Home Security 11 VIDEOS Kaspersky conference 2017: APAC cyber espionage very bad, but worst still to come

11 VIDEOS Kaspersky conference 2017: APAC cyber espionage very bad, but worst still to come

No longer facing only data theft or pillaging of servers with ransomware, APAC financial institutions are huge targets for monetary gain as attack sophistication reaches new levels, all while Kaspersky defends its honour, ethics and business from the US Government.

Kaspersky Lab. The company is now 20 years old, and has evolved a deep threat intelligence and security expertise portfolio of products and services. These fight against ever more intricate and evolving digital threats, and protect 400 million users and 270,000 corporate clients globally, with Kaspersky Lab famously uncovering various nation-state level malware and hacking activities before its competitors.

Just concluded is the company's 3rd annual APAC Cyber Security Conference, in Thailand, with the company seeking to unravel the truth on the worsening cyber espionage problem against countries, governments, critical infrastructure and companies in the dynamic and turbulent Asia Pacific region.

Once just a plot of fanciful James Bond or certain Bruce Willis movies, among others, cyber espionage has grown so fast and so far, including startlingly sophisticated nation-state hacking activities, that cyber espionage is beyond an alarming threat.

Indeed, it has crossed the rubicon between the worlds of fiction and reality with such ferocity that fiction might have to start catching up with reality to remain believable.

As you'd expect, the conference brought together several top Kaspersky Lab security experts from its GReAT division, the "Global Research & Analysis Team" which truly is global in nature, and they zeroed in on the state of targeted attacks in APAC countries from past to present and how governments, businesses, and concerned industrial sectors can beef up their cyber defences.

Stephan Neumeier, the new managing director at Kaspersky Lab APAC, said: "Cyber espionage is a dangerous and costly threat targeting nations and corporations around the world, including nations right here in the Asia Pacific region. Kaspersky Lab today aims to sound the alarm louder about this imminent danger so we can step up our efforts to strengthen our infrastructure and protect the public."

Neumeier gives the opening address at the 3rd annual Kaspersky Labs APAC Cyber Security Conference:

iTWire also asked questions about the ongoing attack Kaspersky Lab is facing in the US from the US Government and some of its security agencies, which has seen the company's products removed from US Government computers, and from the shelves of Best Buy, Office Depot, and overnight, Staples

Those questions and answers are at the end of this article, before the final four embedded video interviews.

Four cyber security experts from Kaspersky Lab’s GReAT team top were present at this year’s event, with Vitaly Kamluk, director of GreAT in APAC, Seongsu Park, GReAT’s senior security researcher based in South Korea, Noushin Shabab, senior security researcher at Kaspersky Lab’s GReAT based in Australia, and Yury Namestnikov, senior malware analyst at Kaspersky Lab’s GReAT in Moscow were present, all giving eye-opening presentations that illuminate the issues most ably, and all of which have been captured in full on video, and embedded at the end of this article.

Kamluk opened the discussion by looking back at major cyber attacks that have hit public and private organisations over the past years in countries around the region.

“Cyber espionage, a subset of intelligence activities in cyberspace, is covert by nature. The new generation of spies are not doing physical James Bond-style operations anymore – they are regular software developers and system operators. Their achievements remain in the darkness until researchers like Kaspersky GReAT discover and document their activities.

"The attackers are not writing the history of cyber attacks, but researchers do. And it doesn’t come as easy making documentaries or writing memoirs. The work of researchers require high concentration and solving of multiple difficult logical problems on the way, which is why these stories are so valuable.”

Kaspersky Lab 2017 APAC security conference, Vitaly Kamluk, presenting "Writing the history of cyber espionage attacks in APAC."

Kaspersky Lab’s 2016 report titled “Measuring the Financial Impact of IT Security on Businesses” found that "targeted attacks, including cyber espionage, are among the most expensive types of attack. The study further shows these threats can cost up to $143,000 in losses for small businesses and $1.7 million for enterprises".

The report also reiterates that "businesses in all sectors and of all sizes are vulnerable to a targeted attack. A Fortune 500 company is at risk as a two-man startup as both entities hold business data", and that aside from monetary loss, "businesses and even government agencies lose confidential data and the trust from their stakeholders and customers in the wake of a successful cyber espionage campaign".

Park specifically spoke about the role of a company’s infrastructure in a successful targeted attack.

The company explained that Park was "among the Kaspersky Lab researchers who have been closely monitoring the activity of the high-profile cyber espionage group, Lazarus, a cyber criminal gang believed to be behind the $81-million Bangladesh Bank heist last year".

Park said: "Thorough analysis on this group proved that many servers of big corporations are being used by the cybergang as launchers of their attacks against these same enterprises."

Kaspersky Lab 2017 APAC security conference, Seongsu Park, presenting: "Never let your infrastructure go malicious: digging onto C&C server infrastructure."

To answer the who's and hows of a cyber espionage campaign, Shabab discussed the forensic techniques and critical analysis being carried out by researchers for years to be able to understand an attack and to unmask its perpetrators.

“Like palaeontologists collecting the tiniest bones to be able to unearth a full artefact, cyber security researchers examine the leftovers of a malicious campaign, chase the trail of clues until we have gathered all the necessary pieces of the puzzle, and collate and compare evidences with fellow experts to be able to know the attackers behind an attack, their main goal, their techniques, and the length of their attacks," she said.

"All the historic information we have gathered through investigating targeted attacks all these years helped us discover the truths and the myths of cyber espionage in the Asia Pacific region.”

iTWire colleague Sam Varghese interviewed Shabab earlier this year.

Kaspersky Lab 2017 APAC security conference, Noushin Shabab presenting: "Identifying Spies."

Yury Namestnikov explained the trend of cyber espionage groups focusing on attacking financial organisations in the region using the now infamous ransomware vector to gain monetary rewards. He also revealed the techniques used by these groups to mask destructive wiper-attack as ordinary cyber criminal activity.

Kaspersky Lab 2017 APAC security conference, Yury Namestnikov, presenting: "Beyond Cyber Espionage: Nation-state Cyber-financial operations."

Meanwhile, guest speaker Kyoung-Ju Kwak, security researcher at the Computer Emergency Analysis Team of South Korea’s Financial Security Institute, spoke in great detail about Andariel, a threat actor "connected to the Lazarus group and responsible for card leakage and illegal ATM withdrawals in South Korea".

Kaspersky Lab 2017 APAC security conference, guest speaker Kyoung-Ju Kwak presenting "Campaign RIFLE: Andariel, The Maiden of Anguish.

The videos also captured a presentation by Neumeier and Alejandro Arango, global director of Corporate Communications at Kaspersky Lab.

I'm paraphrasing, and Arango's exact words can be seen in the his video below), but he effectively asked the media present and those globally to investigate the claims against the company and to report their findings truthfully, while noting that no evidence backing up any of the claims against Kaspersky Lab have been presented, despite the ongoing attack against the company in the US.

Kaspersky Lab 2017 APAC security conference, Alejandro Arango, gives the closing address for the 3rd annual Kaspersky Lab 2017 APAC security conference.

iTWire also asked questions about the ongoing issue for Kaspersky Lab in the US, which has seen the company under attack by the US Government itself, some security agencies, and which has seen its products removed from the shelves of three major retailers.

iTWire colleague Sam Varghese has been diligently covering the Kaspersky story, with his latest article noting the overnight removal of Kaspersky Lab products from Staples linking back to his extensive coverage.

Sam helped me formulate these questions. Not all were answered by the deadline, so a further article will be forthcoming with additional answers, but for the time being, here we go:

Q. Do you think this is the actual reason why the US is acting against Kaspersky – because the company has found out too much about NSA malware and publicised its findings, with the Trump stuff just a convenient excuse?

A. All Kaspersky Lab technologies are designed and used for the sole purpose of detecting all kinds of threats, including nation-state sponsored malware, regardless of the origin or purpose, and the company tracks more than 100 advanced persistent threat actors and operations.

Q. Also, given every anti-virus and security program does an inventory of your system files, is this having the equivalent of having a rootkit on the system with your blessings?

A. AV software is a primary component of technological defences that every personal and business computer system should have. It is an industry must for security solutions to have elevated privileges to properly protect the user, regardless of whether the solution is made in the US, Japan, Russia, etc. Otherwise malware having the same or deeper privilege could easily bypass AV. Our product works rather like X-ray: we can spot the issues in a computer, but not whose computer it is.

Q. Are all Internet security companies now under suspicion of some kind of espionage of their own? And, if a Russian company is under suspicion, why aren't US security companies, who may or may not be working with the NSA whether they know it or not, also under suspicion?

A. We cannot speculate on the thoughts or intentions of others – Kaspersky Lab appears to be caught up in a geopolitical storm, and we remain focused on doing our job and protecting our users.

Here are the four video interviews with the four GReAT "Global Research & Analysis Team" speakers listed above.

VIDEO Interview: Kaspersky's Yury Namestnikov talks to iTWire about cyber security, the life of a security researcher and more.

VIDEO Interview: Kaspersky's Vitaly Kamluk talks to iTWire on cyber espionage with some great answers to the questions posed:

VIDEO Interview: Kaspersky's Noushin Shabab talks to iTWire on Women in Tech, cyber security, cyber espionage, finding spies and more.

VIDEO Interview: Kaspersky's Seongsu Park talks to iTWire.

The writer attended the conference as a guest of Kaspersky Lab.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.