Russian security outfit Kaspersky Lab has told security reseller Quadsys to go forth and multiply after its company bosses admitted hacking rivals.
Quadsys owner Paul Streeter, MD Paul Cox, director Alistair Barnard, account manager Steve Davis and security consultant Jon Townsend pleaded guilty to securing unauthorised access to computer material, contrary to section 1 of the Computer Misuse Act 1990.
The five were charged in summer 2015 with hacking into a rival’s database to plunder customer information and pricing details. Sentencing is set for 9 September.
Quadsys, which was accredited as a Kaspersky Gold partner, the vendor’s top tier certification has moved to distance itself from the troubled outfit and has ended its business relationship with the company.
Others are expected to follow, but still have not gone on record. Sophos had actually promoted Quadsys to its platinum certification on 1 August, just nine days after the Quadsys Five pleaded guilty at Oxford Crown Court.
Two of Kaspersky Lab’s top US executives have cleaned out their desk after they failed to convince US government officials that not everyone in Russia is a pawn in Tsar Putin’s game.
The company’s leader of its North American operations and the head of a Washington-area office went as it struggles to win US government contracts.
Company Chief Executive Eugene Kaspersky confirmed the changes in an interview with Reuters during a visit to China but claimed the two personnel changes were unrelated.
Kaspersky said the North America head Christopher Doggett had gone to a competitor while Kaspersky “decided to change leadership in DC,” where the two-year-old office pursues work protecting government agencies and critical infrastructure.
Doggett and former Washington-area head Adam Firestone are not saying anything.
But the shakeup comes at a time when Kaspersky says it is hard for non-American security companies to win bids for federal jobs and big US corporate contracts. The Americans were not really loyal to any non-American products and only British companies are treated in the same way as the Americans.
Kaspersky has been the foremost researcher uncovering Western government spyware for the past several years. Earlier this year, it said it had itself been attacked by one of the most sophisticated strains uncovered to date, with an intrusion it hinted came from U.S. ally Israel.
Kaspersky has also come under US. scrutiny for other reasons after claims that it distributed malware samples that were designed to trigger false positives by rival companies, prompting them to isolate legitimate software on users’ computers. Kaspersky denied it.
But the stories apparently drew attention in the White House and intelligence agencies and decreased Kaspersky’s chances of getting significant government contracts.
Anti-virus outfit Kaspersky has named Exertis UK as its new B2B channel distributor.
Exertis will offer its reseller base Kaspersky’s range of value-add B2B products, including anti-virus, malware detection and firewalls.
Kaspersky said that the appointment followed a substantial growth in the UK B2B space over the last year. It now has 250 new resellers registering as a partner, giving 582 in total.
The two firms already have an existing partnership in the consumer space space (B2C) but now Exertis can offer the security companies products to business-to-business resellers.
Kaspersky UK and Ireland MD Kirill Slavin said: “Protection is not just about patching on basic security for businesses today, it is about building cyber-resilience into the very heart of operations. There is an immense opportunity for the channel and we’re delighted to use Exertis to bolster sales.
“Exertis brings two distinct approaches to the market. Its value added distribution offering encompasses technical excellence and experience in the security arena. It can also help our business get further reach into the mass reseller community, a move which is invaluable for resellers and customers alike.”
Exertis VAD Solutions MD Grahame Smee said: “We’re looking forward to working with Kaspersky as it enters an exciting stage of growth in the channel.
“The cyber-threat landscape is evolving and this relationship will help us to deliver a value-add proposition for businesses from a company that is globally renowned for its knowledge and expertise in the cybersecurity arena.”
Moscow-based Kaspersky Labs has uncovered more evidence indicating that the US National Security Agency is behind a particularly successful hacking group.
“Equation Group” ran the most advanced hacking operation ever uncovered and was untouched for more than 14 years.
Kaspersky researchers did not say that the hackers were the NSA, saying only that the operation had to have been sponsored by a nation-state with nearly unlimited resources to dedicate to the project.
However the mountain of evidence that Kaspersky provided strongly implicated the spy agency.
The strongest new tie to the NSA was the string “BACKSNARF_AB25” discovered only a few days ago embedded in a newly found sample of the Equation Group espionage platform dubbed “EquationDrug.” “BACKSNARF,” according to page 19 of this undated NSA presentation, was the name of a project tied to the NSA’s Tailored Access Operations.
“BACKSNARF” joins a host of other programming “artifacts” that tied Equation Group malware to the NSA. They include “Grok,” “STRAITACID,” and “STRAITSHOOTER.” Just as jewel thieves take pains to prevent their fingerprints from being found at their crime scenes, malware developers endeavor to scrub usernames, computer IDs, and other text clues from the code they produce. While the presence of the “BACKSNARF” artifact isn’t conclusive proof it was part of the NSA project by that name, the chances that there were two unrelated projects with nation-state funding seems tiny.
The code word is included in a report Kaspersky detailing new technical details uncovered about Equation Group.
Among other new data included in the report, the timestamps stored inside the Equation Group malware showed that members overwhelmingly worked Monday through Friday and almost never on Saturdays or Sundays. The hours in the timestamps appeared to show members working regular work days, an indication they were part of an organised software development team.
The timestamps show the employees were likely in the UTC-3 or UTC-4 time zone, a finding that would be consistent with people working in the Eastern part of the US.
Security experts at Kaspersky Lab have discovered shared code and functionality between the Regin malware and a similar platform in a newly disclosed set of Edward Snowden documents 10 days ago by Germany’s Der Spiegel.
The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together.
Writing in their blog, Kaspersky Lab researchers Costin Raiu and Igor Soumenkov said that considering the extreme complexity of the Regin platform there’s little chance that it can be duplicated by somebody without having access to its source codes.
They think that the QWERTY malware developers and the Regin developers were the same or working together.
The Der Spiegel article describes how the U.S National Security Agency, the U.K.’s GCHQ and the rest of the Five Eyes are allegedly developing offensive Internet-based capabilities to attack computer networks managing the critical infrastructure of its adversaries.
QWERTY is a module that logs keystrokes from compromised Windows machines; Der Spiegel said the malware is likely several years old and has likely already been replaced.
Kaspersky researchers Raiu and Soumenkov said QWERTY malware is identical in functionality to a particular Regin plugin.
Raiu and Soumenkov said within QWERTY there were three binaries and configuration files. One binary called 20123.sys is a kernel mode component of the QWERTY keylogger that was built from source code also found in a Regin module, a plug-in called 50251.
Side-by-side comparisons of the respective source code shows they are close to identical and sharing large chunks of code.
Regin was discovered in late November by Kaspersky Lab and it was quickly labelled one of the most advanced espionage malware platforms ever studied, surpassing even Stuxnet and Flame in complexity. The platform is used to steal secrets from government agencies, research institutions, banks and can even be tweaked to attack GSM telecom network operators.
The Chinese government has banned anti-virus companies Symantec and Kaspersky Lab from working on government contracts behind the bamboo curtain.
A Chinese media report suggested Beijing is expanding efforts to limit use of foreign technology and Symantec, which is owned by the US and Kaspersky, which has Russian owners are no longer allowed to apply for government contracts.
The state-controlled People’s Daily reported that government procurement office had approved the use five anti-virus software brands, all from China: Qihoo 360, Venustech, CAJinchen, Beijing Jiangmin and Rising.
Kaspersky is apparently not giving up and is going to have a word with the Chinese authorities about this matter. It is too premature to go into any additional details at this time.
Beijing is keen on promoting use of domestic information technology products after leaks from former National Security Agency contractor Edward Snowden raised concerns about foreign surveillance programmes.
Symantec said that that China had banned use of one of its data loss prevention products and it was currently in talks about the ban. However, a Symantec spokeswoman said that there was no indication of a ban on the company’s flagship anti-virus software programs.
In May Chinese authorities had banned government use of Windows 8 “to ensure computer security after Microsoft ended support for its Windows XP operating system”, which was widely used in China.
A woman on the radio this morning hit out at womens’ magazines for not including enough information on gadgets and the like.
Belinda Parmar, the CEO of the agency with a website at ladygeek.com (pictured) said in a discussion on BBC Radio 4’s Today programme that technology “empowered” women and said magazines such as Glamour didn’t include enough features about tech.
The agency numbers among its clients Nokia, Dell, Microsoft, Sony, Vodafone,Kaspersky, Ubisoft and, er, the BBC. But not Intel.
According to its web page, 80 percent of all tech decisions are influenced by women but only three percent of advertising creative directors are women.
Technology is commoditised now so no one really cares about it anymore apart from Microsoft, Sony and the rest.
Every single day roughly 3,000 UK web users were sent a phishing attack between 2012 and 2013, triple the levels seen between 2011 and 2012.
That’s according to a new Kaspersky Lab’s report, “the evolution of phishing attacks”, revealing what was once a subset of spam has grown into its own category of cyber attack. The most targeted websites were Facebook, Yahoo, Google and Amazon, with Facebook and Yahoo overwhelmingly ahead as targeted sites.
Worldwide, attacks reached an average of 102,100 people each day, with the most common targets being web users in Russia, the United States, India, Vietnam and the UK. Most servers hosting the phishing pages were registered in the USA, the UK, Germany. Russia and India.
Kaspersky discovered that half of all identified attack sources came from only 10 countries, signifying there is quite a small number of preferred regions from which to launch the attacks.
20 percent of phishing attacks were set up to mimic banks or financial organisations.
Kaspersky’s deputy CTO for research, Nikiti Shvetsov, said the enormous increase shows that phishing is not just a subset for spammers. “These attacks are relatively simple to organise and are demonstrably effective, attracting an increasing number of cybercriminals,” Shvetsov said.
A survey by TNS Infratest commissioned by Kaspersky Lab claims that just 35 percent of IT managers have admitted having strict rules in place to understand and control company information on personal devices – despite the upsurge in BYOD corporate policy.
Many SMBs are not taking the implications that come with BYOD serious enough, the report suggests. More and more employees are using their own devices in the workplace, and the study points to the over 500,000 mobiles stolen in 2011/2012 as reason enough management should be making more considerations. “Businesses can face company data falling into the wrong hands if not effectively managed,” TNS says.
Because smartphones and tablets are a desirable target for pickpockets and thieves, IT managers must know precisely what corporate information is on their employees’ devices. A sandbox style approach to operating systems can help here.
Kaspersky’s senior security researcher David Emm said in a statement that “only when clear BYOD rules are in place can adequate steps be taken to build robust security, should a device be lost or stolen”.
“To best protect data a policy should include file encryption, blocking access to the corporate network and, in the best case, wiping all data on the device,” Emm said.
This survey questioned 1,762 IT decision makers all over Europe. Companies with 10-500 employees were surveyed.
Distributor Computerlinks has won a contract to sell Kaspersky Lab’s portfolio with a view to drive growth in the B2B market.
Kaspersky hopes this strategy will boost the company’s routes to market as well s increasing its presence in the UK. Computerlinks will offer channel partners Kaspersky’s Endpoint Security for Business as a key asset in its security portfolio.
Endpoint Security for Business lets companies both control and protect on site devices as well as cutting resource demands on IT teams, bringing mobile device management, data protection, systems management, and endpoint under one management console.
Director for B2B sales and marketing at Kaspersky Lab, Matthew Robinson, said that Computerlinks’ experience in value-add will prove “invaluable” to customers and channel partners.
He added that Kaspersky’s new strategy, which focuses on a full value model running along with the existing volume business, will keep Kaspersky “at the forefront of the evolving channel landscape”.
Computerlinks’ director of core technologies, David Caughtry, said that the deal is part of Kaspersky’s “exciting stage of growth”.