Cyberattacks are going to get worse, and such vital civilian infrastructures as electricity, telecommunications and transportation will be a new battleground for cybercrime as nations fail to cooperate effectively to block the threat, Russian cybersecurity expert Eugene Kaspersky warned.
“Before we fix cyberspace, making it inherently safe and immune to attacks, the security situation is likely to get worse with all the myriads of vulnerable devices and systems being developed and produced every day,” the 51-year old CEO of Kaspersky Lab said in an email interview ahead of the opening of his firm’s new offices and R&D center in Jerusalem on Wednesday. “The worst-case scenario is a successful attack on critical infrastructure. I’m afraid the risk of an attack like that remains high.”
Kaspersky’s warning comes amid reports that malicious software dubbed Crash Override or Industroyer was responsible for a 2016 power outage in Ukraine. The two firms that discovered the Crash Override software — ESET, a Slovakian anti-virus software maker, and Dragos Inc, a US critical-infrastructure security firm — warned that the malware could be easily modified to harm critical infrastructure operations around the globe, Reuters reported on Monday. The Ukrainians have pointed the finger at Russia for the 2016 attack, although Moscow has denied any wrongdoing.
“Achieving a very high level of security is possible, but requires serious efforts,” Kaspersky said in comments emailed earlier this week, before the Crash Override discovery was publicized. “Operators of critical infrastructure should be constantly updating their security systems by using cutting-edge threat intelligence and technologies. I would recommend having periodic audits of security.”
The security of these systems should be “a matter of national priority, because their protection is a matter of national security,” he said, adding that “Israel is probably one of the most advanced countries in the world when it comes to building cyber defenses on a national level.”
Kaspersky Lab, a global cybersecurity company set up in 1997, has over 400 million users, of which 270,000 are corporate clients using its services and technologies to protect their businesses and infrastructures.
The firm’s work has come under increased scrutiny from regulators in the US over concern that hackers might seek to use Kaspersky software for the purposes of spying or sabotage, as Russia has been blamed for meddling in the US elections through cyberattacks on the electoral system.
Last month, Dan Coats, the US director of national intelligence, told a US Senate Select Committee that he and his colleagues wouldn’t be comfortable with Kaspersky Lab’s software on their computers, the Boston Globe reported. “We are tracking Kaspersky and their software,” Defense Intelligence Agency director Vincent Stewart told the committee, Reuters reported.
Regarding the arrest “we have zero information about this case,” Kaspersky said in his email response. “It is a classified investigation, and the company is not involved in it. We don’t even know what the charges are about, what exactly this guy is accused of.”
With respect to the US suspicions about his firm’s activities, Kaspersky said the concerns “are simply not grounded in any facts. We’ve been in this business for 20 years, and we’ve always been a responsible player. We are ready to offer our source code for review in the U.S. It’s something we’ve already done with large government contracts in other parts of the world; it’s not a problem for us.”
“We’re working very hard to ensure that our products and services make the lives of hackers much harder, not easier,” he said. “Protecting our customers is our business. And I want it to grow and prosper, which would have been impossible if any of these allegations were true.”
Isn’t an escalation of cyber warfare in the interest of cybersecurity firms? In fact, shares of all of the big cybersecurity firms traded in the US rose sharply in May, as it was discovered that month that WannaCry ransomware infected over 150 countries, hitting more than 200,000 victims.
“Tales about antivirus companies writing viruses are as old as the industry itself,” he said. “When people ask me, ‘how’s business?’ I reply by saying, ‘unfortunately, business is good.’
“It’s true that people wouldn’t need us if there were no malware or cybercrime. But, unfortunately, they do exist. And there are so many security problems in IT systems that the market will continue to grow no matter what.”
Making software development “inherently secure” is one way to fight cybercrime, he said. “We’re actively working on this; we are developing our own secure operating system that could work in the Internet of Things (IoT) or industrial systems. At some point that would mean no security business for us, but I guess it would take at least several decades to reach that point.”
A growing trend in cyber threats is that of highly professional cross-border cybercrime, he said.
“The people behind it are capable of staging Advance Persistent Threat, (APT)-style targeted campaigns to attack their targets, not just randomly distribute ransomware hoping someone will open their malicious attachments. We are already seeing targeted ransomware attacks, and it’s a very big problem.”
And as more devices become connected to the internet and to one another, the opportunities for cybercriminals to monetize their attacks grows, he said.
‘Impossible’ to target cybercrime without cooperation
The problem is compounded by lack of trust between nations.
“We don’t see much trust in international relations today, and I’m afraid that as a result there’s a distinct lack of cooperation between countries,” he said. “Cooperation is absolutely vital to tackle cybercrime. It’s very hard to find the perpetrators of cyberattacks because of the nature of cyberspace. And a lack of international cooperation makes it extremely difficult to do, if not impossible.”
“One thing I hope we don’t see is a real cyberwar between advanced nations,” he added.
The launching of a Future Tech Lab in Jerusalem is a demonstration that the so-called startup nation “is a strategically important country for us. It’s not just a new office for us; it’s about R&D, the heart of the company,” he said.
“Israel lives in a very complex environment, so in terms of cyberattacks it should be wary of all possible threats that are out there. Once again, I would place an emphasis on protecting critical infrastructure, and Israel is very advanced in this regard. However, the nature of modern IT means that it is so much easier to attack a target than to protect it,” he said. “I think Israel is probably the best protected country in the world today. But given the scale of threats and challenges it faces, it’s not in a position to be complacent.”
The new Future Tech Lab, which aims to employ 24 people by the end of the year, “will provide another hub to continue the ongoing global fight against cybercrime and provide customers and partners with the knowledge they need to anticipate the dangers that lie ahead,” said Noam Froimovici, general manager, Kaspersky Lab Israel.
Its employees will work jointly with local university researchers and with colleagues in other Kaspersky Lab hubs. The center will also serve as an accelerator for startups that will have access to data gathered by Kaspersky, the company said at the Jerusalem launch on Wednesday.
Kaspersky has similar labs in Russia, the US, the UK, Ireland and China, but the focus in Israel will be on protecting Internet of Things and industrial control systems.