Eugene Kaspersky is one of the few cyber warriors to still run a company that bears his name. Long gone are pioneers and competitors like Peter Norton, John McAfee et al.
I like that this man is the head of an independent and, for all intents, prospering company and that he is prepared to express opinions, largely unshackled by hordes of PR and PC people. With his schoolboy charm, smile, and thick Russian accent, he can get away with saying things others can't.
At a press conference following the CeBIT keynote, he fielded a variety of questions – many way too complex to be addressed in the 30 minutes allocated. I would love to spend some time deep diving into his, and his Labs cyber security knowledge.
I don’t intend to report verbatim all the questions in depth because they flew fast and furious to give as many journalists the nod.
{loadposition ray}Asha McLean of ZDNet asked what Australian organisations could have done to prevent WannaCry’s onslaught. Kaspersky responded that "To prevent these types of attacks for small businesses, it's much easier than for enterprises. They just have to have their updated systems, they have to have their back-ups, and they have to have security solutions – and that's good enough."
What Kaspersky did not say was that the vast majority of WannaCry infections had been on Windows 7 machines (that still have 48.5% of the desktop market), although XP was affected (7.04% of the desktop market). His own Costin Raiu, the director of global research and analysis at Kaspersky, tweeted that the number of machines running Windows XP was "insignificant" and Windows 7 x64 was the most infected version of the operating system.
But Kaspersky did leave himself an out. “But when it comes to larger enterprises, it is far more complicated than that, pointing to a number of legacy systems often found in the wild. Machines running on Windows XP, mostly. Trying to replace the old systems, you have budgets, downtime, and many other things, but at the same time there are many systems that are certified to Windows XP, so they can't change it – they can't update the certificates. I do understand the complexity of that.”
The bottomline is that Windows 10 as a software as a service was not affected and Microsoft has issued patches for Windows 7. And let’s not forget that Windows XP was launched in October 2001 and Windows 7 was launched in October 2009. How long has Microsoft got to support these legacy OS written well before the Internet/email was such a threat vector?
The rise of ransomware was discussed. “The rise of ransomware is directly linked to the rise in the value of bitcoins. Whereas it used to be a few hundred dollars a single bitcoin has a value of A$3070.36 today. Bad Guys do the same work, use the same formula to get one bitcoin – ten times the return!”
On hackers — cyber criminals' — motivation: “There are only two now – money or political.” Anastasia Para Rae, Kaspersky’s new general manager for Australia and New Zealand, replacing Peter Brady who left earlier in the month, said, “Infrastructure attacks in Australia are gaining momentum. Yes, it appears to be largely state (political) sponsored. These attacks are more probing to access defences and offensive responses.”
iTWire had a chance to get a question in, “In 2015 I heard you speak to the Sydney Chamber of Commerce where you said that mobile was the new attack vector with stats showing 97% of users did mobile banking or some other activity that revealed passwords. You said, “I don’t own a smartphone,” referring to an old Sony Ericcson cell phone (that he has several in reserve). What do you use today?
He sheepishly grinned and pulled out another Sony Ericson saying, “I have one left in reserve”. He is a prime target for hackers so a dumb phone was the only way to stay safe. Besides he was surrounded by people with smartphones who could take the risks. The only way to stay safe is to be not connected to the internet.”
“I don’t know if I could ever use Android or iOS and feel safe. Perhaps we will have to develop our own safe OS,” he grinned.
