Vitaly Kamluk, Principal Security Researcher with a thick Belarusian accent, led the Kaspersky Security Briefing.
Kamluk has been with Kaspersky for 13-years and served for
two years INTERPOL digital crime centre. He knows his stuff and has an abundance
of exuberance for finding the bad guys.
The Kaspersky Security briefing was wide ranging so I will just cover the salient points that should interest GadgetGuy readers.
He told the back story of the highly targeted attack –
Olympic Destroyer – at the 2018 PyeongChang Winter Olympic Games.
In essence, it was a self-modifying
destructive worm that that got in via a
legitimate IT service provider and a ski-gate automation server. It was designed
to inflict as much damage as possible by wiping infected computers.
Kamluk explained why Kaspersky refrained from commenting on the
malware until it was sure. You see part of a hacker’s ego want to be known – it’s
prestigious to attack the Winter Olympics and may lead to more work!
Kaspersky realised early on that Olympic Destroyer was an amazing example of false flags and an
attribution nightmare. Other AV companies blamed the Russians, Chinese and North
Koreans but it was all about using fake headers to obscure the real culprits.
No new advanced persistent threats – just a lot
of recycled ones. Basically, that means
there are enough unpatched systems left to attack and make an easy dollar.
More attacks on network hardware. Why worry
about the computer when its easier to
infect routers, switches and network devices and exfiltrate data that way.
New, amateur cyber-criminals
are emerging from South-East Asia using readily available hacking tools
from the dark web – until they learn to write their own!
More tools to attack computer CPU and UEFI bios
to make the infection persistent
Spear phishing to remain the principal way to get into a system but increased
use of a victim’s social media to
socially engineer the attack for greater success.
More destructive malware – because they can!
More mobile malware. The leaking of the iOS operating
system in February 2018 has lead to more
attacks on iOS.
IOT is a huge
risk as an attack vector
Kamluk would not comment on what was more secure – iOS or Android.
He did say that the current versions effectively use sandbox techniques to limit malware. He added that each version of Android gets more secure. But iOS attacks are getting more prevalent. See Motherboard article here and Kaspersky’s official blog here.
His words on IoT. “IoT is a huge problem. It is insane. It
simply does not get updated and who could have thought an IoT vacuum cleaner could
become part of a botnet or an entry point
to a home network.”
IoT needs more standards and
very tight network security otherwise it’s a time bomb. See Kaspersky blog
The next Kaspersky security briefing is scheduled for April from its Security Analyst Summit to be held in Singapore. That should be interesting.