Lighting Up Zurich with Kaspersky NEXT
On June 27th, NEXT was back in full force, this time in Zurich with its first physical post-pandemic event. Journalists and experts from around the globe convened to explore critical insights into the future of cybersecurity, including AI bots, Darknet discoveries, the Lazarus Group and visit the flagship European Data and Transparency Centre.
Five Years of the Global Transparency Initiative
This year, we celebrated our fifth anniversary of our ground-breaking Global Transparency Initiative, GTI was envisioned to promote cyber-security transparency. GTI’s key goals are to: relocate data to Switzerland’s data centres, open more Transparency Centres worldwide, regular audits as well as vulnerability management. Public Affairs Director, Yuliya Shlychkova, said: “Our commitment to transparency is resonating with organizations worldwide, highlighting [our] visionary approach.”
Additionally Yuliya said that starting from July 2023, we have has decided to share all on-premise solutions’ source code with enterprise customers and partners at its centres, making transparency more than just a buzzword.
Victim Discovery: Navigating the Darknet Maze
Moving on from our transparency initiative, the first projects unveiled at NEXT was the ‘Victim Discovery’ initiative. This was headed by Yuliya Novikova, head of our Digital Footprint Intelligence Team.
The idea was simple: throughout 2022, the initiative tracked dark-web posts which hinted at dangerous activities, such as illegal access to company databases or infrastructure compromises. As a result of this, the team managed to flag a staggering 258 global companies, alerting them about serious incidents. But what came as a surprise was the reactions of the alerted companies. More than a third had no contact point for such incidents, and an alarming 28 percent appeared indifferent or in denial. However, some responded proactively — 22 percent confronted the risks, and 5 percent were already aware of the breach.
https://twitter.com/kaspersky/status/1673681846134030337
Yuliya said that “While the reactions to our notifications were mixed, with only a third responding adequately, we believe Darkweb monitoring has proved to be an essential tool for cybersecurity professionals. It enables us to promptly respond to and prevent potential data breaches.”
Unravelling the Dark Threads: The Tale of Andariel and EarlyRat
Following Yuliya, Jornt van der Wiel from our Global Response & Analysis Team (GReAT) made a ground-breaking discovery: the team unveiled new findings on Andariel, a notorious subgroup of the infamous Lazarus, and unearthed a previously unknown malware menace named EarlyRat.
https://twitter.com/kaspersky/status/1673692089383526405
Andariel has been wreaking havoc for over a decade, employing a Log4j exploit to initiate infections, which then download additional malware. In an interesting twist, it was found that the commands were manually executed by a human operator — a seemingly inexperienced one, given the number of typos and mistakes made. Moving on, the team’s investigation brought EarlyRat to light. Like other Remote Access Trojans, it collects system information and sends it to its command-and-control server. Despite its simplicity, it bears an uncanny resemblance to MagicRat, another malware previously used by Lazarus.
Jornt Van der Wiel reflects on their findings, saying, “In the vast and complex world of cybercrime, groups often adopt code from others, shifting between different types of malware. Our concentrated efforts on uncovering tactics and techniques have significantly reduced attribution time and enabled us to detect potential attacks at their early stages.”
The Rise of AI Bots: A Boon or Bane for Cybersecurity?
To wrap up, Maher Yamout, a renowned security researcher from Global Response & Analysis Team looked at Artificial Intelligence and the cyber-security industry, including discussions around threat detection, errors and jobs.
AI bots, with their swift data processing abilities, are creating waves in cybersecurity, but would we want them safeguarding our digital lives? Yamout discussed this in great detail, and looked at some of the benefits A.I brings, such as vulnerability detection and error reductions, and weighed them against some of the things that A.I (currently) cannot do, such as human judgement. A.
The inevitable discussion around job losses was a concern, although replacing human decision makers and problem solvers in cyber0security remains a moot point, as currently there’s little chance that A.I will replace humans for many security roles.
https://twitter.com/kaspersky/status/1673698779411693570
Ultimately, Yamout’s message was clear: whilst AI’s role in cybersecurity is growing, it’s crucial to navigate this path with caution, balancing potential benefits against possible risks.
Final Thoughts: Looking Forward to the Future
As we draw the curtains on this edition of NEXT, it’s time to reflect on the event’s incredible comeback. It was nothing short of a grand celebration, especially as it marked the fifth anniversary of our Global Transparency Initiative (GTI).
From the mysteries of the Darknet to the workings of the Lazarus group, to the potential of AI bots, the conference brought together some of the brightest minds in security, industry, and technology, providing a platform for insightful discourse on the latest research and future possibilities and explored an array of exciting topics.
It promised a future where digital safety becomes a norm, transparency is standard, and security measures are robust.
Stay safe and stay tuned!