Navigating the Threat Landscape - A Practical Guide

7/25/2019 Navigating the Threat Landscape - A Practical Guide

1/20

NAVIGATINGTHE THREAT

LANDSCAPE

www.kaspersky.com/business#SecureBiz

A practical guide

David Emm, Principal Security ResearcherGlobal Research & Analysis Team, Kaspersky Lab


2/20

2

Contents

About the author

David Emm, Principal Security Researcher Global Research & Analysis Team (GReAT)

David Emm is Principal Security Researcher at Kaspersky Lab, a provider of security and threatmanagement solutions. He has been with Kaspersky Lab since 2004 and is currently part ofthe companys Global Research & Analysis Team. He has worked in the anti-malware industrysince 1990 in a variety of roles, including Senior Technology Consultant at Dr SolomonsSoftware, and Systems Engineer and Product Manager at McAfee. In his current role, Davidregularly delivers presentations on malware and other IT threats at exhibitions and events,highlighting what organizations and consumers can do to stay safe online. He also providescomment to broadcast and media on the ever-changing cybersecurity and threat landscape.David has a strong interest in malware, ID theft and the security industry in general. He is aknowledgeable advisor on all aspects of online security.

Chapter 1 The evolution of malware 3Chapter 2 How malware spreads 9Chapter 3 Malware: on the move as much as you are 12Chapter 4 A new era of targeted attacks 14Chapter 5 The human factor in security 15

Chapter 6 Anti-malware technologies 16Chapter 7 Top tips for creating security awareness in your organization 19


3/20

3

Chapter 1: The evolution of malware

Its over 25 years since the rst PC viruses appeared. Since then the nature of the threat has changedsignicantly and today the threats are more complex than ever before.

In recent years, the Kaspersky Lab Global IT RisksSurveyhas highlighted changes in working practices,all of which have had a signicant impact on corporate

security. These include growing mobility and thetrend towards BYOD; the storage of business datain the cloud; the increased use of virtualized systems;and the widespread use of social media at work.

Security concerns around these developments continueto gure highly in the survey and, unsurprisingly, the2015 results highlight that preventing and dealingwith security breaches is a primary concern for 50%of companies1and guarding against cyberthreats isthe top security priority for 27% of companies.2

Dealing with security breaches is a primary concern for50% of companies.1

Preventing/dealing with IT security breaches

44%

50%

42%

37%

31%

26%

22%

18%

16%

15%

Understanding the full range of new technologiesthat are available and how to use them

Managing change in IT systems and infrastructure

Making decisions about future IT investments

Dealing with cost constraints/limited budgets

Training users how to use IT systems

Planning for and recovering from failureor destruction of IT infrastructure

Dealing with mobile working patternsand bring-your-own-device (BYOD)

Managing wide range of dierent IT

suppliers/product and service vendors

Complying with industry regulations and standards

VSB (1-49)

SB (50-249)

MB (250-1499)

E (1500+)

By size

54%

50%

48%

46%

1: Kaspersky Lab Global IT Risks Security Survey 2015


TOP CONCERNS OF THE IT FUNCTION1

Dealing with security breaches, understanding new technologies and managingchanges to IT systems are the primary concerns. Security breaches are a concernto companies of all sizes.


4/20

4

Guarding against external cyberthreats such as malware

Fraud prevention 27%

27%

25%

25%

22%

15%

21%

21%

14%

19%

13%

19%

12%

19%

17%

Preventing data leaks

Continuity of service of business-crtical systems

Security of cloud infrastructure (public and private)

Compliance with industry/regulatory requirements

Security of mobile/portable computing devices

Physical security of critical business systems

Improving response to information security incidents

Eliminating vulnerabilities in existing systems

Leveraging cloud-based or managed security services

Enhancing disaster recovery measures/planning

Information security training provided to employees

Security of virtualized infrastructure

Protecting against DDoS (distributed denial of service) attacks

COMPANY IT SECURITY PRIORITIES FOR THE NEXT 12 MONTHS2

Guarding against cyberthreats is now the top priority (previously third), supplanting preventing data leaks.

Increasing in scale, increasing in severity

The interconnected world means that attacks can belaunched on victims devices very quickly, and as widelyor selectively as the malware authors and criminalunderground sponsors require.

Malicious code can be embedded in an email, injectedinto fake software packs, placed on grey-zone

webpages, or download by a Trojan installed on aninfected computer.

The scale of the problem has also continued to increase.The number of new malware samples discovered dailyby Kaspersky Lab runs into hundreds of thousands.



5/20

5

A problem of perception

In the past 12 months 90% of companies experiencedsome form of external attack and 46% of companiesreported an increase in the number of attacks3, althoughthere is a perception that there were fewer instances

of data theft and obvious malware events in 2015.

90%of companies had experienced some form of external incident.3


But theres a misconception that malware belongson its own, in a discrete category. In fact, malwareforms an essential component of many cyberattacksand remains the most numerous and dangerous

threat to IT security. Targeted attacks, cyberespionage,phishing attacks and more, all incorporate malware.So its not that malware attacks are declining, but thatthey may not be perceived as malware attacks.

EXTERNAL THREATS EXPERIENCED3

90% of companies had experienced some form of external incident.Fewer instances of theft and obvious malware events in 2015 compared to previous waves.

2011 (n=1715)

Signicantly lower YOY

2012 (n=2938) 2013 (n=2164) 2014 (n=2943) 2015 (n=3580)

55%

59%

63%

58%

54%

61%

65%

61%

53%

57%

33%

36%

40%

36%

35%

24%

26%

28%

23%

22%

18%

20%

19%

19%

18%

13%

21%

24%

15%

20%

13%

4%

4%

4%

7%

3%1

3%

11%

9%

8%

9%

13%

12%

16%

16%

17%

1%

1%

Spam

Cyberespionage

EspeciallyManufacturing

Viruses, worms,spyware and

othe maliciousprograms

Especially

Education

& Govt.

Theft of largerhardware

Phishing attacks

Targeted attacks aimedspecically at our

organization/brand

Especially Telecoms

Network intrusion/hacking

Criminal damage

Denial-of-service(DoS), Distributeddenial-of-service

attacks (DDoS)

Especially IT,

Financial services

Point-of-sale (POS)systems intrusion

5% among

consumer

services firms

Theft of mobiledevices by external

party

Attacks on ATMs


6/20

6


From cyber-vandalism to cybercrime

Until around 2003, viruses and other types of malwarewere largely isolated acts of computer vandalism anti-social self-expression using hi-tech means.Most viruses conned themselves to infecting other

disks or programs.

After 2003, the threat landscape changed. Muchof todays malware is purpose-built to hijack computersand make money illegally. As a result, the threatsbusinesses now face have become signicantly more

complex. IT administrators have a lot more to contendwith there are more types of threats to protect againstand the damage they cause is likely to be nancial, not

just IT down-time.

1 in 3 companies whove experienced a data breach event sueredtemporary loss of ability to trade and typical direct costs incurred

from a serious event are$38kforSMBsand$551kforenterprises.4

ESTIMATED DIRECT COSTS INCURRED RESULTING FROM ANY SERIOUS DATA LOSS INCIDENT4

Although not every expense is incurred by every business, we can nonetheless estimatea typical loss taking into account the likelihood of an organization incurring each expense.

SMB Enterprise

32% 29%

34% 30%

88% 88%

Typical damageto SMBs from

a serious event

Typical damageto enterprises from

a serious event

ProfessionalServices

$11k

ProfessionalServices

$84k

Lost businessopportunities

$16k

Lost businessopportunities

$203k

Down-time

$66k

Down-time

$1.4m

$38k $551k

+ +

+ +2014 $33K

2013 $36K

2014 $636K

2013 $566K

Each potential cost is multiplied by the likelihood to experiencethat cost then summed to nd the expected overall typical costs.

Potential costIf experienced

Potential costIf experienced

Proportion ofbusiness incurring

this expense

Proportion ofbusiness incurring

this expense


7/20

7

New motives, new tactics

The change in motive also brought about a changein tactics. There was a decline in the number of globalepidemics designed to spread malware as far and asquickly as possible. Attacks have become more focused.

The rise of the Trojan

Trojans are the most common type of malware today.They are categorized according to their function: the

most common include backdoors, password stealers,downloaders, and banking Trojans.

They are used to steal condential information

(username, password, PIN, etc.) for bank fraud.

Holding you to ransom

In recent years, there has also been a steady growthin ransomware. This is the name given to maliciousprograms designed to extort money from their victimsby either blocking access to the computer or encrypting

the data stored on it. The malware displays a messageoering to restore the system in return for a payment.

Sometimes the cybercriminals behind the scam tryto lend credibility to their operation by masqueradingas law enforcement ocials: their ransom message

states that access to the system has been blocked,or the data encrypted, because the victim is runningunlicensed software or has accessed illegal content,for which the victim must pay a ne.

The main reason for the change is that attacks nowhave criminal intent and look to steal condential

data, which can then be processed and used. Wheremillions of victim machines are involved, detection is

more likely and it creates a huge logistical operation.Therefore, malicious code authors now prefer to focustheir attacks.

They can be used to spy on victims. They can be usedto install additional malware to suit the needs of the

attackers. They can be used in DDoS (DistributedDenial of Service) attacks on organizations: suchattacks seek to extort money from organizations, usinga demonstration DDoS attack to give the victim a tasteof what will happen if they dont pay up.

While anti-malware can detect ransomware, it may notbe possible to decrypt the data. So its vital to take regularbackups not only to avoid data loss resulting fromransomware, but to safeguard data from loss because

of other computer problems.

Typically, compromised computers are combinedinto networks. The activities of these bot networks,or botnets, are controlled using websites or Twitteraccounts. If the botnet has a single Command-and-Control (C2) server, its possible to take it down onceits location has been identied. But in recent years

cybercriminals have developed more complex botnetsthat employ a peer-to-peer model, to avoid having asingle point of failure. This has now become a standardfeature of botnets.

Malicious code authors now prefer to focus their attacks.

A GReAT tip: Regularly back up your data

Even if you outsource the handling and storage of your data, you cant outsource the responsibilityfor it in the event of a security breach. Assess the potential risks in the same way you would if you were

storing data internally. Data backup can help ensure an inconvenience doesnt turn into a disaster.


8/20

8

Phishing masquerading as someone else

The use of malicious code is not the only methodused by cybercriminals to gather personal datathat can be used to make money illegally. Phishinginvolves tricking people into disclosing their personal

details (username, password, PIN or any other accessinformation) and then using these details to obtainmoney under false pretences.

Phishers create an almost 100% perfect replica of achosen nancial institutions website. They then spam

out an email that imitates a genuine piece ofcorrespondence from the real nancial institution.

Phishers typically use legitimate logos, good business

Rootkits and code obfuscation

Rootkits are used to mask the presence of maliciouscode. They hide the changes they have made to avictims machine.

Typically, the malware writer obtains accessto the system by cracking a password or exploitingan application vulnerability, and then uses this to gainother system information until he achieves administratoraccess to the machine. Rootkits are often used to hidethe presence of a Trojan, by concealing registry edits,the Trojans process(es) and other system activity.

style and even make reference to real names from thenancial institutions senior management. They also

spoof the header of the email to make it look likeit has come from the legitimate bank.

The fake emails distributed by phishers have one thingin common: they are the bait used to try and lurethe customer into clicking on a link provided in themessage. If the bait is taken, the link takes the userdirectly to an imitation site, which contains a form forthe victim to complete. Here they unwittingly hand overall the information the cybercriminal needs to accesstheir account and steal their money.

There has been a further development of the rootkit,known as a bootkit. The rst of these found in the eld,

in 2008, was Sinowal (also known as Mebroot). Theaim is the same as any rootkit mask the presenceof malware in the system. But a bootkit installs itselfon the Master Boot Record (MBR), in order to load early(the MBR is the rst physical sector on the hard disk

and code written to this sector is loaded immediatelyafter the instructions in the BIOS are loaded). Sincethat time, there has been a steady stream of bootkits,including 64-bit versions.

A GReAT tip: Develop a security strategy

Your security strategy should be tailored to your business not based on generic best practicesand guesstimates. A thorough risk assessment can determine the risks your business faces.

Youll need a mechanism to measure the eectiveness of your security tools and a process for updatingthe strategy to meet new threats.


9/20

9

Drive-by downloads

This is one of the main methods used to spread malware.Cybercriminals look for insecure websites and hide their

code in one of the webpages: when someone views thatpage, malware may be transferred automatically, andinvisibly, to their computer along with the rest of thecontent that was requested. Its known as a drive-bydownload because it doesnt require interaction fromthe victim beyond simply visiting the compromisedwebpage.

The cybercriminals inject a malicious script intothe webpage, which installs malware on the victims

computer or, more typically, takes the form of an iframeredirect to a site controlled by the cybercriminals.The victim becomes infected if the operating systemor applications on their computer are unpatched.

Chapter 2: How malware spreads

Cybercriminals inject a malicious script into the webpage, which installsmalware on the victims computer or, more typically, takes the form of

an iframe redirect to a site controlled by the cybercriminals.

Social networks

Cybercriminals, like pickpockets in the real world,work the crowds. Some social networks have auser-base the size of a large country, thus providinga ready-made pool of potential victims. They usesocial networks in dierent ways.

First, they use hacked accounts to distribute messagesthat contain links to malicious code

Second, they develop fake apps that harvest thevictims personal data (this can then be sold to othercybercriminals) or install malware (for example fakeanti-virus programs)

Third, they create fake accounts that gather

friends, collect personal information and sellit on to advertisers.

Email and instant messaging

Around 3% of emails contain malware, in the form ofattachments or links to malicious websites. In additionto the bulk phishing campaigns, designed to stealcondential data from anyone who falls for the scam,

email is also used in targeted attacks, as a way ofgetting an initial foothold in the target organization(s).In this case, the email is sent to a specic person in

an organization, in the hope that they will run theattachment or click the link and begin the processby which the attackers gain access to the system.This approach is known as spear-phishing.

To maximize their chances of success, cybercriminalstypically send their email to public-facing (often non-technical) sta, such as sales and marketing managers.

The email addresses the person by name, the Fromaddress is spoofed to look like it has come from a trustedinsider in the organization and the content of the emailis tailored to the interests of the organization, so that it

looks legitimate.

Typically targeted attack campaigns vary the content,depending on the specic nature of the company they

are going after. Cybercriminals also make use of instantmessaging to spread links to malware.

To maximize their chances of success, cybercriminals typically sendtheir email to public-facing (often non-technical) sta, such as sales

and marketing managers.

Cybercriminals use dierent techniques to infect their victims. They are outlined individually below:


10/20

10

Removable media

Physical storage devices provide an ideal way formalware to spread. USB keys, for example, have beenused to extend the penetration of malware within anorganization, following the initial infection.

They have also been used to help malware to hop acrossthe air-gap between a computer connected to the

Internet and a trusted network that is isolated fromthe Internet.

Often malware uses vulnerabilities in the way that USB

keys are handled to launch code automatically when thedevice is inserted into a computer.

Vulnerabilities and exploits

One of the key methods used by cybercriminals toinstall malware on victims computers is to exploitun-patched vulnerabilities in applications. This relieson the existence of vulnerabilities and the failure ofindividuals or businesses to patch their applications.

Such vulnerabilities or loopholes can be found withinan operating system or the applications running on thecomputer. Cybercriminals typically focus their attentionon applications that are widely used and are likely tobe un-patched for the longest time giving them asucient window of opportunity to achieve their goals.

Zero day exploits

Cybercriminals dont just rely on the fact that peopledont always patch their applications.

Sometimes they are even able to identify vulnerabilitiesbefore an application vendor does and write exploit codeto take advantage of the aw.

These are known as zero-day exploits and providecybercriminals with the chance to spread their malwareon any computer where the vulnerable applicationis found there simply is no patch available to blockthe loophole.

The graph of vulnerable applications shown opposite isbased on information about the exploits blocked by ourproducts. These exploits were used by hackers in internetattacks and when compromising local applications,including those installed on mobile devices.

VULNERABLE APPLICATIONS USED BY FRAUDSTERS

Oracle Java

Browsers

Adobe Reader

Android tOS

Adobe Flash Player

Microsoft Oce

The distribution of exploits used by fraudsters,

by type of application attacked, 2014

45%

42%

5%

4% 3% 1%

Source: Kaspersky Lab


11/20

11

Digital certificates

We are all predisposed to trust websites with a securitycerticate issued by a bona de Certicate Authority (CA),

or an application with a valid digital certicate.

Unfortunately, not only have cybercriminals been able toissue fake certicates for their malware using so-calledself-signed certicates, they have also been able to

successfully breach the systems of various CAs anduse stolen certicates to sign their code.

This eectively gives a cybercriminal the status of a

trusted insider and maximizes their chances of success clearly organizations and individuals are more likelyto trust signed code.

A GReAT tip: Deploy comprehensive and integrated anti-malware

Make sure youre always running the latest security software, applying updateswhen they are available and removing software when it becomes superuous.


12/20

12

Chapter 3: The growth of mobile malware

Cybercriminals are now turning their attention to mobile devices. The rst mobile threats appeared in 2004,but mobile malware didnt become a signicant threat until some years after this. The tipping point came in2011: the same number of threats was found in 2011 as had been seen in the entire period from 2004 to 2010.This explosive growth has continued since then. By the end of 2014 there were over 470,000 unique mobilemalware code samples.

In 2014 alone more than 295,000 samples appeared.These code samples are often reused and repackaged

many times, so the number of malicious installationpacks far exceeds the number of code samples: bythe end of 2014, the total number of mobile malwareinstallation packs was almost 15 million. During 2014,Kaspersky Lab blocked more than 1.3 million attacksand 19% of people using Android devices encounteredat least one mobile malware threat. Notwithstanding thedramatic growth in mobile malware, many businessesremain unaware of the potential danger and, as a result,many mobile devices go unprotected.

500000

450000

400000

350000

300000

250000

200000

150000

100000

50000

0

Aug 2011 Dec 2011 Dec 2012 Dec 2013 Dec 2014Apr 2012 Apr 2013 Apr 2014Aug 2012 Aug 2013 Aug 2014

MOBILE MALWARE14,643,582 installation packs

The largest share of mobile malware is targetedat Android devices. The main reason is that Android

provides an open environment for developers of appsand this has led to the creation of a large and diverseselection of apps. There is little restriction on wherepeople can download them from, which increasespeoples exposure to malicious apps. By contrast, iOSis a closed, restricted le system, allowing the download

and use of apps from just a single source the App Store.This means a lower security risk: in order to distributecode, would-be malware writers have to nd some way

of sneaking code into the App Store, or conne their

attacks to jailbroken iOS devices. So its likely that, forthe time being at least, Android will remain the chief

focus of cybercriminals.

By the end of 2014, the total number of mobile malwareinstallation packages was almost 15 million.

Codesample

Source: Kaspersky Lab


13/20


14/20

14

Chapter 4: Are you in the fring line?

A new era of targeted attacks

Targeted Cyberattacks Logbook

Attacks and targeted attacks

The threat landscape continues to be dominated byrandom, speculative attacks designed to steal personalinformation from anyone unlucky enough to fall victimto the attack. Such attacks aect not only individual

consumers but also businesses. Often the aim isto use stolen credentials to gain access to nancialaccounts and to steal money. But its clear that thenumber of targeted attacks on organizations is growingand they have become an established feature of thethreat landscape.

The aim is get a foothold in a target company, stealcorporate data or damage a companys reputation.

CyberweaponsStuxnet pioneered the use of highly sophisticatedmalware for targeted attacks on key productionfacilities. Furthermore, the appearance of othernation-state sponsored attacks Duqu, Flame, Gauss,Careto, Regin, Equation and Duqu 2.0 has madeit clear that this type of attack is far from beingan isolated incident.

We have entered an era of cold cyberwar, where nationshave the ability to ght each other unconstrained by the

limitations of real-world warfare. Looking forward we

Kaspersky Labs Targeted Cyberattack Logbookchronicles all of the ground-breaking maliciouscybercampaigns that have been investigated by GReAT.

Also, we are now in an era where malicious code canbe used as a cyberweapon: and while a particularorganization may not be in the direct ring line it could

become collateral damage if it isnt adequately

protected.

Its easy to read the headlines in the media and drawthe conclusion that targeted attacks are a problemonly for large organizations, particularly those whomaintain critical infrastructure systems within acountry. However, any organization can become avictim. All organizations hold data that could be ofvalue to cybercriminals; and they can also be usedas a stepping-stone to reach other companies.

can expect more countries to develop cyberweapons designed to steal information or sabotage systems not least because the entry-level for developing suchweapons is much lower than is the case with real-worldweapons.

Its also possible that we may see copy-cat attacks bynon-nation states, with an increased risk of collateraldamage beyond the intended victim of the attack.The targets for such cyberattacks could includeenergy supply and transportation control facilities,nancial and telecommunications systems and other

critical infrastructure facilities.

Visit https://apt.securelist.com/ for more information
https://apt.securelist.com/https://apt.securelist.com/


15/20

15

Chapter 5: The human factor in security

The human factor

Humans are typically the weakest link in any securitychain. There are several reasons for this:

Many people are unaware of the tricks used by

cybercriminals

Successive scams never look quite the same, whichmakes it dicult for individuals to know what what

to look out for

The problem can be worse in the case of smartphonesand tablets. Their size and portability can be a greatadvantage, but theyre also easily lost or stolen. If theyfall into the wrong hands, a weak (or non-existent) PINor passcode becomes a single point of failure the onlything between an unauthorized person and the datastored on the device.

Equally, while its a benet to have sta always-on, its

dangerous if sta conduct condential transactions on

untrusted wi- networks or if they inadvertently connect

to a fake hot-spot (the wi- network called coee-shop

might be legitimate, but the one named coee-shop-

fast might belong to a criminal looking to collect data

from the unwary).

Sometimes people cut corners in order to make theirlives easier and simply dont understand the securityimplications. This is true of passwords, for example.Many people use the same password for everything often something thats as easy to remember aspassword, 123456, qwerty or football!

This increases the likelihood of a cybercriminal guessingthe password. And if one account is compromised, itoers easy access to other accounts. Even when they

are made aware of the potential danger, most individuals

dont see a feasible alternative, since they think they cantpossibly remember lots of unique, complex passwords.

A GReAT tip: Keep your password safe

For more information on keeping your password secure read David Emms blog on The Hungton Post.

A GReAT tip: Raise awareness

Cybercriminals are increasingly using public data to launch targeted attacks against businesses.

Tell your colleagues about the risks associated with sharing personal and business information online.

Social engineering

Social engineering is the manipulation of humanpsychology getting someone to do what you wantthem to do. In the context of IT security, it means trickingsomeone into doing something that undermines theirsecurity, or the security of the organization they workin. Phishing emails provide a good example of socialengineering. They generally take the form of spamemails sent to large numbers of people, although spear-phishing is a targeted version designed to trick victimsin specic organizations. They masquerade as legitimate

emails from a bona de organization. They mimic the

logo, typeface and style of the legitimate organization,

in the hope that enough people who receive theemail will be fooled into thinking that its a legitimatecommunication. When the victim clicks on the link, theyare redirected to a fake website where they are asked todisclose their personal information such as usernames,passwords, PINs and any other information thatcybercriminals can use.

The widespread use of social networks has also madeit easier for cybercriminals. They are able to gather datathat people post online and use it to add credibility toa phishing email.

For more tips on how to spread the message with your colleagues check out the 10 top tips at the end of this guide.
http://www.huffingtonpost.co.uk/david-emm/keeping-your-passwords-secure_b_3384533.htmlhttp://www.huffingtonpost.co.uk/david-emm/keeping-your-passwords-secure_b_3384533.html


16/20

16

Chapter 6: Anti-malware technologies

Anti-malware technologies used today

Hundreds of thousands of unique malware samplesappear every day. This explosive growth in recent yearshas made it ever more important to block threatsproactively signatures alone are no longer enough.

Some of the main anti-malware technologies used todayare outlined below.

Heuristic analysis

This is used to detect new, unknown threats. It includesthe use of a signature that identies known malicious

instructions, rather than a specic piece of malware.

It also refers to the use of a sandbox (a secure virtualenvironment created in memory) to examine how thecode will behave when it is executed on the realcomputer.

Vulnerability scanning and patch managementSince cybercriminals make extensive use of vulnerabilitiesin applications, it makes sense to be able to identify thoseapplications on a system that are vulnerable to attack,allowing businesses or individuals to take remedial actionwith patch management. Some solutions also includea real time scan of a computer, to block the use ofzero-day vulnerabilities.

Signatures

Traditionally, a characteristic sequence of bytes used toidentify a particular piece of malware. But anti-malwaresolutions today make extensive use of generic signaturesto detect large numbers of malware belonging to the

same malware family.

Behavioral analysis

This involves monitoring the system in real time to seehow a piece of code interacts with the computer. Themore sophisticated monitors dont just look at code inisolation, but track its activities across dierent sessions,

as well as looking at how it interacts with other processeson the computer. To protect against cryptors KasperskyLab uses two technologies: System Watcher, which isa part of proactive protection and Application PrivilegeControl, which can restrict an applications rights.For example it can prohibit applications from makingchanges to systems les.

Whitelisting

Historically, anti-malware solutions have been basedon identifying code that is known to be malicious,i.e. blacklisting programs. Whitelisting and Default Denytakes the opposite approach, blocking it if it is not in thelist of acceptable programs.


17/20

17

Reputation services

These days, many solutions make extensive use of acloud-based infrastructure, allowing near real-timeprotection from a newly-discovered threat.

In simple terms, metadata about any program runon a protected computer is uploaded to the vendorscloud-based computers, where its overall reputationis assessed i.e. is it known-good, known-bad, anunknown quantity, how often has it been seen, wherehas it been seen, etc. The system operates like a globalneighborhood watch, monitoring what is being run oncomputers around the world and providing protectionto every protected computer if something maliciousis detected.

Kaspersky Security NetworkKaspersky Security Network (KSN), is Kaspersky Labs

cloud-assisted service. It provides additional valueto customers, even protecting them even from, asyet, unknown threats by constantly monitoring thereputation of executed applications and accessed URLs.If the le reputation suddenly changes from good

to bad, KSN customers are informed within minutesand their corporate assets are immediately protectedagainst them.

Evolved malware requires an evolved solution the riseof integrated platforms

Malware continues to grow in volume and in

sophistication. So for businesses today, there aremore and more attack vectors to contend with.

In particular, keeping up with and controlling web usage,increasingly mobile employees (and data) and updatingan increasingly complex array of applications, mean thatthe average under-resourced IT team often has to makecompromises in its IT security.

As the environment gets more complex, the solution canbe to add new technologies to manage and protect thevarious risk areas but that increases the IT teamsworkload, cost and even risk.

This new threat landscape has led to the rst ever

truly integrated single security platform, developedby Kaspersky Lab. This platform is the best way to bringevery technology area together all viewed, managedand protected in one single management console.

A GReAT tip: Use proactive technology

Deploy anti-malware solutions that bring together dierent technologies to

block known, unknown and advanced threats in real-time, rather than relyingon signature-based protection alone.


18/20

18

The GReAT Team

The expert insight in this report is provided by KasperskyLabs Global Research and Analysis Team (GReAT).Since 2008 GReAT has been leading the way in anti-threat intelligence, research and innovation within

Kaspersky Lab and externally.

Why Kaspersky?

Kaspersky Lab is one of the fastest-growing IT securityvendors worldwide and is rmly positioned as a top-four global security company. Operating in almost200 countries and territories worldwide, we provideprotection for over 400 million users and over 270,000corporate clients from small and medium-sizedbusinesses to large governmental and commercial

organizations.

* Notes: According to summary results of

independent tests in 2014 for corporate, consumer

and mobile products.

In 2014 Kaspersky Lab products participated in 93independent tests and reviews. Our products were

awarded 51 rsts and received 66 top-three nishes.5

100%

Kaspersky Lab

1st places 51Participation in 93

tests/reviewsTOP 3 = 71%

0%4020

20%

40%

60%

80%

60

Threat Track (VIPRE)

Kingsoft

Bullguard

AhnLab

Qihoo 360

G DATA

Tencent

Panda Security

Sophos

Microsoft

Avira

Bitdefender

ESET

Symantec

F-Secure

AVGAvast

Intel Security (McAfee)

Trend Micro

80 100

Scoreof

TOP3places

No. of independent tests/reviews

Summary includes tests conducted by the following

independent test labs and magazines: Test labs:

AV-Comparatives, AV-Test, Dennis Technology Labs,

MRG Etas, NSS Labs, PC Security Labs, VirusBulletin.The size of the bubble reects the number of 1st

places achieved.

Our advanced, integrated security solutions givebusinesses an unparalleled ability to control application,web and device usage: you set the rules and our solutionshelp manage them. Kaspersky Endpoint Security forBusiness is specically designed to combat and block

todays most advanced persistent threats. Deployedin conjunction with Kaspersky Security Center, it gives

security teams the administrative visibility and controlthey need whatever threats they face.

GReAT has been at the forefront of analysing someof the worlds most sophisticated threats, includingStuxnet, Duqu, Flame, Red October, NetTraveler,Careto, Equation, Carbanak and Duqu 2.0. In 2013,

GReAT won Information Security Team of the Yearat the SC Awards.

5: http://www.kaspersky.com/TOP3/
http://www.kaspersky.com/TOP3/http://www.kaspersky.com/TOP3/


19/20

19

10 Top tips for creating security awarenessin your organization

Creating awareness in your business about the importance of IT security can be dicult, so weve put together tentips to help make communicating the issues of security to your business a little easier.

1Address your audience correctlyAvoid calling anyone users its impersonal and can leave your audience feeling a littledisassociated from what youre saying. Use employee, colleague or person instead.

2Use the right tone of voice

An approachable and friendly tone will help you communicate to your audience more eectively,

ensuring you can educate your colleagues on what they can each do to protect the business.

3Get support from the HR and legal teams

Where necessary, they can put real policies in place and provide support if it breaches are made.

4Keep colleagues informed

Consider the timing and frequency of your IT security inductions and briengs. Ensure they are

regular and memorable.

5Use your imagination

There are lots of ways to make information more engaging. The more creative and interesting,the greater the chances it will be read. Try comic strips, posters and quizzes.

6Review your efforts

Has your information sunk in? Test your colleagues and see what they have remembered andwhat they have forgotten. A quiz on the top ve IT security issues is a good place to start.

7Make it personal

Tapping into your colleagues self-interests will help them gain a better understanding of theimportance and context of IT security. For example, discuss how security breaches might aect

their mobile devices.

8Avoid jargon

Most people will not have the same depth of knowledge as you, so make sure you explaineverything in a way that is easy to understand.

9Encourage an open dialogue

Ensure people understand the consequences of a security breach; and the importance of keepingyou informed. Some may fear they will be disciplined if they have clicked on a phishing email andas a result avoid notifying the correct people.

10Consult the marketing teamWhen it comes to internal communications within your organization, they are the experts so ask for their help on how to best engage your colleagues.


20/20

Discover how our premiumsecurity can protect yourbusiness from malwareand cybercrime with ano-obligation trial.

Visit kaspersky.com/trialstoday to download full productversions and evaluate howsuccessfully they protect yourIT infrastructure, endpoints andcondential business data.

ABOUT KASPERSKY LABKaspersky Lab is one of the worlds fastest-growing cybersecurity

companies and the largest that is privately-owned. The companyis ranked among the worlds top four vendors of IT securitysolutions (IDC, 2014). Since 1997, Kaspersky Lab has been aninnovator in cybersecurity and provides eective digital security

solutions and threat intelligence for large enterprises, SMBs andconsumers. Kaspersky Lab is an international company, operatingin almost 200 countries and territories across the globe, providingprotection for over 400 million users worldwide.

JOIN THE CONVERSATION#SecureBiz

Watch us onYouTube

Join us onThreatpost

View us onSecurelist

Like us onFacebook

Reviewour blog

Follow us onTwitter

Join us onLinkedIn

View us onSlideShare

kaspersky.com/business#SecureBiz

GET STARTED NOWFREE 30 DAY TRIAL

GET YOUR FREE TRIAL NOW
http://www.kaspersky.com/trials#tab=tab-3http://bit.ly/1F0nnxahttp://bit.ly/193poxq%20http://bit.ly/193poxq%20https://threatpost.com/https://threatpost.com/https://securelist.com/https://securelist.com/http://ow.ly/K9E1Hhttp://ow.ly/K9E1Hhttp://ow.ly/K9EOlhttp://ow.ly/K9EOlhttp://ow.ly/K9Efthttp://ow.ly/K9Efthttp://ow.ly/K9EaIhttp://ow.ly/K9EaIhttp://ow.ly/BQTsehttp://ow.ly/BQTsehttp://www.kaspersky.com/businesshttp://bit.ly/1F0nnxahttp://www.kaspersky.com/trials#tab=tab-3http://www.kaspersky.com/trials#tab=tab-3http://bit.ly/1F0nnxahttp://www.kaspersky.com/businesshttp://ow.ly/BQTsehttp://ow.ly/K9EaIhttp://ow.ly/K9Efthttp://ow.ly/K9EOlhttp://ow.ly/K9E1Hhttps://securelist.com/https://threatpost.com/http://bit.ly/193poxq%20http://bit.ly/1F0nnxahttp://www.kaspersky.com/trials#tab=tab-3

Navigating the Threat Landscape - A Practical Guide

Documents

Transcript of Navigating the Threat Landscape - A Practical Guide