Kaspersky security researcher David Emm on threat detection, industry challenges, and ‘cyber-immunity’

Cybersecurity stalwart Kaspersky recently dropped the ‘Labs’ appendage to its moniker, as part of a rebranding effort that reflects the company’s shift away from ‘cybersecurity’ towards the wider concept of ‘cyber-immunity’.

The organization’s 45-strong Global Research and Analysis Team (GReAT) regularly hits the headlines with its cutting-edge research into cyberespionage, which has included insight into everything from the Equation Group to the Stuxnet worm.

Moscow-based Kaspersky suffered a setback since late 2017 after the Trump administration banned the use of its technology within the US government over spying fears.

The firm has responded to this slight on its reputation with increased accountability by setting up a transparency center alongside offers to allow select parties to inspect its source code. As further reassurance, Kaspersky is migrating its core infrastructure for international customers from Russia to Switzerland.

The Daily Swig recently caught up with David Emm, the UK-based principal security researcher at Kaspersky, to take stock of the current trends in the global cybersecurity services market.


Tell us about Kaspersky’s history and your main aims for 2019

David Emm, UK-based principal security researcher at Kaspersky

David Emm: With more than 20 years’ experience in the industry, Kaspersky has demonstrated a willingness and aptitude to not just reinvent itself in line with the ever-evolving threat landscape, but to continually stay one step ahead of the dangers that affect so many people across the world.

Kaspersky recently embarked on a rebranding exercise to reflect the company’s evolution from ‘cybersecurity’ towards the wider concept of ‘cyber-immunity’.

Cybersecurity, in today’s world, is more than just protecting devices, but about developing an ecosystem, where everything that is connected is protected.

One of Kaspersky’s primary goals is to cater equally to businesses of all sizes, as well as consumers.


What can we look forward to in terms of upcoming research from Kaspersky?

DE: Kaspersky tracks the ongoing activity of more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organisations in 85 countries.

As one example of its commitment to protecting consumers, Kaspersky has helped analyse advanced persistent threat (APT) activity across the globe.

Recent analysis includes the TajMahal framework, a previously unknown and technically sophisticated APT framework that has been in development for at least five years

TajMahal is able to steal data from a CD burnt by a victim, as well as from a printer queue. It can also steal a particular file from a previously-seen USB stick; the next time the USB is connected to the computer, the file will be stolen.

The framework includes up to 80 malicious modules stored in its encrypted Virtual File System – one of the highest numbers of plugins we’ve ever seen for an APT toolset.

Kaspersky has also recently uncovered APT activity in the Middle East, and identified leaks related to alleged Iranian activity.

This proved particularly interesting, because one of those leaks might have been part of a disinformation campaign carried out with the help of the Sofacy/Hades Actor.


How do Kaspersky researchers go about prioritizing their research?

DE: The cyber threat landscape has continued to develop in range and severity over the last decade – both for businesses and consumers.

New habits, trends, and technologies – such as the rise of AI, smartphones, and online shopping – has led to new and increased threats.

At the same time, Kaspersky’s knowledge, experience and deep threat intelligence regarding every aspect of cybersecurity has made it a trusted partner, even as the threat landscape has grown.

It has helped authorities across the world, having cooperated extensively with Interpol, and with national police bodies, to help assist them in their fight against cybercrime.

The team has developed a number of processes to identify and examine suspicious files, including threat prediction, prevention, detection, response, and investigation.

A comprehensive, multi-layered security solution is essential, because whilst an auto-analyst can help detect a cyber threat, uncovering and blocking individual threats as they arise isn’t enough.

It’s becoming increasingly important to detect malicious files and to identify future trends, in order to defend against complex threats at the earliest possible stage.

Kaspersky analyzes millions of suspicious files and activities, and whilst 99.9% of objects are machine-processed, human expertise is essential to grouping and shaping how systems will impact in the future.

The technology industry is continually evolving, and these advances continually open up new opportunities for hackers, whilst providing new challenges in handling cybersecurity threats.

However, those challenges are ones that Kaspersky is more than well-placed, and keen, to meet.


RELATED Kaspersky publishes free ransomware decryptors