June 29, 2017

Behind the Scenes of Kaspersky Lab’s top APT discoveries

Launch of the GReAT in Person website aims to inspire the next generation of IT security professionals and inform business of the benefits of threat intelligence

From a one billion cyber heist investigation and analysis of a cyberespionage group exploiting satellites to hide its traces, to research into sophisticated wiper malware able to disrupt a region’s oil industry, and more – this is everyday life for the 40+ experts who make up Kaspersky Lab’s Global Research and Analysts Team (GReAT). To showcase the depth and diversity of these modern Sherlocks, demonstrate how the brightest brains solve the hardest cyber-puzzles, and encourage others to join them on their cyber-detective journeys, Kaspersky Lab has launched the GReAT in Person website.

behind-the-scenes

Demand for cybersecurity professionals is rising faster than the number of people with the right skills, experience and interest. Five years from now the world is expected to have a shortfall of 1.8 million cybersecurity professionals, caused in part by a failure to recruit young millennials into IT. Kaspersky Lab’s new project will help to address this obstacle: by focusing on the people that make up GReAT and the stories of some of their top discoveries, it hopes to challenge the outdated perceptions about careers and life in IT security.

The Global Research & Analysis Team (GReAT) is one of the company’s most important assets comprising top-notch security researchers who constantly analyze new and advanced cyberthreats and develop protection for all Kaspersky Lab’s customers and partners. Established in 2008, the team now consists of 42 experts working globally – in Europe, Russia, Americas, Asia, Middle East.

Over the last few years, GReAT’s combination of expertise and passion has led to the discovery of some of the world’s most high-profile targeted attacks including Miniduke, Flame, Equation, Red October, Duqu 2.0, CozyDuke, ProjectSauron and Regin. These kinds of attacks cost millions of dollars to run and require months of expert development. Government, military, scientific, commercial and industrial organizations are all at risk. Targeted because of who they are, where they are, what they do or who they do it with.

“The global cyber-threat landscape is complex now, including not just cybercriminals in search of financial gain, but also nation-states and hacktivists. Campaigns that, at first, appeared to be isolated events – for example the Bangladesh bank heist – were in fact the tip of the iceberg. At any moment in time there are hundreds, if not thousands of as yet unknown and unidentified attacks taking place. The predators never sleep – so nor do the threat hunters.” This is how Costin Raiu, Director of GReAT, explains his team’s hunger for new discoveries.

GReAT’s experts currently track more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in over 80 countries. After doing the research, the company’s experts create reports to help organizations with forensics and malware-hunting.

Some of the investigations that Kaspersky Lab undertakes turn into joint operations between GReAT and international organizations such as INTERPOL and Europol, national and regional law enforcement agencies, such as City of London Police and the National High Tech Crime Unit (NHTCU) of the Netherlands’ Police Agency; or with Computer Emergency Response Teams (CERTs) worldwide. During investigations, the company’s researchers provide technical expertise such as the analysis of infection vectors, malicious programs, supported Command & Control infrastructure and exploitation methods.

“I may be a Director, but at heart, I’m still a security researcher. And I’m still driven by the need to get there before someone else does! My personal areas of interest include APTs, exploits, complex threats and pretty much everything that is hot at any given time,” adds Costin Raiu.

The GReAT in Person website is also an introduction and gateway to the company’s threat intelligence services, designed to meet the most frequent demands of large businesses, governmental organizations and law enforcement agencies dealing with cybercrime.

It is now clear that organizations need more than endpoint protection to stay secure in an increasingly complex and constantly evolving cyber-threat landscape. That’s why Kaspersky Lab has introduced an APT Intelligence Reporting service that offers made-to-order reports on specific aspects of the threat landscape, as well as prompt, actionable reports on the latest and most sophisticated threats. It arms organizations with understanding of the threat landscape and reveals the actions they need to take.

Also, GReAT supports a Cybersecurity Training service including a workforce awareness program, as well as Cybersecurity Fundamentals, Digital Forensics and Malware Analysis/Reverse Engineering training.

Articles related to Press Releases