Cyber-security may sound like a term from some futuristic science-fiction novel, but it's a very real principle that must be observed in our digital age. It's also something that governments around the world take extremely seriously. These days, you don't need to sneak a spy behind enemy lines to gain access to top-secret documents—all you need is a team of qualified hackers, and plenty of perseverance. By defeating digital security measures, you can gain access to state secrets, or even wage a cyber war against your enemies.
Few organizations know more about cyber-security than Kaspersky Labs, one of the largest anti-virus and anti-malware software producers in the world. Kaspersky researchers study everything from how to block malicious pop-up ads to how to detect advanced threats on a geopolitical scale. At the cutting edge of these studies is Kaspersky GReAT, which stands for the Global Research & Analysis Team. This team is composed of 43 individuals in 18 countries around the globe, and they track malicious hacker activity with an emphasis on “advanced targeted attacks”.
The Kaspersky GReAT members recently conducted an “AMA” interview on Reddit, where members of the community were free to ask any questions they had about cyber-security. We found some of the answers from the Kaspersky team very interesting. Here are a few highlights:
Q: In what way are average citizens affected by your work and the malware you fight? Should I worry about being the victim of one of these “advanced targeted attacks?”
A: Costin here. In general, advanced threat actors go after governments, military, big companies, cutting edge research institutions, financial and banks, activists and scholars. If your profile fits into one of these then yes, you should worry about high end threat actors. However, if you’re not necessarily affiliated with one of these, you can still be caught in the middle of cyberwar between superpowers. For instance, you might visit a watering hole and get infected simply because you were in the wrong place at the wrong time, or your personal information can be stolen and used for identity theft at a later time.
For the average person however, perhaps the most worrying thing in my opinion is the constant escalation of cyber conflicts as more and more nation states obtain cyberstrike capabilities and work to developer their cyber armies.
Q: What you consider as the hardest part of your job? (it can be technically or moral or whatever) What's the most dangerous situation you have been for doing your job?
A: Costin here. I’ve been working in computer antivirus research for more than 22 years. Everything was pretty nice and easy before 2008. Then almost overnight, nation state sponsored attacks appeared. I guess the first big one was Aurora, which hit Google, Yahoo and others. Ever since, my job has been getting more and more complex, from all points of view. Some of the trickiest things to think of include: “when to publish a report?”, “when is research truly finished?”, “is it ethical to research only threats from one side of the world but not another”, “who did it” and “why did you publish it”. I try to navigate around these with a simple system – we research and publish on any kind of threats, no matter the origin. When research is complete and we feel confident our analysis is strong, we publish. And on the internet, answering “who did it” is sometimes impossible…
Q: Hi guys – I'm Roi – I write for SC Magazine UK. I was wondering if you had any predictions with regards to when we will start seeing mass casualties and perhaps even death from hacking into ICS (Industrial Control Systems)? Is it possible now? Following from the German steel mill attack, the Black Energy malware and the Swedish air traffic control attack it feels like we're on the brink of something but not quite there yet. Who in your opinion does ICS security well?
A: Brian here: Hey Roi, great question and a tough one to ask to the experts. In my opinion, it’s a matter of time before someone, somewhere decides to cross that line and cause casualties. If you look at all the critical systems that are still unsecured and vulnerable to attacks, all it would take is one crazy person and a general understanding of how ICS works to inflict damage to the masses. This is why securing ICS should be the #1 thing policy makers and other experts in the field should be focusing on right now. We need more voices like yours out there asking these tough questions to the appropriate people. Regarding who does it well…Again in my opinion, no one is doing it “well”. Well isn’t good enough. It needs to be impenetrable and right now, that’s not the case. This isn’t a mythological unicorn any longer. It’s been done before, and will only get worse.
Vitaly here: Honestly, I don't want to think about it. Last time I thought about possibility of malware crossing the border between virtual and physical worlds to destroy a physical object, Stuxnet happened just the next month. I was thinking only about “why so soon?” back then. I feel same strange feeling every time I hear about sudden disasters such as crashed planes, derailed trains, etc. A security researcher, widely known as halvarflake, said earlier this year (reconstructed from my memory): “Physical objects can be owned and/or possessed by you. Computer systems have additional dimension, which is control: you may own a computer, possess a computer but with current systems design you can never be sure who is in control”. This is what wakes me up at night, because this illusion of control we have over computer systems opens infinite possibilities to create tragedies by people who use their power against others. From my point of view, this is what makes human race primitive.