Company experts reveal the latest on the Stuxnet epidemic
Munich was this year's venue for the Kaspersky Security Symposium which took place from 22-24 September.
Eugene Kaspersky, CEO and co-founder of the Company, Andreas Lamm, Managing Director, Europe, and Magnus Kalkuhl, Head of the Global Research and Analysis Team, Europe, launched the event, which provided much insight into the latest cybercrime trends in three different tracks: Cybercrime Technology, Cybercrime in Everyday Life, and Cybercrime Versus the Law. Participating in the Press Tour were 47 journalists and editors from some of the world's most prestigious IT, business and general-interest publications.
Opening the event, Eugene Kaspersky issued a warning that the fight against cyber threats was escalating rapidly towards a whole new level: "The nineties was the decade of the cyber vandal; the noughties was the era of the cybercriminal, and I'm afraid we are now entering the age of cyber warfare and cyber terrorism." His speech focused on the infamous Stuxnet worm designed for industrial sabotage and which marks a turning point in the history of malware evolution.
In his presentation 'Surviving Targeted Attacks: Aurora, Stuxnet – What's Next?' Stefan Tanase, Senior Security Researcher, EEMEA, Global Research & Analysis Team, revealed the results of Kaspersky Lab's research into the Stuxnet epidemic. The number of targeted attacks has increased significantly lately, with cybercriminals making use of convoluted social engineering scams and increasingly sophisticated malware to penetrate systems. However, Stuxnet still towers above other similar malware due to its capacity to exploit four zero-day Windows systems vulnerabilities and for the fact that its rootkit drivers were digitally signed with valid certificates stolen from Realtek and JMicron. Perhaps more surprising still, it doesn't steal money, but attempts to access Programmable Logic Controllers installed on the computer systems of major corporations.
Stefan also talked about his cooperation with Microsoft in preparing a patch for two of the zero-day vulnerabilities used by the creators of Stuxnet and detected by Kaspersky Lab.
David Jacoby, Senior Security Researcher, Nordics, Global Research & Analysis Team, followed up Stefan's presentation by stating that no operating system is completely secure. In his presentation, 'Cybercriminals and Their Automated Tools', he analyzed how hackers can crack Unix and Linux systems using automated tools.
The Cybercrime in Everyday Life track saw two presentations about problems that users are often faced with: online gaming fraud and fake antivirus solutions.
Christian Funk and Nicolas Brulez provided a rapt audience with a detailed description of how unsuspecting users without reliable protection on their computers can easily fall victim to crafty cybercriminals, and shared their recommendations for staying safe.
The urgency presented by these types of threat is linked to the upsurge in new malware that is expected to coincide with the release of the online games World of Warcraft: Cataclysm, and Diablo III, and the rogue antivirus programs that mimic very closely the products of legitimate antivirus vendors. According to Nicolas, the creators of these rogue AVs are now not only offering interfaces that are very similar to the originals but also technical support 24/7 in a number of languages.
‘Law Enforcement and Modern Cyberthreats' was the title of another presentation in Munich. Vitaly Kamluk, Chief Security Expert, Japan, Global Research & Analysis Team, spoke of the legal restrictions that IT security experts and law enforcement agencies encounter while combating cyber threats. Vitaly explained how it was technically possible to halt the Kido (Conficker) and Gumblar epidemics in a matter of minutes. However, that would require access to a computer or server being used to spread the malicious programs, which is unlawful in many countries, even in exceptional circumstances. He also talked about his experience of closing down the Shadow botnet in cooperation with the Dutch police force.
Senior Spam Analyst Maria Namestnikova's presentation, ‘Spam – Why is it so Diverse?', continued the legal theme. Anti-spam laws, market realities and business culture are all factors directly influencing how the spam business is shaped in different countries. The most widespread business models are: buying and selling, affiliate programs, Nigerian letters, and phishing. Spammers use extremely diverse methods and techniques to make money, including the distribution of malicious programs. Maria estimates that spammers make a profit of $950 million per year.
The presentations given by the Kaspersky Lab experts at the Kaspersky Security Symposium and webcasts on the issues discussed are available at:
http://www.kaspersky.com/oktoberfest_press_tour.
