From Military To ATM

Seongsu Park details how Kaspersky GReAT researchers traced the disparate South Korean cyberattacks and found the similarities that connected them.

Please check out the full article on his presentation > The South Korean Cyberattacks – From Military To ATM

Next Page > The Palaeontology of Cybersecurity Conference Part 2

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Spring Dragon / Lotus Blossom Advanced Persistent Threat

Noushin Shabab recounts how her team tracked the Spring Dragon APT (Advanced Persistent Threat) attacks across the South China Sea region.

Please check out the full article on her presentation > Tracking The Spring Dragon Advanced Persistent Threat.

 

The Latest Cyber Technical Surveillance Counter-Measures (TSCM)

Former military intelligence officer Jason Wells gives an overview of cyber technical surveillance counter-measures over the years and in the future!

Please check out the full article on his presentation > The Latest Cyber Technical Surveillance Counter-Measures (TSCM)

 

Cyberspace – The Survival Guide

In this engaging 35-minute talk, Eugene Kaspersky shares with us his opinions on the evolving cybersecurity threats and how we can survive them.

Please check out the full article on his presentation > Eugene Kaspersky Presents Cyberspace –  The Survival Guide

[adrotate group=”1″]

 

The Kaspersky Lab Security Conference Q&A Session

At the end of the conference, we had an hour to question the Kaspersky Lab experts, Eugene Kaspersky and Jason Wells. Check out the complete Q&A session!

 

Eugene Kaspersky Interview Exclusive : No Kremlin Ties!

I took the opportunity to grill Mr. Kaspersky on his run-in with the US Senate over accusations of personal ties to the Kremlin and close affiliation with Russian intelligence agencies. Check out this exclusive video of our exchange!

Please check out the full article on this exclusive interview > Eugene Kaspersky Interview Exclusive : No Kremlin Ties!

Go Back To > First PageEvents | Home

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Eugene Kaspersky Interview Exclusive : No Kremlin Ties!

At the end of the Kaspersky Lab Palaeontology of Cybersecurity conference, members of the press were allowed to question the panel of speakers, including Kaspersky Lab Chairman and CEO, Eugene Kaspersky himself.

I took the opportunity to grill Mr. Kaspersky on his run-in with the US Senate over accusations of personal ties to the Kremlin and close affiliation with Russian intelligence agencies. Check out this exclusive video of our exchange!

Don’t forget to check out the Kaspersky Palaeontology of Cybersecurity presentations!

 

Eugene Kaspersky On His Alleged Kremlin Ties

On 27 June 2017, FBI agents visited the homes of some Kaspersky Lab employees in the US. The very next day, Jeanne Shaheen (D-NH) introduced an amendment to a Pentagon spending bill that prohibits the US Department of Defense from “using software platforms developed by Kaspersky Lab“.

In response, Eugene Kaspersky (also known as Yevgeny Kaspersky) said that he would be willing to appear before the US Senate. He also offered to show Kaspersky’s source codes to the US government, if that will help assure them that there is nothing malicious in them.

 

The Eugene Kaspersky Interview Transcript

Here is a transcript of the exchange, with some paraphrasing. The Kaspersky APAC Director of GReAT, Vitaly Kamluk, also chipped in his 2 cents, as did Stephan Neumeier, the Managing Director of Kaspersky Lab Asia Pacific.

Tech ARP : You said that you would testify before the US Congress and share your source codes. Have they requested you to testify or share your source codes?

Eugene Kaspersky : We are under strange pressure from the United States. They point a finger at us, and say that we are a danger to the United States, without evidence.

They suspect that we have very strong ties with the Russian government. I’m very curious what’s [the evidence]? If not the names of the people, then at least the names of the agencies involved. Silence. So they don’t have any facts.

Okay, ask me to testify before the Senate, please.[adrotate group=”2″]

Tech ARP : Have they done so?

Eugene Kaspersky : No! No, no, no.

Tech ARP : What about your offer to release the source codes to them? Have they accepted the offer?

Eugene Kaspersky : No! They speak a lot about us, but when we say “Let’s do some real investigation. We can open anything you want.“… Silence.

Tech ARP : What about your offer to release the source codes also extend to other countries, like China, for example?

Eugene Kaspersky : No! Not like this in any other country.

Tech ARP : So [the offer to release the source codes] is only for the United States?

Eugene Kaspersky : Actually we disclose some technologies in some other countries, but I’m not going to name those countries. We did it to comply with government contract requirements.

We are a transparent company. If you have any questions, just ask us. It’s not a problem at all. So we don’t have this kind of problem in any other country but the United States.

Tech ARP : Beyond the source code, there is also the concern about data collection on US DOD employees by Kaspersky Lab, which is a Russian company. Do you have a comment on this?

Eugene Kaspersky : We only collect suspicious pieces of data, that might be malware samples. We do not collect the user’s data.

Well, we collect the user’s data if the user is a cybercriminal. If he’s developing malicious code on a computer, we will take it (the malicious code) because it looks suspicious. But the rest of the data – we do not touch, and we don’t collect any user-identifiable data.

Actually, it’s very strange when the United States say that I can cooperate with the (Russian) secret services and disclose data, but I don’t have this data.

The most confidential information that we have in our company are the cyberattack incidence reports involving our customers. We help our customers to investigate these cyberattacks but we don’t share this data with anyone. There could be information about ongoing investigations, but we don’t share this information with anyone but the law enforcement agencies that are handling the case. That’s it.

We don’t have any user-identifiable data or enterprise data, unless it’s for an investigation of a cyberattack.

Vitaly Kamluk : I also want to add that the control of whether to share data (or not) is always in the user’s hands. We never force the collection of user’s data. You can switch it on or off.

We do not hard-code the collection of data. There is a control and it’s in the user’s hands. So if certain organisations or individuals are concerned about the collection of data, they can switch it off.

Eugene Kaspersky : Yes, they can switch it off.

Tech ARP : What about telemetry, statistics, etc?

Vitaly Kamluk : You can switch it off – malware detection statistics and even malware samples. This is in the user’s control – to share or not to share.

Eugene Kaspersky : In most of the cases, we don’t know who our users are. We see their product ID when their Kaspersky product connects to the cloud for updates, but we don’t know the name of their user.

Tech ARP : There are claims that you have connections or links to the Kremlin. Can you deny or acknowledge these claims?

Eugene Kaspersky : They are my customers. We cooperate with the cyber police forces in Russia.

Tech ARP : Are you Vladimir Putin’s friend?[adrotate group=”2″]

Eugene Kaspersky : No. Is Putin my friend? No.

Mark (Moderator) : Is Donald Trump your friend?

Eugene Kaspersky : <Laughs> No. In my office, there is only one picture – my handshake with Angela Merkel. No more.

Stephan Neumeier : True.

Eugene Kaspersky : Did you see it?

Stephan Neumeier : Yes.

Eugene Kaspersky : Once I had a handshake with Lee Kuan Yew (former Prime Minister of Singapore), but unfortunately, I don’t have a picture of that.

Don’t forget to check out the Kaspersky Palaeontology of Cybersecurity presentations!

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The BitScout Free Cyber Forensics Tool Revealed!

At the end of his Palaeontology of Cyberattack keynote, the Kaspersky APAC Director of GReAT, Vitaly Kamluk, announced the public availability of his cyber forensics tool – BitScout. This is a free and open-source tool that can be used for the remote forensic investigation or collection of data from a compromised system, without risk of contamination or loss of data.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

 

The BitScout Cyber Forensics Tool

BitScout was “created independently of the Kaspersky Lab product line” and is “outside [the] scope of [the] company’s business operation“. Vitaly intended for the BitScout tool to be used by cybersecurity researchers, high-tech crime units of law enforcement agencies (LEA), as well as educational institutions.

Legitimate owners of compromised systems may cooperate and help security researchers find the infection vector or other details about the attackers. However, it is a longstanding concern the need for security researchers to travel long distances to collect crucial evidence (e.g. malware samples) from infected computers can result in expensive and delayed investigations.

The longer it takes for an attack to be understood, the longer it is before users are protected and perpetrators identified. However, the alternatives have either involved expensive tools and a knowledge of how to operate them, or the risk of contaminating or losing evidence by moving it between computers.

To solve the problem, security researchers can now use BitScout to remotely collect key forensic materials, acquire full disk images via the network or locally attached storage, or simply remotely assist in malware incident handling. Evidence data can be viewed and analyzed remotely or locally while the source data storage remains intact through reliable container-based isolation.

 

The BitScout Advantage

Kaspersky Lab experts work closely with law enforcement agencies across the world to help in the technical analysis of cyber investigations. This gives them a unique insight into the challenges LEA personnel face when fighting modern cybercrime.

The cybersecurity landscape is now so complex and sophisticated that investigators need tools that can adapt and scale to the demands of the job. BitScout is a good example of this. It can be adjusted to the particular needs of an investigator, and improved and upgraded with additional features and custom software.

Most importantly it comes free of charge, based on open-source solutions and is fully transparent: instead of relying on third party tools with proprietary code, experts can use the Bitscout open-source code to build their own swiss-army knife for digital forensics. The list of BitScout features includes:[adrotate group=”2″]

  •  Disk image acquisition even with un-trained staff
  •  Training people on the go (shared view-only terminal session)
  •  Transferring complex pieces of data to your lab for deeper inspection
  •  Remote Yara or AV scanning of offline systems (essential against rootkits)
  •  Search and view registry keys (autoruns, services, plugged USB devices)
  •  Remote file carving (recovering deleted files)
  •  Remediation of the remote system if access is authorized by the owner
  •  Remote scanning of other network nodes (useful for remote incident response)

BitScout is freely available at Vitaly Kamluk’s GitHub code repository here.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Palaeontology of Cyberattacks by Vitaly Kamluk

Vitaly Kamluk is the Director of Global Research & Analysis Team (GReAT), Kaspersky Lab APAC. He has been involved in malware research at Kaspersky Lab since 2005. At the Kaspersky Lab Palaeontology of Cybersecurity conference, he gave the keynote speech on The Palaeontology of Cyberattacks.

He shared how Kaspersky Labs performed digital forensics, literally the palaeontology of digital monsters, to trace their creators and to learn how to shut them down. He also took the opportunity to officially announce the release of his open source, free remote forensics tool called BitScout.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

 

The Palaeontology of Cyberattacks by Vitaly Kamluk

The Director of the APAC Kaspersky GReAT (Global Research & Analysis Team), Vitaly Kamluk, details how Kaspersky Lab dissect cyberattacks so they can take down their infrastructure and alert victims. He also talks about BitScout – the open source digital tool he created to analyse and investigate these cyberattacks.

Here are the key takeaway points :

  • Stuxnet is an example of how malware can affect and even destroy objects in the real world.
  • Digital forensics is important because only by learning from the past can we prevent it from repeating in the future.
  • The art of tracing these cyberattacks takes time and involves multiple stages like :
    • Add detection for known modules and collect new samples
    • Reverse engineer the samples
    • Decrypt sophisticated encryption and compression schemes
    • Understand the lateral movement of the attacker
    • Outline multiple attack stages in the correct order
    • Map the command and control (C&C) infrastructure
    • Set up sinkholes – servers that they can redirect victims to, and analyse the collected traffic and protocols
    • Crawl other hosts that understand the same protocols, to check if they have been compromised as well
    • Take down and acquire images of the C&C servers to identify the attackers
    • Identify victims, send out notifications to warn them, and alert global CERTs
    • Apply forensics and extract logs, stolen files, etc.
    • Collect and analyse data from all sources
    • Write a comprehensive report
  • Zero day (0-day) vulnerabilities or exploits are rare and valuable. For example, one iOS 0-day exploit was priced at US$1.5 million.
  • Even old exploits (like the Silverlight 0-day) that have been exposed years ago are still usable, because not everyone updates their operating system.
  • In the case of the Silverlight exploit, Kaspersky Lab used signature code snippets from the creator’s own public code samples to identify a new 0-day Silverlight exploit that he created as well.
  • Vitaly also shared how Kaspersky Lab tracked the Lazarus group, which was famous for its theft of $81 million from the Central Bank of Bangladesh last year (February 2016).
  • Kaspersky Lab found several artefacts that pointed to a Korean origin, including proof that at least one of the computers used in developing the malware was using a Korean version of Windows.
  • They also identified false flag attempts to pin the exploit code on Russian developers using crude Russian phrases and a commercial Russian software protector.[adrotate group=”2″]
  • Kaspersky Lab also discovered that the Lazarus group used a testing bot that was located in a North Korean server.
  • Because attribution of any cyberattack is difficult, Kaspersky Lab believes there should be better cooperation between cybersecurity companies and the police and the private sector.
  • Therefore, Kaspersky Lab is officially releasing a tool that Vitaly Kamluk himself developed – BitScout – to help them with their investigations.
  • BitScout is an open-source tool that is free for anyone to perform remote forensics on a compromised system.
  • Using virtualisation, BitScout allows a cybersecurity expert to trace and detect malware in a compromised system without making any changes to the storage drives, preserving the legal chain of custody and avoiding the perception of possible tampering with the data.

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

Next Page > The Palaeontology of Cyberattacks Presentation Slides

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Palaeontology of Cyberattacks Presentation Slides

Here is the complete set of slides from Vitaly Kamluk’s presentation on the Palaeontology of Cyberattacks

Don’t forget to check out the other Kaspersky Palaeontology of Cybersecurity presentations!

Go Back To > First PageArticles | Home

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!