Kaspersky security briefing – another day, another hack attack

Vitaly Kamluk, Principal Security Researcher with a thick Belarusian accent, led the Kaspersky Security Briefing.

Kamluk has been with Kaspersky for 13-years and served for two years INTERPOL digital crime centre. He knows his stuff and has an abundance of exuberance for finding the bad guys.

The Kaspersky Security briefing was wide ranging so I will just cover the salient points that should interest GadgetGuy readers.

He told the back story of the highly targeted attack – Olympic Destroyer – at the 2018 PyeongChang Winter Olympic Games.

In essence, it was a self-modifying destructive worm that that got in via a legitimate IT service provider and a ski-gate automation server. It was designed to inflict as much damage as possible by wiping infected computers.

Kamluk explained why Kaspersky refrained from commenting on the malware until it was sure. You see part of a hacker’s ego want to be known – it’s prestigious to attack the Winter Olympics and may lead to more work!

Kaspersky realised early on that Olympic Destroyer was an amazing example of false flags and an attribution nightmare. Other AV companies blamed the Russians, Chinese and North Koreans but it was all about using fake headers to obscure the real culprits.

You can read more on its blog here.

 Kaspersky Security Briefing 2019 predictions

1. No new advanced persistent threats – just a lot of recycled ones. Basically, that means there are enough unpatched systems left to attack and make an easy dollar.
2. More attacks on network hardware. Why worry about the computer when its easier to infect routers, switches and network devices and exfiltrate data that way.
3. New, amateur cyber-criminals are emerging from South-East Asia using readily available hacking tools from the dark web – until they learn to write their own!
4. More tools to attack computer CPU and UEFI bios to make the infection persistent
5. Spear phishing to remain the principal way to get into a system but increased use of a victim’s social media to socially engineer the attack for greater success.
6. More destructive malware – because they can!
7. More mobile malware. The leaking of the iOS operating system in February 2018 has lead to more attacks on iOS.
8. IOT is a huge risk as an attack vector

Kamluk would not comment on what was more secure – iOS or Android.

He did say that the current versions effectively use sandbox techniques to limit malware. He added that each version of Android gets more secure. But iOS attacks are getting more prevalent. See Motherboard article here and Kaspersky’s official blog here.

His words on IoT. “IoT is a huge problem. It is insane. It simply does not get updated and who could have thought an IoT vacuum cleaner could become part of a botnet or an entry point to a home network.”

IoT needs more standards and very tight network security otherwise it’s a time bomb. See Kaspersky blog here.

The next Kaspersky security briefing is scheduled for April from its Security Analyst Summit to be held in Singapore. That should be interesting.