Kaspersky Cyber Security Summit: How to adapt to inevitable?

April 30, 2015

Mid-April in Singapore was pretty hot not only because of tropical climate, but also because of INTERPOL World – a huge conference/exhibition organized by INTERPOL to give security product vendors (from firearms to surveillance systems) an opportunity to show their products to potential customers such as government entities, law enforcement agencies or private security companies.

It is the perfect place to discuss topical issues in cybersecurity and potential collaborations between the private sector and governments when it comes to fighting cyberthreats. That’s exactly what we, at Kaspersky Lab, thought before inaugurating our annual cybersecurity summit as a satellite event of INTERPOL World.

In previous years, the summit mostly focused on the kinds of cyberthreats that are out there and what products and technologies could be used by business entities to address those threats. This year, the concept was slightly different. Although Kaspersky Lab presented its vision on enterprise security, that wasn’t the main topic of the event.

We titled our summit “Business Under Attack: Adapting to the Inevitable”, because let’s face it: cyberthreats are not the thing you need to avoid if you have at least one electronic device with internet connectivity in your organization. It is also not the kind of problem that you can solve once and for all. But cyberthreats are also not a death sentence. At the end of the day it is just another business risk, which can and should be addressed.

That’s why the summit was dedicated to the discussion of how companies and government organizations, including law enforcement agencies, could cooperate with each other efficiently in order to neutralize cybercriminals. And therefore protect businesses, authorities and society against cyberthreats by addressing common mistakes, best practices and new ideas. We think that this approach to the problem is much more efficient and practical rather than just describing the threats and offering a software cure. Yes, that would protect an enterprise from certain kinds of threats, but it would not help an enterprise learn how to treat cybersecurity in its constant changing state and complexity. And here is what we have as a result.

Threat context

Why cybersecurity matters? Because there are threats out there, as Captain Obvious would say. The biggest part of the Kaspersky Cybersecurity Summit covered the latest cyberthreat trends spotted by Kaspersky Lab researchers. In his presentation, Vitaly Kamluk, Principal Security Researcher at Kaspersky Lab GReAT covered three Ms of Advanced Persistent Risks to Business: Motives, Means and Methods of cyber adversaries.

The in-depth thirty minute long overview of the modern cyberthreat landscape by Vitaly included many things for CISOs and CIOs of modern companies to seriously consider. In particular a big part of the presentation was dedicated to describing the arsenal that adversaries use in order to penetrate a targeted company, including their infiltration techniques and tactics. In other words, it was a brief cybersecurity training for people who viewed cyberthreats as those annoying but not that dangerous viruses, lousily made spam messages and phishing pages that company employees encounter occasionally. No. They’re not something that staff system administrator would be able to fix in 5 minutes. You need to implement a range of cautionary tactics to avoid such risks –the main idea in Vitaly’s presentation.

Right after Vitaly, the mic was passed to Costin Raiu, Director of the Global Research and Analysis Team. He presented the results of the new GReAT research on the Hellsing threat actor. (More information can be found on Securelist). In short, this is a new cyberespionage group targeting government and diplomacy organizations in the APAC region. Of course this is not the only APAC APT discovered by Kaspersky Lab. Previously we performed research on Darkhotel, Kimsuky, Winitti and Nettraveller that also supposedly originating from APAC countries. Hellsing is the new actor in this list. The list illustrates one worrying trend: APAC is a hot spot for targeted attacks.

“This is the region where a range of actively developing countries are situated. In the geopolitical and economic area they’re constantly and drastically competing with each other. And such a situation serves as a fertile ground for new APT actors to emerge”, – said Costin Raiu to the Kaspersky Business Blog.

Another dangerous trend mentioned by Mr. Raiu is so-called APT wars. The Hellsing threat actor was discovered through a stroke of luck: Kaspersky Lab researchers were observing the spear-phishing activity of Naikon – the infamous and very active threat actor in the APAC region. Suddenly, they spotted one of the targets of Naikon’s spear-phishing campaign answering back with its own spear-phishing email containing a malicious attachment. This is how Hellsing was discovered.

According to Costin Raiu, the fact that two APT groups are intentionally trying to hit each other brings no good news for businesses and other organizations in the region.

“Just imagine the situation: a company has been successfully attacked by an espionage group. This espionage group steals a company’s sensitive data. Then this espionage group becomes a target of an attack performed by another espionage group. The question is: how many espionage groups now have access to the confidential information of the company that was attacked initially?” asks Raiu.

In other words, the cybersecurity situation is getting more and more complicated. But as we already mentioned above, this is not a reason to close business and downshift in Thailand. A small “product” part of our Summit was dedicated to how a business could protect itself against the advanced persistent risks like those described in the GReAT presentations.

In his presentation, Vladimir Zapolyansky, Vice President of Product and Technology Marketing at Kaspersky Lab, described how Kaspersky Lab’s enterprise portfolio could help companies address all cybersecurity risks. If you are interested in these particular offerings by Kaspersky Lab, rush to our Enterprise Security dedicated website to learn more.

2

Collaboration is the king

Perhaps the most interesting part of the Kaspersky Cybersecurity Summit 2015 agenda was two panel discussions. The first one, called “Getting Out of the Trap: Life Before and After the Breach” was dedicated to finding the most efficient ways of preventing, detecting and mitigating security breaches in companies. Participants of this panel included CEO of Kaspersky, Lab Eugene Kaspersky, a Special Advisor to the Cabinet Office for the Government of Japan, William H. Saito, and Senior Cybersecurity Advisor at Frost & Sullivan, Anthony Lim. Discussion was centered around factors that prevent companies from adequately responding to security incidents and prevention tactics that could make cyber attacks against a company as difficult and as costly as possible for the bad guys.

Panel participants also covered the issue of miscommunication between the private sector and government officials in regards to cybersecurity incidents: the problem of compliance-does-not-equal-security is still in place. Although there are a lot of prevalent issues in the area of addressing security breaches, all participants concluded that, in general, the process of creating efficient security practices is developing in the right direction.

According to Eugene Kaspersky, both individual and corporate users are more aware of the cyber threats they face than they were five or ten years ago. Many software developers and manufacturers of computerized devices put greater effort into making their products more secure straight out of the box. Similarly, individuals and businesses increasingly consider security issues when they expand their IT – be it new consumer devices or corporate computerized infrastructure. Nonetheless, Eugene says there’s still a long way to go before achieving acceptable levels of IT security. At the end of the panel he joked, “The world is going in the right direction, so maybe in two or three hundred years we’ll see reliable, bug-free, non-hackable IT”.

The second panel was a case-study conversation focused on addressing the cyber attacks against financial institutions. Earlier this year Kaspersky Lab released research on Carbanak – a major targeted attack against banks and other financial institutions. This investigation was made in collaboration with law enforcement agencies and the financial industry, and in the end interrupted the Carbanak operation’s activity and the cybercriminals behind it.

This served as a discussion scenario for participants of the panel: using this real world example they analyzed what was done well and what could be done better the next time an industry encounters cybercriminal actors with a skill level comparable to that of the criminals behind Carbanak.

The participants of this panel included Joe Chan, Head Intelligence of Financial Crime and Security Services at DBS Bank, Vicente Diaz, Principal Security Researcher at Kaspersky Lab, Roeland van Zeijst M.Sc B.ICT, Strategy Expert at National High Tech Crime Unit in the Netherlands, and Benoit Godart, Head of Outreach & Support for the European Cybercrime Centre (EC3) in EUROPOL.

Overall, this panel concluded that the only possible way to fight cybercrime today, especially a group as global and sophisticated as Carbanak was, is with efficient and operative collaboration between the attack targets, security experts, and law enforcement agencies. In a time when bad guys are creating distributed, multinational gangs of well-educated IT criminals, good guys need to create their own flexible, professional, and global response network ready to react and combat a cyber crime in an instant.

This is a synopsis of what Kaspersky Cybersecurity Summit 2015 was like. Per usual, we didn’t discover a universal answer to what ideal security would look like. But that wasn’t our aim. The mission of this event was to gather all the right people in one place and give them a platform that facilitated serious discussion about what matters most when it comes to corporate cybersecurity –a mission we believe we accomplished.