Kaspersky Lab presents META cybersecurity trends
‘Operation Parliament’, Polys unveiled • Healthcare facing cyber threats
ISTANBUL: On April 11-14, Kaspersky Lab held its annual Cyber Security Weekend for the Middle East, Turkey and Africa (META) in Istanbul to explore the evolution of the threat landscape both – globally and in the region, and find out which approaches businesses need to take in order to survive. Kaspersky Lab’s Global Research & Analysis Team (GReAT) experts and invited experts discussed various topics during the event, including IoT security, blockchain technology and the rise of targeted attacks as well as threats aimed at medical infrastructure.
During the event, statistics from the Kaspersky Security Network for the first quarter of 2018 were revealed and showed an overall increase in local threats infections (malware spread in local networks, by USBs, CDs, DVDs) with Kenya taking the first place with 61.8 percent of its users infected, followed by 58.6 percent in Nigeria, 50.8 percent in Oman, and 55.6 percent in both Egypt and Lebanon. Turkey reported the lowest number of local threat infections with 46.2 percent.
The statistics for the same period of time also showed a noticeable overall increase in web threats with 30.2 percent of users affects by malware in Saudi Arabia, 28.8 percent in both Egypt and Oman followed by 27.4 percent in the UAE. On the other hand, South Africa had the lowest number of affected users in the META region (48.8 percent for local and 19.6 percent for web threats).
“We have seen an 8.5 percent increase in ransomware attacks in the META region in Q1 of 2018 compared to Q1 of last year, this number is not surprising, judging by the infamous success of major ransomware attacks last year. We do expect such attacks to grow and evolve in complexity and sophistication. This highlights the importance of proper security solutions backed with continuous security training to raise awareness on the dangers of such attacks,” said Mohamad Amin Hasbini, Senior Security Researcher, Global Research & Analysis Team, Kaspersky Lab.
A panel of experts from Kaspersky Lab and specially invited guests from Turkey and UAE spoke about how the blockchain affects the way people live and work nowadays. Nassar Al-Achkar, CEO of HyperChain said: “I’m honored to take part in this event and talk about blockchain. It’s important to constantly educate people on the uses of this technology as I believe it is yet another step towards a brighter more efficient future. I also salute Kaspersky Lab for their efforts in studying this technology and assessing its cyber risks.”
The discussion also briefly touched on Kaspersky Lab’s announcement about the Polys voting system which is based around blockchain technology. With organizations facing a wide range of cyberthreats that come from the outside as well as from the inside, they should have a holistic approach to cybersecurity that unites an effective IT security solution, employee education and security policies understood and followed by employees. Kaspersky Lab’s recently launched Threat Management and Defense solution gives businesses the opportunity to adopt a strategic approach to detecting complex attacks across the corporate IT infrastructure and successfully gain control and visibility of their security environment by mitigating risk in today’s digital world.
Cyberespionage campaign
During Kaspersky Lab’s Cyber Security Weekend, a new cyberespionage campaign was announced: “Operation Parliament” is targeting high profile organizations from around the world with a focus on the Middle East and North Africa. The attacks have been active since 2017 and have targeted top legislative, executive and judicial powers, including but not limited to governmental and large private entities from the region, including the UAE, Saudi Arabia, Jordan, Palestine, Egypt, Kuwait, Qatar, Iraq, Lebanon, Oman, Djibouti and Somalia – all together company experts detected victims in 27 countries.
Kaspersky Lab experts believe that “Operation Parliament” represents a new geopolitically motivated threat actor that is highly active and skilled. Attackers are also believed to have access to an elaborate database of contacts for sensitive organizations and personnel worldwide, especially of non-trained staff. Victims of the attacks include government entities, political figures, military and intelligence agencies, media outlets, research centers, Olympic foundations and large private companies.
Based on the findings, the attackers infiltrated their victims using malware that provides them with a remote cmd/powershell terminal that enables them to execute any scripts/commands and receive the result through http requests. The attacks have taken great care to stay under the radar and have used techniques to verify victims devices before infiltrating them. Kaspersky Lab products successfully detect and block attacks conducted using these techniques.
“Operation Parliament is another symptom of the continuously developing tensions in the Middle East and North Africa. We are witnessing higher sophistication and smarter techniques used by attackers and it doesn’t look like they will stop or slow down anytime soon” Said Mohamad Amin Hasbini, Senior Security Researcher, Global Research & Analysis Team at Kaspersky Lab. “The type of people and organizations targeted in this attack campaign should elevate their levels of cyber maturity in order to mitigate such attacks in the future” he added.
In order to prevent falling victim to such an attack, Kaspersky Lab researchers advises organizations to exert special attention and extra measures, including: Train staff to be able to distinguish spearphishing emails or a phishing link from legitimate emails and links.
Use not only proven corporate-grade endpoint security solution but also acombination of specialized protection against advanced threats, such as Threat Management and Defense Solution, which is capable of catching attacks by analyzing network anomalies.
Follow strict rules to avoid data leaks and deploy techniques to prevent insider threats.
Blockchain voting
Online voting appeals to many aspects of modern society – such as geographically spread communities, or progressive universities wanting to hear their students’ voices. It also appeals to global NGOs, and municipalities looking for citizen involvement in neighborhood and citywide decision making. However, the risks of making critical choices online are also high, with large-scale online voting opening up vast opportunities for cybercriminals to fix the results.
An innovation from the Kaspersky Lab Business Incubator was announced during Kaspersky Lab’s Cyber Security Weekend. It offers a possible solution: A customizable online voting platform for non-commercial organizations, businesses and communities, which uses blockchain technology and is secured with transparent crypto algorithms.
In the modern efficiency-driven, mobile world, various limitations of offline voting have become apparent: it’s expensive, time-consuming and often inaccessible - or at least challenging - for people who aren’t physically present to cast a vote. Online voting can help overcome these challenges but this brings several uncertainties of its own: how can we secure the process? How can we make sure that our votes aren’t changed or altered by an external or internal party?
As part of a research project focused on exploring the potential implementations of innovative technologies such as blockchain, Kaspersky Lab Business Incubator has fostered a talented team of developers who have worked on an experimental project called Polys. This has resulted in a new commercial solution, which aims to provide anyone with the ability to conduct secure, anonymous and scalable online voting - with results that cannot be altered by participants or organizers.
Vartan Minasyan, Head of Investment and Innovation at Kaspersky Lab, comments: “In our Kaspersky Lab Business Incubator we’re supporting both internal and external teams in developing bright ideas and technologies, which can be implemented in various areas where safety and security are important. One such area is online voting and, when exploring the possible implementations of blockchain in particular, our team realized that this technology combined with the company’s cybersecurity expertise could solve key problems related to the privacy, transparency and security of online voting. We’re excited that we have been able to create a suitable environment for this internal innovation.”
Polys is based on smart contracts in Ethereum (sometimes referred to as Blockchain 2.0) which allows ballot verification and vote tallies to be performed in a decentralized manner. The main benefit is that, due to blockchain’s decentralized nature, the accuracy of voting execution can be verified by the network’s participants. The whole voting data is stored not on servers, but in information blocks on the computers of all network participants: To erase it, a hacker would have to breach all of the computers and gain access to the individual sets of data.
Blockchain also allows a voter to easily check if their vote has actually been registered correctly and any tampering of votes will automatically become evident. Blockchain transparency makes it easier to monitor votes and complete voting audits by independent parties. It also doesn’t require extra resources or the need for the physical presence of personnel.
In addition, within the Polys voting system, blockchain is encrypted and backed up with mathematical algorithms. These help to ensure anonymity, hide intermediate results and perform calculations on the encrypted data, which is something that can’t be done in other blockchain systems due to its distributed and open nature. By implementing these algorithms in the smart contract environment, using the advantages of blockchain while eliminating its limitations, Polys stands out as a distinctively innovative project.
The source code of Polys will be publicly available – allowing anyone to test, verify and explore the technology behind it. Any blockchain enthusiast, penetration tester or e-voting supporter will soon be able to find it on GitHub. Jutta Steiner, Co-founder of Parity Technologies, comments: “Parity Technologies is excited to be involved with Polys as their platform of choice for such an innovative project. Blockchain is increasingly being implemented by a vast number of industries and we believe that decentralising the voting procedure will ensure a fair process and create a high level of trust in the system.”
Polys is designed to support voting at all levels and for any number of participants. Upon a special project request, the platform can be made fully scalable with capacity for thousands of voters in international corporations, political parties, universities, global communities, NGOs, etc. This implementation can be tailored to specific requirements in terms of authorization, the interface design, and integration with other services. It is available in select regions only; interested parties can learn more about availability and pricing by filling out a contact form on the website.
In addition to the customized platform, there’s also a ready-to-use freemium service that is available for everyone. To arrange a vote, one simply has to go the website, create a poll in the Organizer Panel and fill in the voting information (such as the names of candidates or other participants, along with any extra details). The rest of the work, such as sending emails to voters and counting votes, is carried out by Polys.