sign in sign up
<<
Home , Eugene Kaspersky, Industrial espionage, Market intelligence, NetTraveler

SPECIAL REPORT

Who’s spying on you? No is safe from cyber-

With Kaspersky, now you can. kaspersky.com/business Be Ready for What’s Next CONTENTS “Many cyberattacks can be mitigated by relatively Cyber-espionage: simple measures. Why should your business care? 4 Espionage is nothing new 5 Unfortunately, some What do the perpetrators gain? 7 people fail to take Is any business safe? 8 what appear to be basic precautions – such as Methods of spreading cyber-espionage 14 using strong passwords, Beyond cyber-espionage 16 applying patches and How can you protect running a security your business? 17 solution. In many cases, How security breaking into a company’s technologies can help 22 network is easier than Appendix: it sounds.” An overview of some COSTIN RAIU significant cyberthreats 28 “High-profile targeted DIRECTOR, GLOBAL RESEARCH & ANALYSIS TEAM A cyber-glossary 30 KASPERSKY LAB attacks on enterprises About Kaspersky 34 are becoming increasingly widespread. Thousands of have already been hacked and had their sensitive data stolen – resulting in multi-billion dollar losses. Cyber-espionage is a tangible and growing global threat today – and fighting it is one of the principal tasks we’ve set ourselves.”

EUGENE KASPERSKY CEO, KASPERSKY LAB

2 3 Why should your business Espionage is nothing new care about cyber-espionage?

Executive overview Espionage, in one form or another, has existed for as long as any Cyber-espionage may sound like some strangely exotic activity from organisation or individual has felt that it could gain an advantage the movies. However, the harsh reality is that almost any business by illicitly accessing someone else’s confidential . Everyone’s can become a target – or can be damaged in the crossfire when familiar with various nation states’ attempts to steal other countries’ cybercriminals launch an attack against another organisation. secrets. Similarly, has also been a feature of business life for a long time. However, recent years have seen a dramatic change in It’s largely immaterial whether your business is being directly targeted the level and nature of the espionage threats that can affect businesses or just happens to suffer collateral damage as a result of getting of all sizes. caught up in another organisation’s ‘battle’. Either way, the results can be devastating.

The ease with which cyber-espionage campaigns can be implemented is now In this report, Kaspersky Lab’s cybersecurity experts give you an enticing more organisations into running their own spying activities – even insight into: though many of these organisations would never have considered undertaking old-fashioned industrial espionage. • How businesses can suffer from direct – and indirect – cyber-espionage attacks • What you can do to protect your business… and its hard-won reputation • How specific technologies can help defend your corporate network and data against sophisticated threats

The risks are real – and they’re growing in volume and sophistication – but Kaspersky is here with sound advice… and innovative protection technologies.

4 5 What do the perpetrators So what’s changed? Simplified spying… with more As the Internet-enabled age gathered immediate rewards GAIN from cyber-espionage? pace and greater connectivity and Gone are the days of having to break improved mobile into office premises or patiently became possible, businesses were wait for ‘insider contacts’ to gather quick to recognise the benefits of information and pass on secrets. giving their employees, customers Rummaging through a company’s and suppliers ‘anywhere, anytime wastepaper bins or paying office staff access’ to business systems and to collect data was always inefficient, Different types of attackers “Information is power – so, when essential data. The efficiency and time-consuming and risky. Now, it’s have different objectives: a cybercriminal steals information, productivity benefits have been simply unnecessary. With the right • Cybercriminals readily the can neutralise any considerable – even ‘game changing’ computer hacking skills, individuals understand the value of advantage enjoyed by the original for many businesses, as the Internet and organisations can spy on corporate information. There owner of the data. has helped them to open up new companies and obtain valuable are opportunities to gain from This applies whether the target sales channels and generate information – without ever having extortion and ransom campaigns – is a nation state – holding military additional revenues. to leave the comfort of their office. as well as selling stolen data secrets – or a business with on the black . and However, that same ‘always-on Businesses can be attacked via • Hacktivists focus on causing commercial secrets that give connectivity’ – to business insecurities in their own website, reputation damage and disruption them a competitive advantage.” information and other sensitive data through vulnerabilities in popular to organisations that the – has also created opportunities business software that they’re hacktivists have issues with. They SERGEY LOZHKIN for cybercriminals. With businesses running or as a result of their realise that a leak of confidential SECURITY RESEARCHER GLOBAL RESEARCH & ANALYSIS TEAM storing intellectual property and employees clicking on malware- information – about customers, KASPERSKY LAB confidential information within infected emails. suppliers or employees – could networked systems, spying lead to severe embarrassment operations are much easier to and/or significant legal penalties. implement and can be much more • Cyber-mercenaries seek payment “Businesses of all sizes process rewarding for the perpetrators. from anyone who will hire them – and store data that’s of value including governments, protest to themselves, their customers groups or businesses – to steal and/or their competitors. Cyberattacks have a severe specific information. When businesses lose data… Even a simple database of impact on a business’s • Nation states (government … they often lose much more customer contact information ‘bottom line’ agencies) – or their contractors – is valuable.” Average losses in the event of a Average cost of a data loss incident focus on collecting strategic targeted cyberattack: for a large enterprise: information or disrupting industrial PETER BEARDMORE facilities in hostile countries. SENIOR DIRECTOR OF PRODUCT KASPERSKY LAB

$2.4mSource: Global Corporate IT Security Risks 2013, B2B International Source:$649,000 Global Corporate IT Security Risks 2013, B2B International

6 7 IS any business safe from cyber-espionage? Is your business a prime , Adobe and others attacked target? Described as a watershed moment in It is easy to understand why cybersecurity, the attack hit government organisations and Google, Adobe and over 30 other high profile military agencies are subjected companies in 2009.

to cyber-espionage attacks. Apart Despite efforts to address the software from state-sponsored initiatives, vulnerabilities that were exploited by protest groups often attackers, in 2012 it was revealed that the The simple answer is no. Even the smallest businesses can be directly attempt to disrupt government exploit continued to target defence contractors and the supply chains of third-party companies. targeted for the sensitive or valuable information they hold – from operations or steal sensitive customer banking details, to supplier information or even data that can information. Cyber-mercenaries The attackers seek to gain control over be used to help stage an attack on a larger enterprise. also target government bodies – corporate systems and steal sensitive data. to fulfil their employers’ objectives Insecure websites and email strategies are at the heart of what is widely For example, ‘ attacks’ – such as IceFog (see Appendix I) – for stealing money or data. believed to be a state-sponsored cyber- collect information from various third-party bodies/suppliers and then espionage attack. use that data to develop and enable targeted attacks against specific Similarly, because they hold a businesses or organisations. wealth of valuable information – and have hard-won business Attacks against American Express and reputations that they need to JP Morgan Chase protect – large enterprises and “When you’re assessing the risks to your business, never multinational corporations are In 2013, both American Express and underestimate how the ‘human element’ can weaken your also obvious targets for a vast JP Morgan Chase became the victims of cyberattacks that were claimed to have been defences. If employees fall for spear-phishing campaigns or array of different types launched by a religious group. However, US click on an ‘infected’ link in an email, your security could be of cyberattack, including intelligence and security experts believe that cyber-espionage. Iran was responsible for the attacks. at risk.” The attacks took both companies offline for SERGEY LOZHKIN several hours. SECURITY RESEARCHER GLOBAL RESEARCH & ANALYSIS TEAM Over a six-week period at the beginning of KASPERSKY LAB 2013, 15 of the US’s largest banks suffered a total of 249 hours offline as a result of cyberattacks. “It doesn’t matter if you’re talking about a Fortune 500 Company, or a two-person start-up operating in someone’s parents garage. Everyone has something to lose.”

CHARLES KOLODGY RESEARCH VICE PRESIDENT, SECURE PRODUCTS IDC

8 9 Every business can be a target So, all of these organisations are “Recently, the attackers have found it increasingly difficult to Medium-size and small businesses likely to have invested in robust break into big companies’ networks. Instead, they are focusing need to be aware that they are cybersecurity measures. also at risk. It’s all too easy for on the supply chain. By hacking into smaller companies’ medium/small businesses to By contrast, many of the companies networks, the attackers leverage the small companies’ dismiss the potential threats of that work with these organisations – knowledge and identities to break into bigger enterprises.” cyber-espionage and – as suppliers or contractors – may and mistakenly believe the risks not have a sufficiently good Costin Raiu Director, Global Research & Analysis Team only apply to nation states and large understanding of the modern Kaspersky Lab multinationals. This false sense of threat landscape, or what’s required security can result in businesses to ensure they keep ahead of the taking an overly relaxed attitude to cyberattackers. This obviously protecting their systems and data – creates opportunities for attackers Attacks on suppliers help to enable targeted attack against and that can make it even easier to gain access to their prime target – large USA manufacturer for cyber-spies to launch their attacks. via security vulnerabilities within a smaller supplier’s or contractor’s In 2011, US defence company – Lockheed Martin – was subject to a Furthermore, cybercriminals often systems. significant cyberattack. view medium/small companies as an entry point for attacks against Any business, including: The perpetrator had previously attacked two of Lockheed Martin’s suppliers, larger businesses. Many smaller including RSA – a security company. The information gathered from these businesses enjoy ‘trusted partner’ • Service providers two attacks is believed to have helped the perpetrator to launch their attack status with high profile enterprises – • Hardware suppliers against Lockheed Martin. and criminals are increasingly keen • Outsourced services companies to exploit those relationships. • Small or ‘one-person’ consultancies Lockheed Martin swiftly detected the attack and protected their systems and • Temporary employees/contractors data. However, the attack demonstrates how third-party companies can be Could your business be a used as stepping stones in attempts to compromise the security of larger ‘stepping stone’ for attacks … can be used as the first stage in enterprises. on other organisations? an attack against a multinational Government agencies, defence or a public sector organisation. departments, critical infrastructure owners – including power generators, gas suppliers, energy distribution grids and water suppliers, plus large companies in virtually every market sector, all recognise that they can be the prime targets for cyberattacks.

10 11 Losing your reputation Direct loss of valuable information Of course, if your business is merely used as a vehicle for attacking another It’s also worth assessing what type of information could be at risk if your organisation, you may not suffer any direct damage. However, the potential business does become the main target of a cyber-espionage attack. How for indirect damage is considerable. It’s worth considering the possible would it affect your business if any of the following data was stolen: consequences if your business is used as the ‘weak link’ that enables a cyber-espionage attack against one of your customers or partners: •  – including ‘inside information’ about your strengths, weaknesses and competitive position? • How would it affect your ongoing relationship with the customer/partner? • Product designs, details about innovative processes, know-how and other • Could there be legal consequences for your business? intellectual property? • How would any adverse publicity affect your reputation in your market? • Personal information about your employees? • Would you be able to prove that you had taken all possible precautions against • Customer databases – and confidential information about the attack? customers/clients? • Information about your partners, or sensitive partner information? Clearly, it’s best to do everything you can to avoid the embarrassment and loss of reputation that an indirect attack could bring.

A recent survey revealed organisations affected by data leaks experienced the following losses: “Building a strong business reputation demands tenacity and

consistency over an extended period. Losing a hard-earned Internal operating data 49% reputation can take just a few moments.”

Client/customer 35% DAVID EMM information SENIOR REGIONAL RESEARCHER GLOBAL RESEARCH & ANALYSIS TEAM KASPERSKY LAB Market & 22% Types of loss Types

Intellectual property 19%

% 0 25 50 % of organisations affected

Source: Global Corporate IT Security Risks 2013, B2B International

12 13 methods of spreading cyber-espionage malware

In order to distribute cyber-espionage • Social engineering techniques – programs, cybercriminals use many including spear-phishing of the same methods that they employ campaigns to spread other forms of malware – • Drive-by downloads – whereby including: merely visiting a security- compromised website can result • Exploitation of vulnerabilities within in a user’s machine becoming operating systems or applications – infected including some of the most commonly used software products, such as: o Java o Adobe Reader o Office o Internet Explorer o Adobe Flash… and more “Our understanding of cyberattacks has changed during recent years. What appeared to be isolated incidents – for example The Boomerang Effect and Duqu – were just the tip of

After a new cyber-espionage program has been detected and identified, you the iceberg. In reality, there are could be forgiven for thinking that the world becomes a safer place. Sadly, hundreds – if not thousands – you’d be wrong! The risks can increase – and the attack’s nasty effects of attacks ongoing at every single can even boomerang back on the perpetrators that initially launched the threat. moment… even if only a few are In some cases, attack methods have been copied by other cybercriminals and identified.” new attacks have been launched against the original attacker. COSTIN RAIU DIRECTOR, GLOBAL RESEARCH & ANALYSIS TEAM KASPERSKY LAB

14 15 BEYOND CYBER-ESPIONAGE... HOW CAN YOU PROTECT AND THE RISK YOUR BUSINESS AGAINST OF ‘COLLATERAL DAMAGE’ CYBER-ESPIONAGE?

Acts of cyberwarfare – whereby a So, when it comes to the possibility Even though some of the attacks may sound like something out of a nation state launches cyberattacks of collateral damage, if any of science fiction novel, unfortunately… they aren’t. They are today’s reality against another country – are on the your systems are connected to – and you need to guard against them. increase, and they can also have the Internet, they are at risk. It’s consequences for businesses. that simple.

In conventional wars, collateral Furthermore, in the case of an damage is the euphemistic term used attack against a nation’s critical “Cybercriminals are keen to learn new to refer to non-targeted infrastructure infrastructure – even if your techniques that can make their own and civilians that suffer as a result of business’s own corporate systems military operations. In the world of are not directly affected – you could attacks more effective. They’ll devote cyberwarfare, innocent businesses still suffer as a result of: and individuals can become part of the significant effort to collateral damage that results from an • Loss of access to cloud-based the most sophisticated attacks – even attack against another target. services and data storage • Inability to process online financial those developed by nation states. Once a cyberwarfare attack – against a transactions – including paying nation state – has been launched on suppliers and employees or the Internet, it could have many enabling customers to place orders Once the ‘genie is out of the bottle’ – and uncontrolled or undesirable • Supply chain issues – including consequences that stretch far beyond late shipments and delays in the new malware methods are ‘in the wild’ – the initially intended target. Nation processing of imports/exports states, military forces and your • Failure of telecoms systems – your only hope is that your security vendor business are all using the Internet including communications is at the top of their game.” – so, if a cyberwarfare attack is via VoIP or LAN lines launched, it’s possible that innocent • Failure of other parts of a country’s businesses will get caught up in critical infrastructure – such as SERGEY LOZHKIN SECURITY RESEARCHER the attack… and suffer malware power generation/distribution GLOBAL RESEARCH & ANALYSIS TEAM infections on their corporate IT • Loss of data that’s required for KASPERSKY LAB networks. compliance activities

16 17 Evaluate the risks… and Educate your personnel Consider your operating “One of the new trends we have establish a security policy about the risks system strategy observed is the emergence of It’s important that all businesses This is a key requirement. Many Bear in mind that recent operating destructive malware. One such assess the risks that could apply to cyber-espionage and other systems – such as Windows 7, example is – which was their business – and then establish attacks rely on human Windows 8 or Mac OS X – tend to used to attack Saudi Aramco and their own security policy. error or naivety to create the be more secure than their previous Rasgas, in 2012. Destructive conditions that give the counterparts. So it’s worth malware focuses on wide damage Many businesses fall into the trap of cybercriminals access to corporate considering this when devising to the victim’s network, disabling basing their security strategy on an systems and data. When it comes your IT upgrade strategy. their operation temporarily or out-of-date perception of the risks that to defending against attacks – causing irreparable damage. This existed 10 years ago. So make sure ‘forewarned is forearmed’. So make Similarly, 64-bit versions of most is a totally different mind-set from your policy is relevant to today’s sure you raise awareness of: computer operating systems tend financially motivated attacks, such threats and that it builds on a sound to be more resilient against as banking Trojans – and perhaps understanding of the current threat • The security risks and how cyberattacks. it’s even more dangerous.” landscape. Your policy should: cybercriminals may try to steal SERGEY LOZHKIN information and passwords SECURITY RESEARCHER • Define day-to-day security • The potential costs to the business GLOBAL RESEARCH & ANALYSIS TEAM procedures if it’s attacked KASPERSKY LAB • Establish an ‘attack response’ plan • Simple precautions that employees • Include a mechanism for updating can take in order to improve procedures – so they keep up with security the evolving nature of the threats • Your company’s security policy – • Set out a routine for regularly and what employees need to performing audits of your IT security do to meet its requirements provisions

18 19 Deploy a comprehensive IT • Data encryption Secure your virtual Combine security with security solution • Mobile security with mobile device environments systems management – for Anti-malware protection is vitally management (MDM) Some businesses hold onto the greater visibility and less important, but – on its own – it’s not mistaken belief that virtualised IT complexity enough. Choose a security solution The importance of mobile environments are much more secure. Consider a solution that combines that also includes the following security This isn’t the case. Because virtual security and a wide range of general security technologies: Today’s smartphones are much machines are running on physical IT systems management functions. more than just phones. They are servers, those physical servers are This can help you to gain greater • Vulnerability assessment powerful computers that can store still vulnerable to malware attacks. visibility of your network – and, if you • Patch management a lot of corporate information – and can see everything on your network, • Application controls – that also passwords – that could be valuable Clearly, virtual machines need to it will be easier to apply the include whitelisting and default to cyber-spies. So it’s important to be protected. However, in order to appropriate security measures. deny functionality protect mobile devices – including improve your return on investment, • Device controls – that help you to tablets and smartphones – just as it’s worth considering security manage which devices are allowed rigorously as you protect your IT solutions that include special to be connected to your systems/ systems. provisions for virtual environments. network For example, by choosing an • Web controls – that make it easy With the increased risk of theft or agentless security solution – to manage, restrict and audit loss, you could argue that mobile as opposed to a traditional, agent- access to web resources devices actually require even greater based security package – you’re • Zero-day defences levels of protection – in order to likely to be able to boost your server secure data on missing devices. consolidation ratios.

If your business has implemented a Bring Your Own Device (BYOD) Application Control – “Virtualisation is all about getting more out of your IT infrastructure. strategy, that can add to your mobile with Default Deny If you’re running conventional anti-malware software on your virtualised security burdens. With an almost servers, you could be wasting a lot of server processing power and storage limitless range of platforms and Default Deny provides an easy way capacity. models to protect, make sure your to manage which applications are security policy takes this into permitted to launch on your account. That could defeat the object of your virtualisation program – and significantly systems. • Anti-malware that combines reduce your return on investment.” signature-based protection plus Even if you don’t operate a formal Only software that is included on advanced proactive technologies BYOD policy, you need to be aware DAVID EMM your whitelist of safe applications • Real-time protection – by using that employees are still likely to bring SENIOR REGIONAL RESEARCHER will be allowed to launch – and GLOBAL RESEARCH & ANALYSIS TEAM the power of the cloud to deliver in their personal smartphones. KASPERSKY LAB all other software will be a faster response to new malware automatically blocked.

20 21 How Kaspersky Lab security technologies can computers. Even if you don’t opt in to The whitelist updates are delivered provide data to KSN, your business from the cloud-enabled Kaspersky will still benefit from this real-time Security Network, to ensure help protect your business inflow of threat data from the field. Kaspersky customers benefit from the latest whitelisting data. KSN helps to deliver a much more rapid response to new threats. In ZetaShield addition, it can also reduce the Kaspersky’s ZetaShield (Zero-Day With cybercriminals using (delivered via the cloud-enabled incidence of ‘false positives’ – to Exploit and Targeted Attack Shield) increasingly sophisticated methods Kaspersky Security Network), help your business to boost technology provides protection to launch cyberattacks, it’s vital Kaspersky solutions can regularly productivity. against unknown malware and that businesses choose a security synchronise data on Microsoft exploits – to defend against zero- solution that is capable of keeping hotfixes and updates – and then Application Control day and zero-hour attacks, plus up with the very latest threats. automatically distribute them Kaspersky’s Application Control advanced persistent threats (APTs). across your network. In addition, capabilities help you to manage how The combination of Kaspersky’s Innovative technologies that for many non-Microsoft applications, applications run on your corporate powerful antivirus engine and give you multi-layered information about patches can network. It’s easy to set up a Default innovative ZetaShield technology defences be downloaded directly from Allow policy – that blocks the launch significantly boosts the malware In addition to the company’s award- Kaspersky’s servers. of blacklisted applications but lets all detection rate – for an even higher winning anti-malware capabilities, other software run – or to apply a level of protection. Kaspersky continues to develop Automatic Exploit Prevention Default Deny policy that only allows innovative technologies that add (AEP) whitelisted applications to launch. Mobile security and MDM further layers of protection for Kaspersky’s Automatic Exploit Kaspersky’s mobile security businesses: Prevention technology guards Whitelisting Lab technologies deliver multi-layered against malware infections that can Kaspersky is the only security vendor security for mobile devices – Automatic vulnerability scanning arise from unpatched vulnerabilities that has invested in establishing including special features to protect and patch management within the operating systems – its own Whitelisting Lab. The lab data on lost or stolen devices. Many of Kaspersky’s security or applications – running on your is responsible for assessing the In addition, Kaspersky provides an solutions can automatically scan computers. security of commonly used array of mobile device management your corporate network to detect applications and it continually (MDM) functionality that helps the presence of unpatched Kaspersky Security Network issues updates for Kaspersky’s businesses to minimise the time vulnerabilities within operating Millions of members of Kaspersky’s whitelist database of applications they need to spend on managing systems or applications. global user community have that are safe to run. mobile endpoints. volunteered to provide the cloud- Working with the Microsoft WSUS based Kaspersky Security Network database, the Secunia Vulnerability (KSN) with data about suspicious Database and Kaspersky’s own activities and attempted malware unique database of vulnerabilities infections that occur on their

22 23 Security for virtualised A world-authority on “Established in 2008, Kaspersky Lab’s Global Research environments cybersecurity Kaspersky offers protection that has As a private company, Kaspersky & Analysis Team (GReAT) provides company leadership in been specially developed to meet the is totally independent. Although anti-malware and cyber-espionage research and innovation unique requirements of virtualised IT Kaspersky advises many government – both internally and externally. The team’s security analysts environments – including virtualised agencies, it has no political ties to are based around the world – with each analyst contributing servers, desktops and data centres. any governments. Kaspersky experts work closely with the global IT a unique set of skills and expertise to the research and design By delivering an agentless anti- security community – including of solutions to combat increasingly complex malware code. malware solution, Kaspersky Computer Emergency Response provides a more efficient way to Teams (CERTs) worldwide – and GReAT conducts incident response during malware-related protect virtualised infrastructure – undertake joint investigations of in order to preserve performance, cyber-espionage, cyber- scenarios. Key responsibilities include thought leadership in minimise impact on virtualisation and cyberwarfare threats. threat intelligence, driving and executing initiatives around density and increase overall return improving malware detection accuracy rates and efficiency, on investment. Get GReAT on your side The Global Research & Analysis as well as pre- and post-sales support of key customer Far-reaching systems Team (GReAT) is one of Kaspersky’s accounts with regard to malware intelligence expertise. management capabilities most important technological assets. By automating a vast range of regular With industry-leading security Over the last few years, GReAT’s combination of expertise, IT administration tasks, Kaspersky researchers around the globe, Systems Management gives GReAT is constantly analysing new passion and curiosity led to the discovery of several cyber- businesses improved visibility and cyberthreats and developing espionage campaigns, including , Gauss, Red October, control of their IT assets – while also protection. NetTraveler and Icefog.” freeing up time for IT administrators

to work on other tasks. COSTIN RAIU DIRECTOR, GLOBAL RESEARCH & ANALYSIS TEAM KASPERSKY LAB

24 25 “With the rise of advanced persistent threats (APTs), the global cyberthreat Independent awards and • Kaspersky Endpoint Security for landscape has been transformed – putting critical infrastructure, finance, achievements Windows was awarded highest , research institutes, military contractors and government Kaspersky is understandably proud prize in Enterprise Antivirus cyber network infrastructure at huge risk. of the number of awards and Protection April – June 2013 test accolades that have been bestowed by Dennis Technology Labs These threats are much more complex and stealthy than the average malware. upon its technologies: • The greatest number of gold and That’s why we continue to invest in GReAT – as a cutting-edge, elite group of platinum awards – across all cybersecurity experts.” • ‘Information Security Vendor of the testing categories – from the Year’ award – SC Magazine Awards third-party Anti-Malware Test Lab, EUGENE KASPERSKY CEO Europe 2013 since 2004 KASPERSKY LAB • ‘Information Security Team of the • More than 50 pass scores on the Year’ award – SC Magazine Awards rigorous VB100 testing regimen, Europe 2013 since 2000 • Excellence Award winner – • The Checkmark Platinum Product SC Magazine Awards 2013 Award from West Coast Labs • Product of the year – AV Comparatives 2011

KASPERSKY LAB PROVIDES BEST IN THE INDUSTRY PROTECTION*:

In 2012 Kaspersky Lab endpoint products 100% participated in 79 independent tests and reviews. Our products won the 1st place 27 times * Costin Raiu OP 3 places and 63 times (80%) of all tests we were in TOP3. Kaspersky Lab Notes: Director, Global Research & Analysis Team • According to summary result of 80% of T Score 1st places – 27 independent test in 2012 for corporate, Kaspersky Lab Participation in 79 consumer and mobile products tests/reviews • Summary includes tests conducted by Bitdefender TOP 3 = 80% the following independent test labs and 60% magazines: • Test labs: AV-Test, AV-Comparatives, Costin Raiu joined Kaspersky in 2000 and has led GReAT since 2010. He Symantec VB100, PC Security Labs, Matousec, Anti-Malware.ru, Dennis Technology specialises in analysing advanced persistent threats and high-level malware 40% G-Data Sophos F-Secure Labs attacks. Costin’s work includes analysing malicious websites, exploits and BullGuard Avira Avast • Magazines: CHIP Online, PC Advisor, Eset PC Magazine, TopTenREVIEWS, CNET, online banking malware. 20% PC Tools PCWorld, ComputerBild, PC-Welt McAfee Trend Micro Webroot Microsoft • The size of the bubble is number of Panda AVG 1st places

GFI No. of independent tests/reviews With over 19 years of experience in antivirus technologies and security 0 20 40 60 80 research, Costin is a member of the Virus Bulletin Technical Advisory Board, a member of the Computer Antivirus Researchers’ (CARO) and a reporter for the WildList Organization International. Prior to joining Kaspersky, Costin worked for GeCad as Chief Researcher and as a Data Security Expert ‘In 2012 Kaspersky Lab products participated in 79 independent tests and with the RAV antivirus developers group. reviews. Our products were awarded 27 firsts and received 63 top-three finishes’

26 27 APPENDIX 1 AN OVERVIEW OF SOME

systems, mobile phones and NetTraveler has been active since SIGNIFICANT CYBERTHREATS enterprise networks. The attacks 2004 and has targeted Tibetan/ include exploits that use security Uyghur activists, oil industry vulnerabilities within Microsoft Office companies, scientific research and Microsoft Excel. centres and institutes, universities, private companies, governments and NetTraveler government institutions, embassies This is a cyber-espionage campaign and military contractors. Cyber-espionage threats distribute patches across their IT that has successfully compromised infrastructure. It is believed that the more than 350 high profile victims Shamoon Icefog attackers are cyber-mercenaries -in 40 countries. The main tool used When a computer becomes infected This is an advanced persistent that are paid to launch attacks. by the cybercriminals during these with Shamoon, the virus can exploit threat (APT) that started in 2011 attacks is NetTraveler, a malicious the presence of shared hard drives and has been targeting industrial Kimsuky programme used for covert computer in order to spread to other computers businesses as well as government A group of North Korean hackers is . It is designed to steal on the target organisation’s network. institutions and military contractors. suspected of launching the Kimsuky sensitive data, log keystrokes and In addition to sending data to the Most of the targets are in Japan or cyber-espionage campaign in retrieve file system listings and perpetrator of the attack, Shamoon South Korea – but are causing order to steal defence and security various Office or PDF documents. also deletes files on the victim’s supply chain issues for global data from South Korean targets. computers. companies. The attackers appear Kaspersky Lab researchers to be targeting telecoms operators, discovered the campaign that satellite operators, mass media uses spear-phishing techniques and television services – as well to steal users’ passwords and other Data wiped from major oil producer’s computers as military, shipbuilding/maritime information. The hackers also take operations, computer and software control of the infected computers. A Shamoon attack is believed to have destroyed data on 30,000 of Saudi development, plus research Aramco’s computers. companies. Red October Dating back as far as 2007, Operation Regardless of whether your company has 10 or 10,000 computers… if they all Typically, spear-phishing emails are Red October continued to be active suffered data loss, could your business recover? used to deliver malware that exploits into 2013. This advanced cyber- vulnerabilities within commonly used espionage campaign targets applications – such as Java and diplomatic and government Microsoft Office. Even though the institutions across the world. It has vulnerabilities are well known and also targeted research institutions, oil patches are readily available, the and gas companies, plus other cybercriminals are relying on the fact commercial organisations. Red that many victims can be slow to October steals data from computer

28 29 Threats that are believed to be However, despite its original Flame (approximate number Gauss (approximate number supported by nation states – objective, Stuxnet propagated in a of victims: 5,000 – 6,000) of victims: 10,000) including cyberwarfare, way that was unstable and led to the Flame intercepts Microsoft Windows Implemented by the same group that cyber-sabotage and cyber- infection of hundreds of thousands update requests and substitutes created the Flame platform, Gauss espionage of PCs at thousands of different them with its own malware module. is a cyber-espionage programme organisations. The module includes a fake Microsoft that has been active since 2011. It Stuxnet (approximate number certificate that has been generated includes modules that can perform of victims: over 300,000) Duqu (approximate number of by cybercriminals. a variety of malicious acts, including: Often regarded as an example of victims: 50 – 60) cyberwarfare, Stuxnet was the first This sophisticated Trojan has been Active since 2008, Flame can • Intercepting cookie files and malicious programme that targeted active since 2007. It was built from analyse its victim’s network traffic, passwords in the victim’s web industrial control systems. The the same attack platform as Stuxnet. capture screenshots from their browser objective behind Stuxnet was to After Duqu has infected a computer, computers, record voice • Infecting USB storage devices – disrupt and sabotage operations it downloads additional components communications and log to steal data at a nuclear facility – by taking in order to steal sensitive users’ keystrokes. • Intercepting account data for email control of the operation of uranium information. It also has the ability to systems and social networking enrichment centrifuges. To date, destroy all traces of its own activity. websites it is the only malware item that is known to have caused physical Gauss has been used to gain access damage to industrial systems. to banking systems in the Middle East.

Stuxnet infects oil giant

In October 2012, Chevron – a global giant in the oil industry – was the first US-based business to report that it had been infected by Stuxnet.

30 31 a cyber-glossary

Cybersecurity – measures taken Cyber-weapons – are items of to defend IT systems and devices malware (malicious software) that against cyberattacks. have been developed to harm others. Cyber-weapons are used to perform Cyberspace – the intangible area or cyber-espionage and cyber-sabotage environment within which computer attacks. Unlike conventional networks all over the world weapons, cyber-weapons are communicate with each other. easy to clone and reprogramme. Cyberattack – an attack carried out Cyber-espionage – the act of spying by a hacker or criminal against a and illicitly accessing information via Cyberterrorist – individuals or Hacktivists – despite the absence computer, smartphone, tablet or IT systems and/or the Internet. groups that may be state-backed or of ‘cyber’ in their title, these hacker- IT network. operate as part of an independent activists deserve a mention in our Cyber-hooligan – an individual that terrorist organisation, in order to glossary. Hacktivists are computer Cybercrime – refers to a vast array of develops malware and launches launch cyberattacks. hackers that have aligned illegal activities that are implemented attacks for fun. Prevalent during the themselves with a specific protest via IT systems, including mobile 1980s and 1990s, cyber-hooligans Cyberwar/Cyberwarfare – both organisation or group of activists. devices. are no longer common. Instead, terms refer to cyberattacks that Their activities can be similar to cybercriminals and cyberterrorists are carried out by nation states those of cyberterrorists or cyber- Cybercriminal – an individual that are a much more significant threat. against other nation states. saboteurs. undertakes criminal activities via Typically, cyberwarfare will seek to IT systems and/or mobile devices. Cyber-mercenaries – are effectively damage state-owned infrastructure Cybercriminals can range from ‘hackers for hire’. In much the same or cause damage by stealing individual, opportunistic criminals, way that ‘professional combat sensitive data – rather than trying through to highly-skilled and personnel’ may offer their services to steal money. Common targets professional groups of computer to the highest-bidder nation during a will include military facilities and hackers. Cybercriminals may conventional war, cyber-mercenaries critical infrastructure, such as specialise in: are cybercriminals and hackers that transport networks, air traffic • Developing malware and selling sell their services to others – control services, power distribution it to others that go on to launch including nation states or other grids, telecommunications, the attacks organisations. food chain… and more. • Harvesting data – such as credit card numbers – and selling it to Cyber-sabotage – activities carried other criminals… or may undertake out by cyber-saboteurs in order to every stage of an attack, from disrupt legitimate processes or developing the malware to stealing businesses. money from the victim.

32 33 ABOUT KASPERSKY

Kaspersky Lab is one of the fastest growing IT security vendors worldwide, and is firmly positioned as one of the world’s top four leading security companies. An international group operating in almost 200 countries and territories worldwide, we provide protection for over 300 million users and over 200,000 corporate clients, ranging from small and medium-sized businesses all the way up to large governmental and commercial organisations.

We provide advanced, integrated security solutions that give businesses an unparalleled ability to control application, web and device usage: you set the rules and our solutions help manage them.

Find out at more at kaspersky.com/business

© 2013 Kaspersky Lab ZAO. All rights reserved. Registered trademarks and service marks are the property of their respective owners. Mac and Mac OS are registered trademarks of Apple Inc. Cisco is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. IBM, Lotus, Notes and Domino are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Microsoft, Windows, Windows Server and Forefront are registered trademarks of Microsoft Corporation in the and other countries. Android™ is a trademark of Google, Inc. The Trademark BlackBerry is owned by Research In Motion Limited and is registered in the United States and may be pending or registered in other countries.

34