Tag: Kaspersky

Kaspersky’s partners back the security outfit

40153923-1-kaspersky1Kaspersky has seen a flood of support from its distributers after the US government ordered its departments to remove all of its products within 90 days.

The US government’s Department of Homeland Security (DHS) yesterday released a statement saying the use of Kaspersky products carried “information security risks” to the government.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks”,  the statement read.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalise on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security.”

DHS also claimed that Russian law allows its intelligence services to “request or compel assistance from Kaspersky and to intercept communications transiting Russian networks”.

Kaspersky has denied any connection to the Russian government since July when Bloomberg claimed to have seen emails proving the vendor had been working with the Kremlin.

Bloomberg saw emails between founder Eugene Kaspersky and senior Kaspersky staff, discussing a cybersecurity project that was in development for the Russian FSB intelligence agency.

Kaspersky said it was disappointed with the US government’s decision.

“No credible evidence has been presented publicly by anyone or any organisation as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company. Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments”, Kaspersky added.

Kaspersky’s distributors agree, saying that the whole thing has the smell of anti-Russian politics rather than meaningful security problems.

Dave Stevinson, managing director at Kaspersky partner GNR, said the US’ decision is driven by political motives, rather than technological motives.

“In my opinion, this is a political issue and unfortunately for Kaspersky they’ve been used as a pawn in Trump’s game against Russia,” he said.

Resellers say that in Europe there has been no reluctance from partners or customers to continue using Kaspersky products.

One ace card that Kaspersky did was offer to share the source code with the US spooks. If there were Russian interference that would have been obvious from the code.

The fact that the US government refused to take it and yet locked them out of US markets is probably a sign that they were not really interested in security.

Kaspersky warns MSPs need to improve security

securitySecurity outfit Kaspersky Labs has warned that there real dangers that some of the current security offerings from MSPs will fall short and leave users exposed to risks.

SMB Business head at Kaspersky Vladimir Zapolyansky said that for service providers, it’s not enough to simply have cybersecurity services in their portfolio. One damaging incident such as a ransomware infection can undermine their reputation and affect relationships with customers.

The security vendor found that 92 percent  of MSPs now include cybersecurity as part of the portfolio of services they offer and many believe that providing it gives them a better reputation.

Three quarters of those MSPs quizzed by the vendor also expected the provision of security services would gain them new customers as well as keeping existing accounts on board.

The study also revealed that MSPs listed security as one of the main concerns for their customers with many looking for a service that would block ransomware.

But skill shortages along with issues remotely deploying and managing security solutions are causing headaches.

The advice from Zapolyansky to MSPs was to choose security products that had been designed with an service provider in mind and were easy to deploy and manage.

The debate about the value of turning to an MSSP rather than MSP when it comes to security issues will run and run.

 

Kaspersky ends reseller contract with Quadsys

40153923-1-kaspersky1Russian security outfit Kaspersky Lab has told security reseller Quadsys to go forth and multiply after its company bosses admitted hacking rivals.

Quadsys owner Paul Streeter, MD Paul Cox, director Alistair Barnard, account manager Steve Davis and security consultant Jon Townsend pleaded guilty to securing unauthorised access to computer material, contrary to section 1 of the Computer Misuse Act 1990.

The five were charged in summer 2015 with hacking into a rival’s database to plunder customer information and pricing details. Sentencing is set for 9 September.

Quadsys, which was accredited as a Kaspersky Gold partner, the vendor’s top tier certification has moved to distance itself from the troubled outfit and has ended its business relationship with the company.

Others are expected to follow, but still have not gone on record.  Sophos had actually promoted Quadsys to its platinum certification on 1 August, just nine days after the Quadsys Five pleaded guilty at Oxford Crown Court.

Execs go as Kaspersky loses business

40153923-1-kaspersky1Two of Kaspersky Lab’s top US executives have cleaned out their desk after they failed to convince US government officials that not everyone in Russia is a pawn in Tsar Putin’s game.

The company’s leader of its North American operations and the head of a Washington-area office went as it struggles to win US government contracts.

Company Chief Executive Eugene Kaspersky confirmed the changes in an interview with Reuters during a visit to China but claimed the two personnel changes were unrelated.

Kaspersky said the North America head Christopher Doggett had gone to a competitor while Kaspersky “decided to change leadership in DC,” where the two-year-old office pursues work protecting government agencies and critical infrastructure.

Doggett and former Washington-area head Adam Firestone are not saying anything.

But the shakeup comes at a time when Kaspersky says it is hard for non-American security companies to win bids for federal jobs and big US corporate contracts. The Americans were not really loyal to any non-American products and only British companies are treated in the same way as the Americans.

Kaspersky has been the foremost researcher uncovering Western government spyware for the past several years. Earlier this year, it said it had itself been attacked by one of the most sophisticated strains uncovered to date, with an intrusion it hinted came from U.S. ally Israel.

Kaspersky has also come under US. scrutiny for other reasons after claims that it distributed malware samples that were designed to trigger false positives by rival companies, prompting them to isolate legitimate software on users’ computers. Kaspersky denied it.

But the stories apparently drew attention in the White House and intelligence agencies and decreased Kaspersky’s chances of getting significant government contracts.

Exertis becomes Kaspersky B2B distributor

40153923-1-kaspersky1Anti-virus outfit Kaspersky has named Exertis UK as its new B2B channel distributor.

Exertis will offer its reseller base Kaspersky’s range of value-add B2B products, including anti-virus, malware detection and firewalls.

Kaspersky said that the appointment followed a substantial growth in the UK B2B space over the last year.  It now has 250 new resellers registering as a partner, giving 582 in total.

The two firms already have an existing partnership in the consumer space space (B2C) but now Exertis can offer the security companies products to business-to-business resellers.

Kaspersky UK and Ireland MD Kirill Slavin said: “Protection is not just about patching on basic security for businesses today, it is about building cyber-resilience into the very heart of operations. There is an immense opportunity for the channel and we’re delighted to use Exertis  to bolster sales.

“Exertis brings two  distinct approaches to the market. Its value added distribution offering encompasses technical excellence and experience in the security arena. It can also help our business get further reach into the mass reseller community, a move which is invaluable for resellers and customers alike.”

Exertis VAD Solutions MD Grahame Smee said: “We’re looking forward to working with Kaspersky as it enters an exciting stage of growth in the channel.

“The cyber-threat landscape is evolving and this relationship will help us to deliver a value-add proposition for businesses from a company that is globally renowned for its knowledge and expertise in the cybersecurity arena.”

Kaspersky finds more US snoops

spyMoscow-based Kaspersky Labs has uncovered more evidence indicating that the US National Security Agency is behind a particularly successful hacking group.

“Equation Group” ran the most advanced hacking operation ever uncovered and was untouched for more than 14 years.

Kaspersky researchers did not say that the hackers were the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project.

However the mountain of  evidence that Kaspersky provided  strongly implicated the spy agency.

The strongest new tie to the NSA was the string “BACKSNARF_AB25” discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed “EquationDrug.” “BACKSNARF,” according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA’s Tailored Access Operations.

“BACKSNARF” joins a host of other programming “artifacts” that tied Equation Group malware to the NSA. They include “Grok,” “STRAITACID,” and “STRAITSHOOTER.” Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the “BACKSNARF” artifact isn’t conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems tiny.

The code word is included in a report Kaspersky detailing new technical details uncovered about Equation Group.

Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organised software development team.

The timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US.

 

 

Western spooks behind Regin

 james_bond_movie_poster_006Security experts at Kaspersky Lab have discovered shared code and functionality between the Regin malware and a similar platform  in a newly disclosed set of Edward Snowden documents 10 days ago by Germany’s Der Spiegel.

The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together.

Writing in their blog, Kaspersky Lab researchers Costin Raiu and Igor Soumenkov  said that considering the extreme complexity of the Regin platform there’s little chance that it can be duplicated by somebody without having access to its source codes.

They think that the QWERTY malware developers and the Regin developers were the same or working together.

The Der Spiegel article describes how the U.S National Security Agency, the U.K.’s GCHQ and the rest of the Five Eyes are allegedly developing offensive Internet-based capabilities to attack computer networks managing the critical infrastructure of its adversaries.

QWERTY is  a module that logs keystrokes from compromised Windows machines; Der Spiegel said the malware is likely several years old and has likely already been replaced.

Kaspersky researchers Raiu and Soumenkov said QWERTY malware is identical in functionality to a particular Regin plugin.

Raiu and Soumenkov said within QWERTY there were three binaries and configuration files. One binary called 20123.sys is a kernel mode component of the QWERTY keylogger that was built from source code also found in a Regin module, a plug-in called 50251.

Side-by-side comparisons of the respective source code shows they are close to identical and sharing large chunks of code.

Regin was discovered in late November by Kaspersky Lab and it was quickly labelled one of the most advanced espionage malware platforms ever studied, surpassing even Stuxnet and Flame in complexity. The platform is used to steal secrets from government agencies, research institutions, banks and can even be tweaked to attack GSM telecom network operators.

 

 

China bans Symantec and Kaspersky

great wallThe Chinese government has banned anti-virus companies Symantec and Kaspersky Lab from working on government contracts behind the bamboo curtain.

A Chinese media report suggested Beijing is expanding efforts to limit use of foreign technology and Symantec, which is owned by the US and Kaspersky, which has Russian owners are no longer allowed to apply for government contracts.

The state-controlled People’s Daily reported that government procurement office had approved the use five anti-virus software brands, all from China: Qihoo 360, Venustech, CAJinchen, Beijing Jiangmin and Rising.

Kaspersky is apparently not giving up and is going to have a word with the Chinese authorities about this matter. It is too premature to go into any additional details at this time.

Beijing is keen on promoting use of domestic information technology products after leaks from former National Security Agency contractor Edward Snowden raised concerns about foreign surveillance programmes.

Symantec said that that China had banned use of one of its data loss prevention products and it was currently in talks about the ban. However, a Symantec spokeswoman said that there was no indication of a ban on the company’s flagship anti-virus software programs.

In May Chinese authorities had banned government use of Windows 8 “to ensure computer security after Microsoft ended support for its Windows XP operating system”, which was widely used in China.

Intel doesn’t back Lady Geek dot com

Belinda ParmarA woman on the radio this morning hit out at womens’ magazines for not including enough information on gadgets and the like.

Belinda Parmar, the CEO of the agency with a website at ladygeek.com (pictured) said in a discussion on BBC Radio 4’s Today programme that technology “empowered” women and said magazines such as Glamour didn’t include enough features about tech.

The agency numbers among its clients Nokia, Dell, Microsoft, Sony, Vodafone,Kaspersky, Ubisoft and, er, the BBC. But not Intel.

According to its web page, 80 percent of all tech decisions are influenced by women but only three percent of advertising creative directors are women.

Technology is commoditised now so no one really cares about it anymore apart from Microsoft, Sony and the rest.

Phishing attempts triple

fishingEvery single day roughly 3,000 UK web users were sent a phishing attack between 2012 and 2013, triple the levels seen between 2011 and 2012.

That’s according to a new Kaspersky Lab’s report, “the evolution of phishing attacks”, revealing what was once a subset of spam has grown into its own category of cyber attack. The most targeted websites were Facebook, Yahoo, Google and Amazon, with Facebook and Yahoo overwhelmingly ahead as targeted sites.

Worldwide, attacks reached an average of 102,100 people each day, with the most common targets being web users in Russia, the United States, India, Vietnam and the UK. Most servers hosting the phishing pages were registered in the USA, the UK, Germany. Russia and India.

Kaspersky discovered that half of all identified attack sources came from only 10 countries, signifying there is quite a small number of preferred regions from which to launch the attacks.

20 percent of phishing attacks were set up to mimic banks or financial organisations.

Kaspersky’s deputy CTO for research, Nikiti Shvetsov, said the enormous increase shows that phishing is not just a subset for spammers. “These attacks are relatively simple to organise and are demonstrably effective, attracting an increasing number of cybercriminals,” Shvetsov said.

SMB managers don’t take BYOD seriously

kasperskylogoA survey by TNS Infratest commissioned by Kaspersky Lab claims that just 35 percent of IT managers have admitted having strict rules in place to understand and control company information on personal devices – despite the upsurge in BYOD corporate policy.

Many SMBs are not taking the implications that come with BYOD serious enough, the report suggests. More and more employees are using their own devices in the workplace, and the study points to the over 500,000 mobiles stolen in 2011/2012 as reason enough management should be making more considerations. “Businesses can face company data falling into the wrong hands if not effectively managed,” TNS says.

Because smartphones and tablets are a desirable target for pickpockets and thieves, IT managers must know precisely what corporate information is on their employees’ devices. A sandbox style approach to operating systems can help here.

Kaspersky’s senior security researcher David Emm said in a statement that “only when clear BYOD rules are in place can adequate steps be taken to build robust security, should a device be lost or stolen”.

“To best protect data a policy should include file encryption, blocking access to the corporate network and, in the best case, wiping all data on the device,” Emm said.

This survey questioned 1,762 IT decision makers all over Europe. Companies with 10-500 employees were surveyed.

Computerlinks becomes B2B Kaspersky distie

kasperskylogoDistributor Computerlinks has won a contract to sell Kaspersky Lab’s portfolio with a view to drive growth in the B2B market.

Kaspersky hopes this strategy will boost the company’s routes to market as well s increasing its presence in the UK. Computerlinks will offer channel partners Kaspersky’s Endpoint Security for Business as a key asset in its security portfolio.

Endpoint Security for Business lets companies both control and protect on site devices as well as cutting resource demands on IT teams, bringing mobile device management, data protection, systems management, and endpoint under one management console.

Director for B2B sales and marketing at Kaspersky Lab, Matthew Robinson, said that Computerlinks’ experience in value-add will prove “invaluable” to customers and channel partners.

He added that Kaspersky’s new strategy, which focuses on a full value model running along with the existing volume business, will keep Kaspersky “at the forefront of the evolving channel landscape”.

Computerlinks’ director of core technologies, David Caughtry, said that the deal is part of Kaspersky’s “exciting stage of growth”.