DOCSLIB.ORG

What You Should Know About Kaspersky

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

What you should know Proven. Transparent. about Kaspersky Lab Independent. Fighting for your digital freedom Your data and privacy are under attack by cybercriminals and spy agencies, so you need a partner who is not afraid of standing beside you to protect what matters to you most. For over 20 years, Kaspersky Lab has been catching all kinds of cyberthreats. No matter whether they come from script kiddies, cybercriminals or governments, or from the north, south, east or west. We believe the online world should be free from attack and state-sponsored espionage, and will continue fighting for a truly free and safe digital world. Proven Transparent Independent Kaspersky Lab routinely scores the highest We are totally transparent and are making As a private company, we are independent marks in independent ratings and surveys. it even easier to understand what we do: from short term business considerations and institutional influence. • Measured alongside more than 100 other • Independent review of the company’s well-known vendors in the industry source code, software updates and We share our expertise, knowledge • 72 first places in 86 tests in 2017 threat detection rules and technical findings with the world’s • Top 3 ranking* in 91% of all product tests • Independent review of internal security community, IT security vendors, • In 2017, Kaspersky Lab received processes international organizations, and law Platinum Status for Gartner’s Peer • Three transparency centers by 2020 enforcement agencies. Insight** Customer Choice Award 2017, • Increased bug bounty rewards with up in the Endpoint Protection Platforms to $100K per discovered vulnerability Our research team is spread across the market world and includes some of the most renowned security experts in the world. Our Global Research and Analysis Team We detect and neutralize all forms of has been actively involved in the discovery advanced APTs, regardless of their origin and disclosure of some of the most or purpose. * www.kaspersky.com/top3 prominent malware attacks with links to ** https://www.gartner.com/reviews/customer- governments and state organizations. choice-awards/endpoint-protection-platforms 3 About Kaspersky Lab We are one of the world’s largest We operate in Kaspersky Lab is a global cybersecurity privately-owned cybersecurity 200 countries and company which has been operating in the companies. territories market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and have and services to protect businesses, 35 offices in critical infrastructure, governments 31 countries. and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized Over 4,000 highly- security solutions and services to fight qualified specialists work sophisticated and evolving digital threats. for Kaspersky Lab. We pride ourselves on developing world- leading security that keeps us – and every one of our 400 million users protected by our technologies, As a private company, Kaspersky Lab does not have ties to any government, and the company has never helped, nor will help, and 270,000 corporate any government in the world in its clients – one step ahead cyberespionage efforts. of potential threats. 4 5 Our Global Transparency Initiative Kaspersky Lab is committed to protecting 3. Development of additional controls to customers from cyberthreats, regardless govern the company’s data processing of their origin or purpose. The company’s practices in coordination with an Global Transparency Initiative is aimed independent party that can attest at engaging the broader information to the company’s compliance with security community and other said controls; stakeholders in validating and verifying Eugene Kaspersky, the trustworthiness of its products, 4. Formation of three Transparency CEO, Kaspersky Lab internal processes, and business Centers globally, with plans to operations. It also introduces additional establish the first one in 2018, to accountability mechanisms by which the address any security issues together « Internet balkanization benefits company can further demonstrate that with customers, trusted partners and no one except cybercriminals. it addresses any security issues promptly government stakeholders; the centers Reduced cooperation among and thoroughly. will serve as a facility for trusted partners to access reviews on the countries helps the bad guys The initial phase of Kaspersky Lab’s company’s code, software updates, in their operations, and public- Global Transparency Initiative will include: and threat detection rules, along with private partnerships don’t other activities. The Transparency work like they should. We need 1. Initiating an independent review of Centers will open by 2020; the company’s source code with to reestablish trust in relationships similar reviews of the company’s 5. Increasing bug bounty awards up between companies, software updates and threat detection to $100,000 for the most severe governments and citizens». rules to follow; vulnerabilities found under Kaspersky Lab’s Coordinated Vulnerability 2. Commencing an independent Disclosure program, to further assessment of (i) the company’s secure incentivize independent security development lifecycle processes, and researchers to supplement the (ii) its software and supply chain risk company’s vulnerability detection and mitigation strategies; mitigation efforts. 6 Our Global Transparency Initiative: Kaspersky Lab moves core infrastructure to Switzerland As part of its Global Transparency This includes customer data storage and To ensure full transparency and integrity, Initiative, Kaspersky Lab is adapting its processing, as well as software assembly, Kaspersky Lab is arranging for this activity infrastructure to move a number of core including threat detection updates. to be supervised by an independent third processes from Russia to Switzerland. party, also based in Switzerland. Customer data Software Opening storage and processing assembly Transparency center Information received from users of Relocation of assembly line of Kaspersky By the end of 2018, a facility for trusted Kaspersky Lab products in Europe, to be Lab products and threat detection rule partners and government stakeholders to followed by other countries including the databases (AV databases) to Switzerland, review the company’s code, software U.S., Canada, Australia, Japan, South Korea where they will also be signed with a updates and threat detection rules. and Singapore, will be processed and digital signature before delivery to the The Transparency Centers will stored on Swiss servers. endpoints of clients around the world. open by 2020. Switzerland Independent supervision and review Long and famous history of neutrality Robust approach to data protection legislation All processes to be independently supervised by a third-party organization qualified to conduct technical software reviews 7 Kaspersky Lab’s principles for fighting cyberthreats Kaspersky Lab is determined to detect The following list of threats, as reported and neutralize all forms of malicious by Kaspersky Lab’s GReAT team, shows programs, regardless of their origin the different languages used in each or purpose. It does not matter which threat: language the threat “speaks”: Russian, Chinese, Spanish, German, or English. • Russian language: Moonlight Maze, The company’s experts have published RedOctober, CloudAtlas, Miniduke, at least 17 reports about APT attacks CosmicDuke, Epic Turla, Penquin with Russian-language included in the Turla, Turla, Black Energy, Agent.BTZ, code. This is more than any other U.S.- Teamspy, Sofacy (aka Fancy Bear, based company. APT28), CozyDuke • English language: Regin, Equation, PPI RO NG D Duqu 2.0, Lamberts, ProjectSauron E L T C EPHAN METEL GMAN • Chinese language: IceFog, SabPub, Nettraveler, Spring Dragon, OJEC PR T Blue Termite L S • Spanish language: Careto/Mask, AZARUS AURON DAN TI El Machete RATIO BLUE XPETR One of Kaspersky Lab’s most PE N E O • Korean language: Darkhotel, Kimsuky, important assets in fighting N Lazarus cybercrime is its Global Research & G N HOUL OROFF Analysis Team (GReAT), comprising • French language: Animal Farm top security researchers from all over the world – Europe, Russia, the • Arabic language: Desert Falcons, Americas, Asia, and the Middle East. Stonedrill and Shamoon 8 Advanced Persistent Threat Landscape in 2017 According to Kaspersky Lab’s GReAT team, in 2017 the top target for APTs were governments; and the most significant threat actor was Lazarus. Top 10 targets: Top 10 targeted countries: Government USA Saudi Germany Turkey Iran Russia China Taiwan Education Arabia Financial institutions Military Diplomatic Energy IT companies Telecommunications Japan Political parties Military contractors South Korea Top 10 significant actors: 1 Lazarus 6 Turla 2 Sofacy 7 Axiom 3 Lamberts 8 Dropping 4 BlueNoro Elephant (part of Lazarus) 9 FinFisher 5 Equation group 10 DustSquad 9 10 Principles for the processing of user data Respecting and protecting people’s privacy is a fundamental principle of What is Kaspersky Security • The information is used in the form Kaspersky Lab’s approach to processing Network? of aggregated statistics; users’ data. The data that is processed is crucial for identifying new and as yet Kaspersky Security Network (KSN) • Logins and passwords are filtered unknown threats – such as WannaCry is one
Recommended publications
  • Kaspersky Lab, Inc. V. United States, No

    Kaspersky Lab, Inc. V. United States, No

    United States Court of Appeals FOR THE DISTRICT OF COLUMBIA CIRCUIT Argued September 14, 2018 Decided November 30, 2018 No. 18-5176 KASPERSKY LAB, INC. AND KASPERSKY LABS LIMITED, APPELLANTS v. UNITED STATES DEPARTMENT OF HOMELAND SECURITY AND KIRSTJEN M. NIELSEN, IN HER OFFICIAL CAPACITY AS SECRETARY OF HOMELAND SECURITY, APPELLEES Consolidated with 18-5177 Appeals from the United States District Court for the District of Columbia (No. 1:17-cv-02697) (No. 1:18-cv-00325) Scott H. Christensen argued the cause for appellants. With him on the briefs were Ryan P. Fayhee and Stephen R. Halpin III. Lewis S. Yelin, Attorney, U.S. Department of Justice, argued the cause for appellees. With him on the brief was H. Thomas Byron, III. 2 Before: TATEL, Circuit Judge, and EDWARDS and GINSBURG, Senior Circuit Judges. Opinion for the Court filed by Circuit Judge TATEL. TATEL, Circuit Judge: Kaspersky Lab is a Russian-based cybersecurity company that provides products and services to customers around the world. Recently, however, Kaspersky lost an important client: the United States government. In September 2017, based on concerns that the Russian government could exploit Kaspersky’s access to federal computers for ill, the Acting Secretary of Homeland Security directed federal agencies to remove the company’s products from government information systems. And a few months later, Congress broadened and codified that prohibition in the National Defense Authorization Act. Kaspersky sued, arguing that the prohibition constitutes an impermissible legislative punishment—what the Constitution calls a bill of attainder. The government responded that the prohibition is not a punishment but a prophylaxis necessary to protect federal computer systems from Russian cyber-threats.
  • A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics

    A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics

    UNIVERSIDAD POLITECNICA´ DE MADRID ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics PH.D THESIS Platon Pantelis Kotzias Copyright c 2019 by Platon Pantelis Kotzias iv DEPARTAMENTAMENTO DE LENGUAJES Y SISTEMAS INFORMATICOS´ E INGENIERIA DE SOFTWARE ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF: Doctor of Philosophy in Software, Systems and Computing Author: Platon Pantelis Kotzias Advisor: Dr. Juan Caballero April 2019 Chair/Presidente: Marc Dasier, Professor and Department Head, EURECOM, France Secretary/Secretario: Dario Fiore, Assistant Research Professor, IMDEA Software Institute, Spain Member/Vocal: Narseo Vallina-Rodriguez, Assistant Research Professor, IMDEA Networks Institute, Spain Member/Vocal: Juan Tapiador, Associate Professor, Universidad Carlos III, Spain Member/Vocal: Igor Santos, Associate Research Professor, Universidad de Deusto, Spain Abstract of the Dissertation Potentially unwanted programs (PUP) are a category of undesirable software that, while not outright malicious, can pose significant risks to users’ security and privacy. There exist indications that PUP prominence has quickly increased over the last years, but the prevalence of PUP on both consumer and enterprise hosts remains unknown. Moreover, many important aspects of PUP such as distribution vectors, code signing abuse, and economics also remain unknown. In this thesis, we empirically and sys- tematically analyze in both breadth and depth PUP abuse, prevalence, distribution, and economics. We make the following four contributions. First, we perform a systematic study on the abuse of Windows Authenticode code signing by PUP and malware.
  • Last Summer, the World's Top Software-Security Experts Were

    Last Summer, the World's Top Software-Security Experts Were

    A DeclarationLast summer, the world’s top software-security experts were of Cyber-War panicked by the discovery of a drone-like computer virus, radically different from and far more sophisticated than any they’d seen. The race was on to figure out its payload, its purpose, and who was behind it. As the world now knows, the Stuxnet worm appears to have attacked Iran’s nuclear program. And, as MICHAEL JOSEPH GROSS reports, while its source remains something of a mystery, Stuxnet is the new face of 21st-century war: invisible, anonymous, and devastating 152 VANITY FAIR PHOTOGRAPHS BY JONAS FREDWALL KARLSSON APRIL 2011 A DeclarationLast summer, the world’s top software-security experts were of Cyber-War panicked by the discovery of a drone-like computer virus, radically different from and far more sophisticated than any they’d seen. The race was on to figure out its payload, its purpose, and who was behind it. As the world now knows, the Stuxnet worm appears to have attacked Iran’s nuclear program. And, as MICHAEL JOSEPH GROSS reports, while its source remains something of a mystery, Stuxnet is the new face of 21st-century war: invisible, anonymous, and devastating GAME OF SHADOWS Eugene Kaspersky, co-founder and C.E.O. of Kaspersky Lab— a Moscow-based computer-security company and an early investigator of Stuxnet—photographed on the Bolshoy Moskvoretsky Bridge, FOR DETAILS, GO TO VF.COM/CREDITS near the Kremlin. APRIL 2011 153 “PERSON OF INTEREST” Computer-security researcher Frank Rieger, one of the !rst to study the Stuxnet worm closely, at Berlin’s Chaos computer Club.
  • NAVIGATING the CYBERSECURITY STORM

    NAVIGATING the CYBERSECURITY STORM

    NAVIGATING the CYBERSECURITY STORM A Guide for Directors and Officers BY PAUL A. FERRILLO EDITED BY BILL BROWN published by sponsored by sponsored by 1 © 2015 by Paul A. Ferrillo. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any other information storage or retrieval system without prior written permission. To use the information contained in this book for a greater purpose or application, contact Paul A. Ferrillo via [email protected] 2 Is your company protected from the Internet of RiskSM? With CyberEdge® cyber insurance solutions you can enjoy the Business Opportunity of Things. 20 billion objects are connected to the Internet, what everyone is calling the Internet of Things. This hyperconnectivity opens the door both to the future of things, and to greater network vulnerabilities. CyberEdge end-to-end cyber risk management solutions are designed to protect your company from this new level of risk. So that you can turn the Internet of Things into the next big business opportunity. To learn more and download the free CyberEdge Mobile App, visit www.AIG.com/CyberEdge Insurance, products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Insurance and services may not be available in all jurisdictions, and coverage is subject to actual policy language. For additional information, please visit our website at www.AIG.com. ABOUT PAUL A. FERRILLO Paul Ferrillo is counsel in Weil’s Litigation Department, where he focuses on complex securities and business litigation, and internal investigations.
  • What You Should Know About Kaspersky 3 About Kaspersky

    What You Should Know About Kaspersky 3 About Kaspersky

    What You Should Know Proven. Transparent. About Kaspersky Independent. Fighting for Your Digital Freedom Your data and privacy are under attack by cybercriminals and spy agencies, so you need a partner who is not afraid of standing beside you to protect what matters to you most. For over 20 years, Kaspersky has been catching all kinds of cyberthreats. No matter whether they come from script kiddies, cybercriminals or governments, or from the north, south, east or west. We believe the online world should be free from attack and state-sponsored espionage, and will continue fighting for a truly free and safe digital world. Proven Transparent We share our expertise, knowledge and technical findings with the world’s Kaspersky routinely scores the highest We are totally transparent and are making security community, IT security vendors, marks in independent ratings and surveys. it even easier to understand what we do: international organizations and law • Measured alongside more than 100 other • Independent review of the company’s enforcement agencies. well-known vendors in the industry source code, software updates and threat Our research team is spread across the • 73 first places in 88 tests in 2018 detection rules world and includes some of the most • Independent review of internal processes • Top 3 ranking* in 91% of all product tests renowned security experts in the world. • In 2017 and 2018, Kaspersky received • Three transparency centers by 2020 We detect and neutralize all forms of Platinum Status for Gartner’s Peer • Increased bug bounty rewards with up to advanced APTs, regardless of their origin Insight** Customer Choice Award 2017, in $100K per discovered vulnerability or purpose.
  • 1 United States District Court for the District Of

    1 United States District Court for the District Of

    Case 1:17-cv-02697-CKK Document 26 Filed 05/30/18 Page 1 of 55 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA KASPERSKY LAB, INC., et al., Plaintiffs v. Civil Action No. 17-2697 (CKK) UNITED STATES DEPARTMENT OF HOMELAND SECURITY, et al., Defendants KASPERSKY LAB, INC., et al., Plaintiffs v. Civil Action No. 18-325 (CKK) UNITED STATES OF AMERICA, Defendant MEMORANDUM OPINION (May 30, 2018) The United States government’s networks and computer systems are extremely important strategic national assets. Threats to these systems are constantly expanding and evolving. Their security depends on the government’s ability to act swiftly against perceived threats and to take preventive action to minimize vulnerabilities. These defensive actions may very well have adverse consequences for some third-parties. But that does not make them unconstitutional. Plaintiffs in the two lawsuits discussed in this Opinion represent Kaspersky Lab, a large multinational cybersecurity company headquartered in Russia. At least until 2017, Kaspersky Lab’s cybersecurity products were used to defend the networks and computer systems of a number of United States federal government agencies. Amid growing concerns in early 2017 about malicious Russian cyber activity against the United States, government officials and members of Congress began asking questions, and voicing concerns, about the presence of these products on government systems. These concerns were based on the risk that the use of 1 Case 1:17-cv-02697-CKK Document 26 Filed 05/30/18 Page 2 of 55 Kaspersky Lab products to defend United States government computer systems could be exploited by Russia, either with or without Kaspersky Lab’s consent, cooperation, or knowledge.
  • What You Should Know

    What You Should Know

    Kaspersky For Business What You Should Know About Kaspersky Lab Kaspersky Lab is a private, international company that operates in almost 200 countries and territories, protecting over 400 million people and 270,000 companies worldwide. The company has R&D centers and anti-malware experts around the world, including the United States, Europe, Japan, Israel, China, Russia and Latin America. More than 80 percent of its sales and operations are outside of Russia. The company’s North American headquarters is located in Woburn, Massachusetts. Kaspersky Lab employs more than 300 people in North America, including cyber experts from the company’s renowned Global Research and Analysis Team (GReAT). With more than 20 years of experience, Kaspersky Lab is the world’s largest privately owned cybersecurity company, and it consistently ranks among the world’s top four vendors of security solutions for endpoint users (IDC, 2017).1 In addition to leading endpoint protection, the company’s comprehensive security portfolio includes a number of specialized solutions and services to fight sophisticated and evolving digital threats. 1. IDC, Worldwide Endpoint Security Market Shares, 2016: Competition Gets Fierce, # US42553717, May 2017 2 What You Should Know Kaspersky Lab Principles for Fighting Cyberthreats As an IT security company, Kaspersky Lab is determined to detect and neutralize all forms of malicious programs, regardless of their origin or purpose. One of Kaspersky Lab’s most important assets in fighting cybercrime is its Global Research & Analysis Team (GReAT), comprised of elite security researchers located in every major region across the world. The company’s research team is actively involved in the discovery and disclosure of a significant proportion of the world’s major malware attacks.
  • Symantec Corporate Template

    Symantec Corporate Template

    Security Threat Intelligence & Response Deepak Maheshwari Head – Government Affairs, India Region Combo, Sri Lanka March 26, 2015 Council of Europe – International Conference on Assessing the Threat of Cybercrime 1 Symantec Security Response – Major Investigations ESPIONAGE: TURLA (2014) ESPIONAGE: REGIN (2014) A campaign which has A complex and stealthy systematically targeted the spying tool used for mass governments and surveillance and embassies of former intelligence gathering by Eastern nation states. Bloc countries MASS SURVEILLENCE, TARGETS GOVERNMENT EMBASSIES TARGETS COMMUNICATIONS METHODS SPEAR PHISHING, SOCIAL ENGINEERING, WATER HOLE METHODS WATER HOLE SABOTAGE: STUXNET (2010) FINANCIAL FRAUD: PLOUTUS (2013) The first computer Criminals compromising software threat that was ATMs with customer used as a cyber-weapon. Trojan and mobile Targeted nuclear facility in phone. Can command Iran. Used multiple zero- day exploits. ATM to issue cash using SMS. TARGETS NUCLEAR FACILITY TARGETS BANKS ZERO-DAY EXPLOITS, PHYSICAL ACCESS METHODS SUPPLY CHAIN METHODS Council of Europe – International Conference on Assessing the Threat of Cybercrime 2 Symantec Security Response – Leaders in Protection & Intelligence GLOBAL REACH WEB REQUESTS THREAT INTELLIGENCE ROUND THE CLOCK 24 x 7 x 365 100s OF 7 SITES, 13 BILLION DAILY INVESTIGATIONS MALWARE DETECTION IPS PROTECTION EMAIL PROTECTION > 31M SIGNATURES > 2M BLOCKED DAILY > 1.7B BLOCKED DAILY SOME OF LANDMARK INVESTIGATIONS STUXNET REGIN DRAGONFLY TURLA HIDDEN LYNX RAMNIT NITRO PLOUTUS ATM 3
  • Bilan Cert-IST 2013

    Bilan Cert-IST 2013

    Cert-IST annual review for 2014 regarding flaws and attacks 1) Introduction ..................................................................................................................................... 1 2) Most significant events of 2014 ...................................................................................................... 2 2.1 More sophisticated attacks that modify the risk level .............................................................. 2 2.2 Many attacks targeting cryptography ...................................................................................... 4 2.3 Cyber-spying: governments at the cutting edge of cyber attacks ........................................... 6 2.4 Flourishing frauds .................................................................................................................... 7 3) Vulnerabilities and attacks seen in 2014 ........................................................................................ 9 3.1 Figures about Cert-IST 2014 production ................................................................................. 9 3.2 Alerts and Potential Dangers released by the Cert-IST ........................................................ 11 3.3 Zoom on some flaws and attacks .......................................................................................... 12 4) Conclusions .................................................................................................................................. 15 1) Introduction Each year, the Cert-IST makes
  • Cyber Threats Facing America: an Overview of the Cybersecurity Threat Landscape

    Cyber Threats Facing America: an Overview of the Cybersecurity Threat Landscape

    S. Hrg. 115–298 CYBER THREATS FACING AMERICA: AN OVERVIEW OF THE CYBERSECURITY THREAT LANDSCAPE HEARING BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE ONE HUNDRED FIFTEENTH CONGRESS FIRST SESSION MAY 10, 2017 Available via the World Wide Web: http://www.fdsys.gov/ Printed for the use of the Committee on Homeland Security and Governmental Affairs ( U.S. GOVERNMENT PUBLISHING OFFICE 27–390 PDF WASHINGTON : 2018 COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS RON JOHNSON, Wisconsin, Chairman JOHN MCCAIN, Arizona CLAIRE MCCASKILL, Missouri ROB PORTMAN, Ohio THOMAS R. CARPER, Delaware RAND PAUL, Kentucky JON TESTER, Montana JAMES LANKFORD, Oklahoma HEIDI HEITKAMP, North Dakota MICHAEL B. ENZI, Wyoming GARY C. PETERS, Michigan JOHN HOEVEN, North Dakota MAGGIE HASSAN, New Hampshire STEVE DAINES, Montana KAMALA D. HARRIS, California CHRISTOPHER R. HIXON, Staff Director GABRIELLE D’ADAMO SINGER, Chief Counsel COLLEEN BERNY, Professional Staff Member MARGARET E. DAUM, Minority Staff Director JULIE KLEIN, Minority Professional Staff Member LAURA W. KILBRIDE, Chief Clerk BONNI DINERSTEIN, Hearing Clerk (II) C O N T E N T S Opening statements: Page Senator Johnson ............................................................................................... 1 Senator McCaskill ............................................................................................ 2 Senator Lankford .............................................................................................. 15 Senator Daines
  • Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’S College London, UK Published Online: 23 Dec 2014

    Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’S College London, UK Published Online: 23 Dec 2014

    This article was downloaded by: [Columbia University] On: 08 June 2015, At: 08:43 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Strategic Studies Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/fjss20 Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’s College London, UK Published online: 23 Dec 2014. Click for updates To cite this article: Thomas Rid & Ben Buchanan (2015) Attributing Cyber Attacks, Journal of Strategic Studies, 38:1-2, 4-37, DOI: 10.1080/01402390.2014.977382 To link to this article: http://dx.doi.org/10.1080/01402390.2014.977382 PLEASE SCROLL DOWN FOR ARTICLE Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and should be independently verified with primary sources of information. Taylor and Francis shall not be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of the Content.
  • Regin Platform Nation-State Ownage of Gsm Networks

    Regin Platform Nation-State Ownage of Gsm Networks

    THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS Kaspersky Lab Report Version 1.0 24 November 2014 2 Contents Introduction, history ..................................................................................................................................................... 3 Initial compromise and lateral movement .................................................................................................................. 3 The Regin platform ....................................................................................................................................................... 4 Stage 1 – 32/64 bit ............................................................................................................................................... 4 Stage 2 – loader – 32-bit ...................................................................................................................................... 7 Stage 2 – loader – 64-bit ...................................................................................................................................... 8 Stage 3 – 32-bit – kernel mode manager “VMEM.sys” ....................................................................................... 8 Stage 3 – 64-bit ...................................................................................................................................................... 9 Stage 4 (32-bit) / 3 (64-bit) – dispatcher module, ‘disp.dll’ ...............................................................................