Kaspersky Lab - Kaspersky Problem

- 05.42

Kaspersky NSA Hack Points to a Serious Rogue Contractor Problem ...
photo src: www.wired.com

Kaspersky Lab (/kæ'sp?:rski/ ; Russian: ??????????? ???????????, Laboratoriya Kasperskogo) is a multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, who is currently the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Kaspersky expanded internationally from 2005-2010 and grew to more than $700 million in annual revenues by 2014. As of 2016, the software has about 400 million users and has the largest market-share of cybersecurity software vendors in Europe.

Kaspersky Lab ranks fourth in the global ranking of antivirus vendors by revenue. It was the first Russian company to be included into the rating of the world's leading software companies, called the Software Top 100 (79th on the list, as of 6/29/2012). Kaspersky Lab is ranked 4th in Endpoint Security segment according to IDC data for 2010. According to Gartner, Kaspersky Lab is currently the third largest vendor of consumer IT security software worldwide and the fifth largest vendor of Enterprise Endpoint Protection. Kaspersky Lab has been named a "Leader" in the Gartner Magic Quadrant for Endpoint Protection Platforms.

The Kaspersky Global Research and Analysis Team (GReAT) has discovered sophisticated espionage platforms linked to U.S. intelligence, such as Equation Group and the Stuxnet worm. Various covert government-sponsored cyber-espionage efforts were uncovered through their research. Kaspersky also publishes the annual Global IT Security Risks Survey. As of 2014, Kaspersky's research hubs analyze more than 350,000 malware samples per day.

In 2017, Kaspersky became the subject of controversy over allegations that the company has engaged with the Russian Federal Security Service (FSB), in the wake of Russian interference in the 2016 presidential election. The U.S. Department of Homeland Security banned Kaspersky products from all government departments on 13 September 2017. In October 2017, subsequent reports alleged that hackers working for the Russian government stole confidential data from the home computer of an National Security Agency contractor using Kaspersky antivirus software. Kaspersky has actively denied that it has such ties with the Russian government, but acknowledged that its software had extracted files from the contractor's computer in the course of its operations.


Are you a Kaspersky antivirus user and having problem with it ...
photo src: www.pinterest.com


Maps, Directions, and Place Reviews



History

The first version of Kaspersky Lab's antivirus software was developed by Eugene Kaspersky in 1989 in response to the Cascade Virus. Early versions had just 40 virus definitions and were mostly distributed to friends and family members. Eugene continued developing the software at KAMI, resulting in the AntiViral Toolkit Pro (AVP) product released in 1992. It was popularized in 1994 after a competitive analysis by Hamburg University gave Eugene's software first place.

In 1997, Eugene Kaspersky, his wife Natalya Kaspersky, and Alexey De-Monderik left KAMI to form Kaspersky Lab, and to continue developing the antivirus product, then called AVP. The product was renamed Kaspersky Anti-Virus after an American company registered the AVP trademark in the US.

In 1998 a Taiwanese student released a virus called CIH. During the first three weeks of the outbreak, Kaspersky Lab's AVP was the only software at the time able to remove it. This increased demand and led to deals with antivirus companies in Japan, Finland and Germany to integrate AVP into their software.

According to WIRED, Kaspersky's software was "advanced for the time." For example, it was the first software to monitor viruses in an isolated quarantine. The company's revenue grew 280 percent from 1998 to 2000, with about 60 percent of its revenue coming from international sales. Natalya worked to broker deals internationally and localize the software. It opened offices in the UK, Poland, Holland and China. It later expanded to Germany, France, the US and Japan. By 2000 the company had 65 employees and sales in more than 40 countries. Kaspersky opened new offices in South East Asia and the Middle East in 2008 and in South Africa in 2009. It also expanded in India, the Middle East and Africa in 2010. In 2009, retail sales of Kaspersky Lab's antivirus products reached almost 4.5 million copies per year.

In 2011 General Atlantic bought a 20 percent share of Kaspersky Lab for $200 million, with the expectation of helping the company go public. A few months later, the decision was made to keep the firm private and Kaspersky re-purchased the shares from General Atlantic. This was followed by numerous executive departures in 2011 and 2014 regarding disputes over going public and over Eugene's management style respectively.

On January 1, 2012, Kaspersky Lab officially left the Business Software Alliance (BSA) over SOPA. The BSA had supported the controversial anti-piracy bill, but Kaspersky Lab did not support it stating, "we believe that such measures will be used contrary to the modern advances in technology and the needs of consumers," and to show their disapproval, announced their intent to leave on December 5th, 2011.

By 2013, the company had $667 million in annual revenues. In 2014, Kaspersky Lab signed a distribution deal with Ingram Micro, which significantly expanded its reseller program.

In August 2015, two former Kaspersky employees alleged that the company introduced modified files into the VirusTotal antivirus database to trick software from Kaspersky competitors into triggering false positives in virus and malware scans. A possible motive is that Eugene allegedly was furious at competitors perceived to be "unfairly" free-riding on Kaspersky's malware discoveries via the open-source VirusTotal database. The company denied the allegations. On his personal blog, Eugene Kaspersky compared the accusations to unsubstantiated conspiracy theories. Reuters followed up by publishing leaked emails allegedly from Kaspersky alluding to "falsies" and "rubbing out" international competitors; Kaspersky Labs stated the emails "may not be legitimate and were obtained from anonymous sources that have a hidden agenda".


Kaspersky Problem Video



Products

Kaspersky Lab develops and markets antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. It is the fourth or fifth largest endpoint security vendor and the third largest consumer IT security software company. It is the sixth largest overall IT security company. Its revenues are about 15 percent from Russian companies domestically, one-third from European organizations and one-fourth from U.S. organizations. The software has about 400 million users in all.

Kaspersky's consumer software include the Antivirus, Internet Security and Total Security products. The Antivirus software includes malware protection, monitors the PC for suspicious program behavior, and warns users about potentially dangerous websites. The Internet Security software adds privacy features, parental controls, anti-phishing tools. Total Security adds parental controls, adult website filters, diagnostic tools, a Password Manager application, and other features. Kaspersky's software is available for Macs, PCs, Android, iOS, Windows Mobile, BlackBerry and Symbian.

For businesses the company markets the Kaspersky Endpoint Security for Business suite. It includes a centralized user interface and management application called the Kaspersky Security Center. The cybersecurity software itself is called the Kaspersky Security Network. The Kaspersky Administration KitSecurity Center manages configuration, installation and remote use. The business suite also has quarantine, reporting, and other features. Its software product for businesses with 25 staff or less is called Kaspersky Small Office Security (KSOS). Within the suite are products specifically for virtualization security, mobile security, and fraud protection among others. Kaspersky also develops a free tool that helps businesses gain access to Windows devices that are infected by ransomware.


problem Kaspersky · Issue #25 · danielbohannon/Invoke-Obfuscation ...
photo src: github.com


Partnerships

The Kaspersky Anti-Virus engine also powers products or solutions by other security vendors, such as Check Point, Bluecoat, Juniper Networks, Microsoft Forefront, Netintelligence, Clearswift, FrontBridge, Netasq, Wedge Networks, and others. Altogether, more than 120 companies are licensing technology from Kaspersky Lab. Kaspersky Lab also has a number of partnerships with various technology companies.

The International Multilateral Partnership Against Cyber Threats where Datuk Mohd Noor Amin acts as the Chairman, announced the appointment of Harry Cheung - Managing Director of Kaspersky Lab, APAC - as the Goodwill Ambassador for Greater China.

Kaspersky Lab runs several global sponsorships, for example, the Scuderia Ferrari Racing Team and geographical expeditions.


2317050] Kaspersky power events provider keeps asking me for ...
photo src: forum.kaspersky.com


Market assessments & reception

According to PC Magazine, Kaspersky AntiVirus and competitor Bitdefender are both consistently ranked at the top in independent competitive tests. PC Magazine's own malware and phishing tests had similar results and praised the software's "bonus security tools." Under "Cons" the magazine said it took longer-than-expected to complete a scan. The same magazine said the Kaspersky Total Security product had an "impressive feature list" and praised the extra features in the Total Security product, like password management, encryption and parental controls. PC Magazine said the product had scored highly in lab tests for antivirus, antiphishing and other features. It had "so-so" scores in antimalware tests and wasn't able to catch all spam.

Kaspersky's 2013 Endpoint Security for Windows product was the top-ranked enterprise antivirus software in a competitive test by Dennis Technology Labs, followed by Symantec Endpoint Protection. AV-Comparatives has awarded Kaspersky "Product of the Year" for 2015, based on the number of high scores it has gotten throughout the year on a wide range of tests. PC Magazine praised the software's features, but said it lacked policy management and deployment options. Kaspersky's parental controls software was reviewed by PC Magazine. The reviewer said it was "well-rounded, very affordable parental control and monitoring." It praised the software's content filtering, child profiles, social media monitoring and other features, but did criticize that some features are only available on iOS or Android.

The anti-virus software testing group AV-Comparatives gave the Windows XP version of Kaspersky AV an "Advanced+" rating (its highest) in both its February 2008 on-demand detection test (with the fourth highest detection rate among 16 products tested). However, in the Retrospective/Proactive Test May 2008, Kaspersky received the "Standard" rating, detecting 21% of new malware with 1-month old signatures and receiving a substantial amount of false positives.

The firewall included in Kaspersky Internet Security 7.0 got a "Very Good" rating in Matousec's Firewall challenge, with a result of 85%. Kaspersky Anti-Virus 7.0 has achieved a 6.5 result out of 8 in the Anti Malware Labs rootkit detection test. It has also achieved a 31 out of 33 detection of polymorphic viruses and a 97% result in the self-protection test. In 2007, Kaspersky Internet Security 7 received an award from the British magazine PC Pro and also won a place in its "A List".

Kaspersky has passed most of Virus Bulletin comparative tests since August 2003 (failing 8 of 54 tests). In 2005, according to PC World magazine, Kaspersky anti-virus software provided the fastest updates for new virus and security threats in the industry.

In PC World magazine's March 2010 comparison of consumer security suites, Kaspersky Internet Security 2010 scored 4.5/5 stars, and was rated second overall. In the December 2011 version of AV-Comparatives' annual reports, Kaspersky Lab's software has achieved highest overall ranking and has earned the AV Comparatives' "Product of the Year" award.

On 1 February 2012, the Kaspersky Internet Security has earned "AV-TEST Award for Best Repair 2011" award in the field of home user products from AV-TEST Institute. On 28 January 2013, the Kaspersky Endpoint Security has earned "AV-TEST Award for Best Protection 2012" and "AV-TEST Award for Best Repair 2012" awards in the field of corporate products from AV-TEST Institute.

Later in 2013, Kaspersky earned the product of the year award from AV-Comparatives and the highest score among Enterprise solutions in a Dennis Technology Labs report.

Kaspersky has also received certification of their products through the OESIS OK Certification Program, which verifies that the applications are interoperable with third-party technology solutions like NAC and SSL VPN products from Cisco Systems, Juniper Networks, F5 Networks, and others.


Kaspersky + Boxifier + Dropbox problem Part 1 - YouTube
photo src: www.youtube.com


Malware discovery

Kaspersky Lab's Global Research and Analysis Team (GReAT) was established in 2008. It investigates cybersecurity threats and other work by malware operations. IT security companies are often evaluated by their ability to uncover previously unknown viruses and vulnerabilities. Kaspersky's reputation for investigating cyber-security threats has been influential in gaining international sales and prestige. Beginning around 2010, Kaspersky exposed a series of government-sponsored cyber-espionage and sabotage efforts. These include Stuxnet, Duqu, Flame, Gauss, Regin and the Equation Group. According to Wired, "many of them [were] seemingly launched by the US and its UK and Israeli allies. Kaspersky is especially well-known for its work uncovering Stuxnet and Flame."

In 2010 Kaspersky Lab worked with Microsoft to counter-act the Stuxnet worm, which had infected 14 industrial locations in Iran using four zero-day vulnerabilities in Microsoft Windows. According to IEEE Spectrum, the circumstances "strongly suggest" the worm was developed by the United States and Israel to damage centrifuges in Iran's nuclear-enrichment program. It was the first discovery of a major government-sponsored cyber-attack.

In May 2012, Kaspersky Lab identified the malware Flame, which a researcher described as potentially "the most sophisticated cyber weapon yet unleashed." According to the researchers in Kaspersky Lab, the malware had infected an estimated 1,000 to 5,000 machines worldwide when asked by the United Nations International Telecommunications Union to investigate reports of a virus affecting Iranian Oil Ministry computers. As Kaspersky Lab investigated, they discovered an MD5 hash and filename that appeared only on customer machines from Middle Eastern nations. After discovering more pieces, researchers dubbed the program "Flame" after the name of one of its modules.

Flame was an earlier variant of Stuxnet. Kaspersky never verified the source of the software, but it is suspected to have been developed by the National Security Agency (NSA) to transmit keystrokes, Skype calls and other data. Kaspersky created algorithms to find similar malware and found Gauss that July, which collected and transmitted data from devices infected by bluetooth or USB drives.

In January 2013, Kaspersky discovered the Red October malware, which had been used for widespread cyber-espionage for five years. It targeted political targets like embassies, nuclear sites, mostly in Europe, Switzerland and North America. The malware was likely written by Russian-speaking hackers and the exploits by Chinese hackers. That June, Kaspersky discovered NetTraveler, which it said was obtaining data on emerging technology from government targets and oil companies. Kaspersky did not identify who was behind it, but it was similar to other cyber-espionage coming from Beijing, China. Later that same year, Kaspersky discovered a hacker group it called Icefog after investigating an cybersecurity attack on a Japanese television company. Kaspersky said the hacker group, possibly from China, was unique in that they targeted specific files they seemed to know about before planting malware to extract them.

In February 2014, Kaspersky identified the malware Mask, which infected 380 organizations in 31 countries. Many organizations that were affected were in Morocco. Some of the files were in Spanish and the group is believed to be a nation-state conducting espionage, but Kaspersky did not speculate on which country may have developed it.

In November 2014, Symantec and Kaspersky authored papers that contained the first disclosure of malicious software named Regin. According to Kaspersky, Regin is similar to QWERTY, a malware program discovered the next year. Regin was used to take remote control of a computer and is believed to have originated from the Five Eyes alliance. That same month Kaspersky reported on the Darkhotel attack, which targeted users of wireless networks at hotels in Asia. It asked users to update their software, then downloaded malware that gave up their passwords.

In 2015, Kaspersky identified a highly sophisticated threat actor that it called "The Equation Group". The group incorporated sophisticated spying software into the firmware of hard drives at banks, government agencies, nuclear researchers and military facilities, in countries that are frequent targets of US intelligence efforts. It is suspected to have been developed by the National Security Agency (NSA) and included many unique technical achievements to better avoid detection. That same day, Kaspersky announced the discovery of a hacker group it called Carbanak, which was targeting banks and moving millions of dollars into fake accounts. Carbanak was discovered when one bank asked Kaspersky to investigate suspicious behavior from its ATMs. A similar malware using some of the same techniques as Carbanak was discovered in 2016 and dubbed Carbanak 2.0.

In June 2015, Kaspersky reported that its own network had been infiltrated by government-sponsored malware. Evidence suggested the malware was created by the same developers as Duqu and Stuxnet, in order to get intelligence that would help them better avoid detection by Kaspersky in the future. Kaspersky called it Duqu 2.0. The malicious software resided in memory to avoid detection. The hack was believed to have been done by the same group that did Duqu in 2011. It used exploits in Microsoft installer files.

In June 2015, Kaspersky Lab and Citizen Lab both independently discovered software developed by Hacking Team and used by 60 governments around the world to covertly record data from the mobile phones of their citizens. The software gave police enforcement a "menu of features" to access emails, text messages, keystrokes, call history and other data. Kaspersky also identified 37,000 attacks against banking companies that used modifications of the malware called Asacub and took control of Android devices. Asacub targeted mostly banking customers in the U.S., Russia and Ukraine using an SMS message that baited users into installing a Trojan.

In 2016, Kaspersky discovered a zero day vulnerability in Microsoft Silverlight. Kaspersky identified a string of code often used by exploits created by the suspected author. It then used YARA rules on its network of Kaspersky software users to find that string of code and uncover the rest of the exploit. Afterwards, Microsoft issued a "critical" software patch to protect its software from the vulnerability.

In 2016, Kaspersky uncovered the Poseidon Group, which would infiltrate corporations with malware using phishing emails, then get hired by the same company as a security firm to correct the problem. Once hired, Poseidon would install additional malware and backdoors. In June 2016 Kaspersky helped uncover a Russian hacking group, leading to 50 arrests.


Kaspersky NSA Hack Points to a Serious Rogue Contractor Problem ...
photo src: www.wired.com


Allegations of ties to the Russian government

According to the International New York Times, Kaspersky has "become one of Russia's most recognized high-tech exports, but its market share in the United States has been hampered by its origins." According to Gartner, "There's no evidence that they have any back doors in their software or any ties to the Russian mafia or state... but there is still a concern that you can't operate in Russia without being controlled by the ruling party." CEO Eugene Kaspersky's prior work for the Russian military and his education at a KGB-sponsored technical college has led to allegations of being employed by Russia to expose US cyberweapons, though he refutes this. Analysts such as Gartner's Peter Firstbrook say suspicions about the firm's Russian roots have hindered its expansion in the US. The company has denied that it has direct ties with or has engaged with the Russian government.

In August 2015, Bloomberg News reported that Kaspersky Lab changed course in 2012, as "high-level managers have left or been fired, their jobs often filled by people with closer ties to Russia's military or intelligence services. Some of these people actively aid criminal investigations by the FSB, the KGB's successor, using data from some of the 400 million customers". Kaspersky slammed Bloomberg's coverage on his blog, calling the coverage sensationalist and guilty of exploiting paranoia to increase readership.

In July 2017, the United States' General Services Administration (GSA) removed Kaspersky Lab from its list of vendors authorized to do business with the U.S. government and further reports by Bloomberg and McClatchy DC alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). Anti-Russian sentiment had also grown in the country in the wake of an investigation of Russian interference in the 2016 presidential election. Kaspersky denied these reports, stating that it did not have "inappropriate ties" with any government, and "never received a request from the Russian government or any affiliated organization to create or participate in any secret projects, including one for anti-DDoS protection."

On 8 September 2017, U.S. electronics store chain Best Buy pulled Kaspersky products amid concerns over these ties. On 13 September 2017, the Department of Homeland Security issued an order banning Kaspersky products from use within the U.S. federal government, citing "[concerns] about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."

On 6 October 2017, The Wall Street Journal--citing "multiple people with knowledge of the matter"--alleged that in 2015, hackers working for the Russian government used Kaspersky antivirus software to steal classified material from a home computer belonging to a National Security Agency (NSA) contractor. According to the report, the incident occurred in 2015 and remained undiscovered until early 2016. The stolen material reportedly included "details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S." The New York Times reported that the hacks had been discovered by Israeli intelligence agents who had themselves hacked into Kaspersky's network. On 11 October 2017, The Wall Street Journal additionally alleged that Russian intelligence uses Kaspersky software to scan computers worldwide for material of interest. The company once again denied the reports, arguing that they were "baseless paranoia" and a "witch hunt", and considered it suspicious that major U.S. media outlets simultaneously "went for us almost in full force and they fantasized simultaneously, as if receiving an order, but they've got confused in details."

On 25 October 2017, Kaspersky confirmed that the incident described by The Wall Street Journal had occurred in 2014, and was the result of the software having detected a ZIP file containing samples and source code from "the Equation Group" (the Tailored Access Operations (TAO) unit NSA). The user had enabled the Kaspersky Security Network (KSN) features of the software, so the files were automatically uploaded as a malware sample to KSN for analysis, under the assumption that it was a new malware variant. Eugene Kaspersky stated that he ordered that the sample be destroyed. Kaspersky claimed that the antivirus software had been temporarily disabled by the PC's user in order to install a pirated copy of Microsoft Office. When the software was re-enabled, it detected both the Equation Group code, as well as unrelated backdoor infections created by a keygen program for Office, which may have facilitated third-party access to the computer.

On 13 November 2017, the British intelligence agency MI6 raised suspicions over Kaspersky Lab software after it was distributed for free to more than 2 million UK Barclays customers. On 2 December 2017, Barclay's announced that they would no longer provide their new customers with the company's software. Also around 2 December 2017, Britain's National Cyber Security Centre advised, as a national security precaution, that UK government departments avoid Russia-based anti-virus software such as Kaspersky, but stated there was "no compelling case at present to extend that advice" to the wider public.

Source of the article : Wikipedia



EmoticonEmoticon

 

Start typing and press Enter to search