Security Market Segment LS
Friday, 05 April 2019 10:30

Kaspersky unlikely to reveal details of American APTs at summit

By
Kaspersky unlikely to reveal details of American APTs at summit Image by Stefan Schweihofer from Pixabay

ANALYSIS Predicting the future is generally a game for mugs but it is possible to say with a high degree of certainty that there will be no details of any American advanced persistent threats or APTs unveiled during Kaspersky Lab's annual Security Analyst Summit that kicks off in Singapore on Monday.

The company generally keeps a big story under its hat and releases it at the summit in order to squeeze maximum coverage out of it - all tech conferences are held to have a good time, but publicity is the main game, so this is not unusual.

Last year, Kaspersky Lab released details about Slingshot, malware that infects Windows systems via routers and which it claimed had been used for cyber-espionage from at least 2012 until February 2018.

Hardly a fortnight had gone by after the announcement, when the website CyberScoop, which lives mostly on a dripfeed of leaks from the US intelligence community, claimed that Slingshot was a US military program run by the Joint Special Operations Command, a part of the Special Operations Command. It said Slingshot was used by US military and intelligence personnel to collect information about terrorists.

For some, that was seen as a parting shot by Kaspersky Lab as payback for the US banning its software from use in the public sector and also putting pressure on outlets like Best Buy to stop selling its products.

For its part, Kaspersky Lab denied it had any previous knowledge that Slingshot was a US Government operation.

But now, with the company on a different trajectory and the whole US affair behind it, it is highly unlikely that it will again do what seems to have irritated American intelligence agencies in the first place: reveal APTs which the government has put in place for cyber warfare against other countries.

That the US moves against Kaspersky Lab were dissimilar to its actions against companies like the Chinese telecommunications equipment vendor Huawei is evident from the fact that Washington did not try to get any country it considers an ally to ban the use of Kaspersky products. The ban was only pursued within the US.

But it came after a series of events, the culmination being the leaking on the Web of a number of Windows exploits from the NSA by a group known as the Shadow Brokers in 2016.

Kaspersky Lab researchers are generally accepted to be at the top of the security game and they have revealed a number of nation-sate activities, beginning with the attempted hack in 2014 by the UK's GCHQ of a Belgian telecommunications provider.

In 2015, Kaspersky exposed a group it called the Equation Group, which has been long rumoured to be an internal NSA unit.

The company also detailed how the Stuxnet operation was carried out to cripple Iran's nuclear reactors. Stuxnet was discovered by Sergey Ulasen in 2010; he joined Kaspersky Lab a year later. The virus was infiltrated into Iran's nuclear labs through an USB drive as the lab was not connected to any external network.

Israeli Government hackers breached the Kaspersky network in 2014; after the company found out in 2015, it wrote a long, detailed analysis of the incident.

In 2016, following the election of US President Donald Trump, there was general anti-Russian hysteria in the US. And then came the Shadow Brokers' leaks.

Kaspersky Lab was tied to the Brokers through claims in the three main US mainstream newspapers — The New York Times, The Wall Street Journal and the Washington Post — all based on anonymous sources.

What happened after that is well known. The US Government banned the use of Kaspersky Lab products in the public sector and Kaspersky was gradually forced to close its Washington office. Taking legal actions did help and all Kaspersky's efforts were in vain.

The big story for this year's summit — a sophisticated supply chain attack which used the live update utility that comes on hardware made by ASUS — was leaked to a freelancer, Kim Zetter, last month. But the gloss was taken off what was claimed as a scoop, when Kaspersky Lab published a blog post about the attack just hours after the so-called exclusive was put online.

More details about this attack have been promised at the summit, but the main course has already been sampled.

Given all the pain it has been subjected to since the Shadow Brokers' leaks, it is unlikely that Kaspersky Lab will ever go down the path of releasing anything that remotely looks like an American APT – though its customers who pay for security news may well be told of such malware, though not of its origins.

LEARN HOW TO BE A SUCCESSFUL MVNO

Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments