What you should know Proven. Transparent. about Kaspersky Lab Independent. Fighting for your digital freedom Your data and privacy are under attack by cybercriminals and spy agencies, so you need a partner who is not afraid of standing beside you to protect what matters to you most. For over 20 years, Kaspersky Lab has been catching all kinds of cyberthreats. No matter whether they come from script kiddies, cybercriminals or governments, or from the north, south, east or west. We believe the online world should be free from attack and state-sponsored espionage, and will continue fighting for a truly free and safe digital world. Proven Transparent Independent Kaspersky Lab routinely scores the highest We are totally transparent and are making As a private company, we are independent marks in independent ratings and surveys. it even easier to understand what we do: from short term business considerations and institutional influence. • Measured alongside more than 100 other • Independent review of the company’s well-known vendors in the industry source code, software updates and We share our expertise, knowledge • 72 first places in 86 tests in 2017 threat detection rules and technical findings with the world’s • Top 3 ranking* in 91% of all product tests • Independent review of internal security community, IT security vendors, • In 2017, Kaspersky Lab received processes international organizations, and law Platinum Status for Gartner’s Peer • Three transparency centers by 2020 enforcement agencies. Insight** Customer Choice Award 2017, • Increased bug bounty rewards with up in the Endpoint Protection Platforms to $100K per discovered vulnerability Our research team is spread across the market world and includes some of the most renowned security experts in the world. Our Global Research and Analysis Team We detect and neutralize all forms of has been actively involved in the discovery advanced APTs, regardless of their origin and disclosure of some of the most or purpose. * www.kaspersky.com/top3 prominent malware attacks with links to ** https://www.gartner.com/reviews/customer- governments and state organizations. choice-awards/endpoint-protection-platforms 3 About Kaspersky Lab We are one of the world’s largest We operate in Kaspersky Lab is a global cybersecurity privately-owned cybersecurity 200 countries and company which has been operating in the companies. territories market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and have and services to protect businesses, 35 offices in critical infrastructure, governments 31 countries. and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized Over 4,000 highly- security solutions and services to fight qualified specialists work sophisticated and evolving digital threats. for Kaspersky Lab. We pride ourselves on developing world- leading security that keeps us – and every one of our 400 million users protected by our technologies, As a private company, Kaspersky Lab does not have ties to any government, and the company has never helped, nor will help, and 270,000 corporate any government in the world in its clients – one step ahead cyberespionage efforts. of potential threats. 4 5 Our Global Transparency Initiative Kaspersky Lab is committed to protecting 3. Development of additional controls to customers from cyberthreats, regardless govern the company’s data processing of their origin or purpose. The company’s practices in coordination with an Global Transparency Initiative is aimed independent party that can attest at engaging the broader information to the company’s compliance with security community and other said controls; stakeholders in validating and verifying Eugene Kaspersky, the trustworthiness of its products, 4. Formation of three Transparency CEO, Kaspersky Lab internal processes, and business Centers globally, with plans to operations. It also introduces additional establish the first one in 2018, to accountability mechanisms by which the address any security issues together « Internet balkanization benefits company can further demonstrate that with customers, trusted partners and no one except cybercriminals. it addresses any security issues promptly government stakeholders; the centers Reduced cooperation among and thoroughly. will serve as a facility for trusted partners to access reviews on the countries helps the bad guys The initial phase of Kaspersky Lab’s company’s code, software updates, in their operations, and public- Global Transparency Initiative will include: and threat detection rules, along with private partnerships don’t other activities. The Transparency work like they should. We need 1. Initiating an independent review of Centers will open by 2020; the company’s source code with to reestablish trust in relationships similar reviews of the company’s 5. Increasing bug bounty awards up between companies, software updates and threat detection to $100,000 for the most severe governments and citizens». rules to follow; vulnerabilities found under Kaspersky Lab’s Coordinated Vulnerability 2. Commencing an independent Disclosure program, to further assessment of (i) the company’s secure incentivize independent security development lifecycle processes, and researchers to supplement the (ii) its software and supply chain risk company’s vulnerability detection and mitigation strategies; mitigation efforts. 6 Our Global Transparency Initiative: Kaspersky Lab moves core infrastructure to Switzerland As part of its Global Transparency This includes customer data storage and To ensure full transparency and integrity, Initiative, Kaspersky Lab is adapting its processing, as well as software assembly, Kaspersky Lab is arranging for this activity infrastructure to move a number of core including threat detection updates. to be supervised by an independent third processes from Russia to Switzerland. party, also based in Switzerland. Customer data Software Opening storage and processing assembly Transparency center Information received from users of Relocation of assembly line of Kaspersky By the end of 2018, a facility for trusted Kaspersky Lab products in Europe, to be Lab products and threat detection rule partners and government stakeholders to followed by other countries including the databases (AV databases) to Switzerland, review the company’s code, software U.S., Canada, Australia, Japan, South Korea where they will also be signed with a updates and threat detection rules. and Singapore, will be processed and digital signature before delivery to the The Transparency Centers will stored on Swiss servers. endpoints of clients around the world. open by 2020. Switzerland Independent supervision and review Long and famous history of neutrality Robust approach to data protection legislation All processes to be independently supervised by a third-party organization qualified to conduct technical software reviews 7 Kaspersky Lab’s principles for fighting cyberthreats Kaspersky Lab is determined to detect The following list of threats, as reported and neutralize all forms of malicious by Kaspersky Lab’s GReAT team, shows programs, regardless of their origin the different languages used in each or purpose. It does not matter which threat: language the threat “speaks”: Russian, Chinese, Spanish, German, or English. • Russian language: Moonlight Maze, The company’s experts have published RedOctober, CloudAtlas, Miniduke, at least 17 reports about APT attacks CosmicDuke, Epic Turla, Penquin with Russian-language included in the Turla, Turla, Black Energy, Agent.BTZ, code. This is more than any other U.S.- Teamspy, Sofacy (aka Fancy Bear, based company. APT28), CozyDuke • English language: Regin, Equation, PPI RO NG D Duqu 2.0, Lamberts, ProjectSauron E L T C EPHAN METEL GMAN • Chinese language: IceFog, SabPub, Nettraveler, Spring Dragon, OJEC PR T Blue Termite L S • Spanish language: Careto/Mask, AZARUS AURON DAN TI El Machete RATIO BLUE XPETR One of Kaspersky Lab’s most PE N E O • Korean language: Darkhotel, Kimsuky, important assets in fighting N Lazarus cybercrime is its Global Research & G N HOUL OROFF Analysis Team (GReAT), comprising • French language: Animal Farm top security researchers from all over the world – Europe, Russia, the • Arabic language: Desert Falcons, Americas, Asia, and the Middle East. Stonedrill and Shamoon 8 Advanced Persistent Threat Landscape in 2017 According to Kaspersky Lab’s GReAT team, in 2017 the top target for APTs were governments; and the most significant threat actor was Lazarus. Top 10 targets: Top 10 targeted countries: Government USA Saudi Germany Turkey Iran Russia China Taiwan Education Arabia Financial institutions Military Diplomatic Energy IT companies Telecommunications Japan Political parties Military contractors South Korea Top 10 significant actors: 1 Lazarus 6 Turla 2 Sofacy 7 Axiom 3 Lamberts 8 Dropping 4 BlueNoro Elephant (part of Lazarus) 9 FinFisher 5 Equation group 10 DustSquad 9 10 Principles for the processing of user data Respecting and protecting people’s privacy is a fundamental principle of What is Kaspersky Security • The information is used in the form Kaspersky Lab’s approach to processing Network? of aggregated statistics; users’ data. The data that is processed is crucial for identifying new and as yet Kaspersky Security Network (KSN) • Logins and passwords are filtered unknown threats – such as WannaCry is one