Tag: Kaspersky Lab

Taking away smartphones improves productivity

dec15-31-2662508-700x394A study shows that smartphones reduce productivity rather than improving it.

The Universities of Würzburg and Nottingham-Trent carried out the study, which was  commissioned by Kaspersky Lab. It showed that employees’ performance improved 26 percent when their smartphones were taken away.

The experiment tested the behaviour of 95 people between 19 and 56 years of age in laboratories at the universities of Würzburg and Nottingham-Trent.

Altaf Halde, managing director – South Asia at Kaspersky Lab said the experiment unearthed a correlation between productivity levels and the distance between participants and their smartphones.

“Instead of expecting permanent access to their smartphones, employee productivity might be boosted if they have dedicated ‘smartphone-free’ time. One way of doing this is to enforce rules such as no phones in the normal work environment,” he said.

Losing their smartphones generally didn’t make participants nervous, although women were more anxious than their male counterparts. This made researchers conclude that anxiety levels at workplace were not affected by smartphones (or the absence of smartphones), but can be impacted by gender.

Jens Binder from the University of Nottingham-Trent said that previous studies had shown that separation from one’s smartphone has negative emotional effects such as increased anxiety, but studies have also demonstrated that one’s smartphone might act as a distractor. In other words, both the absence and presence of a smartphone could impair concentration.

Astrid Carolus from the University of Würzburg said: “Our findings from this study indicate that it is the absence, rather than the presence, of a smartphone that improves concentration.”


DARPA concerned over supply chain malware threat

US government agency Darpa has raised concerns over malicious software entering the supply chain of IT equipment procured by government departments.

IT equipment is made up of components produced in a wide range of countries, so there are potential security risks for hardware that is connected to secure or sensitive networks. This could mean a large amount of compromised mobile phones, network routers or PC workstations –  allowing for data extraction, or even the sabotage of critical operations.

There are many difficulties in adequately protecting against such attacks, with the large volume of commercially procured equipment making spotting security problems a tough job.

DARPA said that the ability to do this on a large scale for the Department of Defense is hampered by the time constraints of checking so many devices.  Developing a method to enable non-specialist technicians to determine that a device is one potential way to reduce risk, but it is by no means easy.

DARPA has proposed a Vetting Commodity IT Software and Firmware programme to look at ways to mitigate the risks posed by backdoors, malware and other vulnerabilities.   

Tim Fraser, DARPA program manager, said that the problems facing government departments is bigger than ever.

“DoD relies on millions of devices to bring network access and functionality to its users,” Fraser said. “Rigorously vetting software and firmware in each and every one of them is beyond our present capabilities, and the perception that this problem is simply unapproachable is widespread.” 

The goal of a vetting programme will be to develop a set of techniques, tools and demonstrations to help make some of these aims more achievable.

Malicious software entering supply chains is an increasing problem. In September, Microsoft claimed that its own investigations had uncovered that hardware sold directly to consumers was, in some cases, pre-loaded with malware. Though Microsoft was able to disrupt some of the attempts to infect computers in this fashion, it highlighted the ease with which supposedly secure supply chains can be compromised.  

David Emm, Senior Security Researcher at Kaspersky Labs, told TechEye that there are many ways malicious software can be hidden on hardware.

“Concern about the dangers of malicious software entering the supply chain of IT equipment is clearly growing, with network devices such as routers, access points and DSL modems providing a perfect hiding place for malware,” Emm said. 

“A recent example of this is a Brazilian attack that focused on just a single firmware vulnerability,” he said. “The Brazilian government confirmed that an estimated 4.5 million modems were compromised in the attack and were being used for different kinds of fraudulent activity.”

With IT equipment spending continuing to rise throughout most of the world there are increasing opportunities for those intent on spying or sabotaging systems to wreak havoc.

“The increasing dependence of individuals and organisations on devices of this sort is likely to mean that they attract more attention in the future,” Emm continued.  

“Unfortunately, while the risks from malicious software are becoming widely known, device security is often overlooked,” he said.

Kaspersky Lab uncovers 'miniFlame'

Kapersky has  discovered new malware dubbed ‘miniFlame’, cyber espionage software directly linked to Flame.

The miniFlame program, also referred to as SPE, was originally picked up by security experts in July while analysing the Flame virus, a program responsibly for espionage attacks on Windows based computers in the Middle East.  At the time Kaspersky labelled the Flame malware the most sophisticated cyber weapon yet discovered.  The new discovery shows that the scale of the operation is larger than first imagined.

Further findings have now shown that while miniFlame is based on the same architecture as Flame, it can also be used both independently as a malicious program, as well as acting as a plug-in for Flame and Gauss.  The intention for the program is to be used as a cyber espionage tool, Kaspersky Lab says, operating as a backdoor for data theft, allowing the creators direct access to the infected computer.

The number of computers infected by miniFlame is lower than its counterparts however, with Kaspersky Lab claiming that noting that between 10-20 machines have fallen victim to the virus. The total figure is estimated to be up 60 worldwide.  Those infected were most likely already infected with the Flame virus, forming the “second wave” of a targeted cyber espionage attack aimed at stealing information.

According to Kaspersky, versions of miniFlame were created in 2010 and 2011, and some of the six variants are still considered active.  It is expected that development of the malicious program could have started as far back as 2007.

“MiniFlame is a high precision attack tool,” said Alexander Gostev, Chief Security Expert, Kaspersky Lab, describing the malware. “Most likely it is a targeted cyber weapon used in what can be defined as the second wave of a cyberattack.”

“First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information,” he said. “After data is collected and reviewed, a potentially interesting victim is defined and identified, and miniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage.”

This could involve taking screenshots of infected computers, or a USB drive could be controlled to store data collected from infected machines without an internet connection.

The analysis of miniFlame also highlighted the cooperation between the creators of Flame and another virus, Gauss, with miniFlame designed to operate alongside both malware programs.

Furthermore Kaspersky contends that with links already established between the creators of Flame and Stuxnet, the viruses are all likely to have originated from the same source.   

The US government has so far been widely linked to both Flame and Stuxnet, which was responsible for attacks on Iranian infrastructure and nuclear facilities.

E-crime hitting UK businesses hard

The British Retail Consortium has claimed that e-crime is the biggest threat to online stores, highlighting a need for a clearer analysis of cyber crime.

According to the BRC’s study, the effects of e-crime on businesses are significant both in direct cost and prevention, setting them back a total of £205.4 million between 2011-12.

The most expensive form of e-crime for retailers was personal identification related frauds, producing £20 million of losses between 2011-12.  Card fraud caused £15 million losses to retailers over the same period, while refund frauds were responsible for £1.2 million of losses.  

Much of the cost is through the less easily quantifiable, however, with the BRC claiming that £111.6 million worth of business is rejected due to crime prevention measures. This could mean, for example, honest customers being deterred from online purchases because of additional security measures. 

One online retailer, Jennifer Hakim, director of online fashion store the Retrosphere, told TechEye that e-crime is a serious problem, particularly for businesses that aren’t aware of the dangers that exist. 

“When you open an online store it is definitely something you need to think about,” Hakim said.  “It is not something I particularly thought about when I started, but it did happen. I made a big sale online, early on with the website.  I sent two designer pieces, I received the money, but checked with my bank and realised it was card fraud.”   

“The person had tried several cards and it was really obvious it was stolen cards,” she said. “This meant I had to pay back what was taken from the person’s account.”

This led to significant costs for the business.

“I pay a fee for a transaction, so the bigger the transaction the more I pay,” she said.

Such stories are not uncommon, and the government has its work cut out in trying to stem the wave of cyber crime as sales through online stores increase at double digit rates each month, while criminals modernise fraud techniques.

Cabinet Office figures have previously estimated the total cost of cybercrime for the UK to be £27 billion. This figure has been debated, and it is often difficult to arrive at an exact figure when collating information on the matter.

According to David Emm, senior regional researcher at Kaspersky Labs, the BRC report shows that more is needed to be done to give an accurate representation of the threat landscape.

“One of the things that comes out of this is that e-crime is not that easy to measure,” Emm said. “One of the things that the British Retail Consortium is urging is that we have a more effective way for gathering information on what the losses are, because obviously you can’t really manage something unless you can first measure what its impact is.”

“The government needs to make sure that it is measuring, and that there is a reporting mechanism,” he said. And such figures can be hard to pin down in real terms.

“One of the dangers when you see figures like these is that sometimes they get used to dramatise the impact of something,” he said. “Sometimes the personal impact to an individual, or to an online store, can get lost in the huge numbers.”   

“£27 billion – or in this case £205.4 million – its a number,” Emm said, “but unless you bring it down to what the impact is to you then it starts to lose a bit of meaning. I don’t necessarily object to numbers being published but I tend to take them with a pinch of salt.”

What is important is raising the awareness of individual companies and how they are being affected.

“Any business will say that the real interesting thing is the impact your organisation,” Emm said. “If you look back over the last six months, the past quarter, what impact has e-crime had?  

“Whatever the figure is for your business, that is what is really meaningful, and whether it has increased is more important than any overall figures,” he said.

'Flame' cyber attack could be most sophisticated ever

Symantec has warned of a “highly sophisticated” threat, which its Security Response Team has claimed is on par with the Stuxnet and Duqu viruses.

Symantec has announced that it has been analysing the W32.Flamer malware, a threat which is believed to have been snooping around computers in the Middle East for a couple of years now.

The security experts believe that the malware has been built by a team, pointing towards “an organised well funded group of personnel with directives” rather than an individual.  

Kaspersky Lab meanwhile have said that the malware may the be the most sophisticated cyber weapon ever discovered.

The code apparently includes a number of references to the string ‘FLAME’ which is thought to possibly be the malware’s development project name.

According to Symantec the threat has operated “discreetly” for two years, spreading via USB drives to steal documents, disable security and spread itself to other systems where possible.

W32.FLAMER is believed to have attacked known vulnerabilities in Microsoft Windows in order to spread across networks.

It is thought that the main areas which have been affected are in the Palestinian West Bank, Hungary, Iran and Lebanon.   Russia, Austria, Hong Kong and UAE are also thought to have been targeted.

It is not known which individuals or sectors have been targeted, but it is thought that it is individual personal activities that are being sought rather than specific companies.  

It is claimed that many of the computers attacked have been with home internet access.

Iranian researchers have also claimed that there is a “close relation” to the Stuxnet virus that attacked critical nuclear infrastructure during 2010 and 2011, though it is not thought that the virus is aimed at doing physical damage like Stuxnet.

The Iran National CERT (MAHER) said that 43 anti products used were unable to detect the software.

Antivirus software dominated by marketing and misunderstanding

At a recent panel discussion held by Kaspersky Lab in Prague, researchers raised a problem over the way antivirus products are tested and presented to the public as the malware landscape continually evolves.

“It is a problem, it is a very huge problem, because the way testing is being conducted, most of it is not useful to anybody,” TechEye was told by Jose Fernandez, a professor at the École Polytechnique de Montréal and a member of the advisory board of the Anti-Malware Testing Standards Organization (AMTSO).

With the continually evolving threat seen in the malware landscape, it’s the opinon of Fernandez, and members of the Kaspersky Lab development team, that the way antivirus products are tested by reviewers is no longer effective in painting a true picture of the strength of the software.

Acccording to Fernandez, a problem in virus protection is that users themselves are becoming part of how a system is potentially vulnerable. Then there’s the wave of new threats along with increasing sophistication, as criminals seek to wrench money from the unsuspecting web user.

“The threat has evolved, many tests were good to do up to ten years of five years ago, if you could stop it at the file open stage then it was okay. But that is no longer true today for a variety of reasons,” Hernandez said. 

For example, these days hackers are able to bypass signature based defence more easily.

Fernandez was keen to have a pop at journalists going over antivirus software: “It is absolutely correct that things have changed so much that the old way of thinking is no longer working, but I do not see that evolution yet in journalists for example, because the problem has changed.

“And more importantly you need to re-educate the user. You used to be able to check the machine that protects the user, but not anymore because the errors, the mistakes, and the accidents are mostly provoked by the user.

“So, you have to test the machine with a user in it to see how that machine adapts to the driver, how the machine is allowing the driver to make the right decisions,” he said.

Fernandez believes that you cannot test them separately any more because attackers are targeting the “driver”, to “click on this link or install this codec of Prince William’s wedding, you cannot physically stop them, so we need to educate within the product, which some are now doing such as Kaspersky”.

He thinks many journalists are going about testing the wrong way, breeding a culture of misinformation which is driving a need to meet narrowly defined notions of how strong a product can be.

Where reviewers are going wrong, he thinks, is in the way that they seek to concentrate on testing which shows that one product is king and which are runner-ups.

Of course, this is a natural way for consumers to react to products by getting easily assimilated information rather than bogged down in technically heavy statistics.

While the knowledge that one product is designated to be ranked higher may not be the most accurate tool, it is also the easiest for consumers to understand at a glance. That’s something Fernandez and Kaspersky Lab believe is an inadequate way of testing anti-virus products.

But it is the perception on this side of the industry that because of such testing, there is a consequential vicious circle in which the marketing departments of AV companies know that they have to meet certain tests to receive high marks in magazines.

Without that they could lose market share.

Fernandez says marketing teams hold most of the testing budget in many firms. They put pressure on developers to ensure that products do well in tests that are, according to him, largely outdated.

“The problem with this is that doing this does not then meet the other criteria and doesn’t allow them to concentrate on improving the product,” he says.

“Testing is never perfect, tests have different parameters, but most journalists don’t want to show the limits of their test.

“This gives a user the wrong impression that one test is the best, one is second best, when this is maybe not the case.

“For most of the tests done today this is not true because of the evolving threat landscape performance with these test is totally unrelated to total security.”

Fernandez believes that conducting tests accurately and then choosing the right measurements is a challenging technically, as there is so much that can go wrong and it takes so much expertise.

“It’s actually very time consuming and costly, so it does not make much sense for people to say that ‘because I cannot do this expensive test I will just do ‘a’ test’ and then just publish it.’

“A lot can go wrong, for example, in choosing what to measure and actually getting accurate results for the test.

“And that is why it should be left to the professionals, at least for some tests.

Unless the publishing industry is willing to invest time and money for people to be testing full time and developing expertise, it’s certainly a view from the security industry that adequate testing can’t be achieved at a sufficient level.

“I don’t think it is a good idea for a technical journalist to say ‘this week I am doing spell checkers and this week I am doing antivirus,” says Fernandez.

Instead he advocates using independent testing laboratories to garner more accurate results, and for hacks to look more at the usability of a product.

But one journo tells TechEye that testing is most certainly still important by reviewers as they offer a truly independent opinion on how well the product works, and that “if they can’t see the difference, then the great unwashed are unlikely to either”.

However at the École Polytechnique de Montréal, Fernandez has just begun new research into alternative methods for testing how useful a certain product is as the threat increases from the user themselves.

“The clinical trials are not seeking to do individual experiments, we are trying to do in vivo experiments where we have real users using the product in their everyday lives, for say four months, do university work, download whatever you want. 

“The software reports on what happens, and we find indicators of infection we will look at that and see what the cause is.

“We are doing this with fifty people in the first run, and we are trying to find out if we can correlate infection with certain pattern behaviours.”

Ultimately, Fernandez says, such difference in user behaviour and difference in how the user actually works with the product will make much bigger difference than “whether it is Kaspersky and McAfee”.

Smartphone security threats to double this year

With a number of high profile security breaches recently the landscape of threat is one that is increasing and constantly evolving according to analysts, as Sony customers and their bank managers will certainly agree.

TechEye spoke to Magnus Kalkuhl, Director of European division of Kaspersky Lab’s global Research & Analysis Team here in Prague about some of the dangers facing everyone from large organisations to smartphone users.

And while hacking of datacentres is not something new, both the Sony case and, on a governmental level, Stuxnet and Stars have both shown recent lapses of security that are on a scale that has not previously been seen.

Furthermore with the increase in constant internet connectivity as well as new devices such as smartphones and tablets offering new areas for malware to attack, protecting people on many different levels from such threats is a constant struggle.

According to Kalkuhl one of the main threats evolving is one that has followed the explosion of smartphone uptake with Android highlighted as a prime target for malware.

“There was lots of talk about mobile viruses maybe years ago but with journalist writing about it excessively but then there but as not much has happenedso it was decided it was big hype,” says Kalkuhl, “however now things are changing.”

“In the old days when mobile viruses came out where they were able to dial premium numbers and this type of stuff, this is how they could earn money, but now with internet availability 24/7 on a mobile it becomes attractive for bad guys who want to make it part of a botnet as it is essentially a small computer.”

And this is the area where Kalkuhl believes we will see biggest increase in the coming years, with the problem being that not many people have protection, and have no idea that their mobile phones have been infected.

But while Kaspersky Lab  expects that the mobile threat will double during 2011, Kalkuhl admits that the problem is “not mainstream”.

“For example a computer antivirus is already installed, but for smartphones this is not the case.”

“Even if we are not speaking about rootkits and the like, there are of course threats on the internet that don’t need to have software installed on your machine, for example walls on Facebook, and it is all happening in your browser.”

“This can happen on your computer on an Android phone or on an iPhone or a tablet.”

Tablets are of course another area of concern for security firms with Kalkuhl noting that currently “there is no protection on tablets, possibly the browser has a defence such as with Firefox, but this is not as efficient as commercial anti-virus or security software.”

When asked whether the asked whether the risk of mobile threat can be overstated at the moment Kalkuhl is adamant that we are coming to a stage where the risk is becoming more real.

“We are honest about it, we are not running around saying that Android phones are infected like hell and do whatever you can to protect yourself with antivirus, we are saying what that you need is security software as it is more likely that you can lose your phone or it can be stolen than it getting a rootkit on it for example.”

“But of course this can still happen and this situation will change simply because Android phones are becoming so popular and mainstream, so there is no question that when we speak again in two or three years the situation will be different and no one will need to ask if there is a problem on phones.”

So is it a case of pre-empting rather than reacting to the threat restrospectively?

“We are there to protect against the things that are out, but it’s nothing compared to what we will see in the future.”

The security of the cloud is also something that is of concern to Kaspersky Lab, with the firm recently releasing statistics showing that over three fifths of IT managers asked saw security as a major stumbling block to uptake.

However Kalkuhl beleives that despite its flaws issues of cloud security are outweighed by the advantages offered.

“Let’s say for a small company, say ten people, what is more secure, that they host their information in a server that is standing next to the kitchen where people can break in and where they have to deal with all the problems and maybe deal with hardware failure? Or host it with somewhere you have professionals where you have professionals with storage in earthquake proof buildings with lots of security.”

“Of course Amazon’s storage recently system crashed and they were unable to recreate all the data, and we will continue to see big problems and painfully learn our lesson until we are at the stage where the cloud is really relied on.”

However Kalkuhl highlights the worst case scenario is of a cloud provider which is hacked so that attackers can “get their hands on the virtual systems that are hosted on the server. There is nothing people could do against that once that has happened.”

“Unexpected things can happen as we have seen with Sony, it’s not cloud but most people would have said that they can’t imagine this would happen as it is so secure.”

According to Kalkuhl the Sony situation is another that is unfortunately likely to happen again in the future.

“It can happen and will always happen, the main problem is of course that people are storing more and more online – they have to because their life is happening more and more online – the only solution is thinking of ways to prevent the worst.”

Of course Kalkuhl  admits that this is difficult.

“If you are the one who is hacked then of course you should do everything to prevent this, but you would have presume that Sony have thought about the possibility and did something,” he says,

It is best to assume that such as situation will happen and try to minimise the risk by for example having different passwords on social media sites so if one password is leaked then bad guys can easily get into other services.” 

“This is one area which people need to be aware of, so it is a lot education for the user firstly, because for businesses that are hacked we at Kapersky cannot do anything about this,so maybe we will need some smarter ways of knowing what is happening with your credit card data.”

China pirates most software worldwide

The Business Software Alliance (BSA) claimed that global software piracy rose by 43 percent last year, amounting to what it claimed is a loss of $51 billion to the software companies.

The BSA said that the rise in pirated software from the year before was largely down to more PC sales in emerging markets. It claimed that the 43 percent piracy rate meant that for every $100 of legit software sold in 2009, $75 worth of unlicensed software came into the market.

PC markets in Brazil, India and China represented 86 percent of the growth in PC shipments worldwide, the BSA said.

The United States was the goodie two shoes in the world of piracy, with only 20 percent piracy. But the BSA claimed that amounted to $8.4 billion of lost sales last year.

China saw a large increase in the commercial value of pirated software and grew $900 million from 2008 to represent $7.6 billion of lost software sales.

India, Chile and Canada, said the BSA, saw the greatest improvement in reducing software theft, with each of them seeing a three percent decline in piracy rates in 2009. The UK has the sixth lowest piracy rate globally.

The BSA called on governments to help stamp out software theft.

Members include Adobe, Altium, Apple, Autodesk, AVEVA, AVG, Bentley Systems, CA, Cadence, Cisco Systems, CNC/Mastercam, Corel, Dassault Systemes SolidWorks Corporation, Dell, HP, IBM, Intel, Intuit, Kaspersky Lab, McAfee, Microsoft, Minitab, PTC, Progress Software, Quark, Quest Software, Rosetta Stone, Siemens, Sybase, Symantec, Synopsys, and MathWorks.