IGuRu.gr spoke to Vitaly Kamluk, Principal Security Researcher of Kaspersky Lab. The aim of the interview is to give our readers a map of online security in Greece. Mr. Vitaly Kamluk in addition to an extensive description with data about the internet security landscape in Greece, will give you very interesting tips for your personal safety.
1) iGuRu.gr Are there registered attacks from Kaspersky Lab in Greece?
Digital malicious code attacks are a global phenomenon and are usually conducted using the same methods. The most dangerous and at the same time the most common attack operator is the so-called "drive-by download", which exploits vulnerabilities in their browsers and plug-ins, in order to place malicious software on the victim's computer without the user and without being visible to him. Attacks of this kind account for more than 68% of all malicious attacks in Greece. In the first quarter of 2014, Greece was ranked 18 in the world ranking with the countries most at risk of malware. At 30,65%, our Greek clients participating in our cloud network (Kaspersky Security Network) have experienced at least one malware attack attempt.
Few types of attacks are adapted to country-specific data. For example, there are malware attacks targeting online banking, as the attack method needs to be adapted to specific bank sites and the corresponding transaction authorization procedures.
In addition, in the first half of 2014, the number of phishing attacks that were used by search engines and e-mail services reached its highest levels by touching 44,47%. These portals are very popular among phishers as they offer instant access to all services, especially mail services.
The category "online financial transactions" was in second place with 25%. It concerns phishing attacks using payment systems (8,56%), and attacks against banks and e-shops. Social networks and blogs are another popular target among phishers in Greece (21,24%), while online games are not a common phishing target, receiving just 5% of attacks.
The following table lists the phishing services / companies in Greece in the first half of 2014. The relative percentages are based on data from Kaspersky Lab's anti-phishing tools, which detect all the phishing links that users attempted to follow (whether they were included in a spam e-mail or were on the Internet).
2) iGuRu.gr: What do you think about Internet security and infrastructure (Government and corporate mechanisms) in Greece?
Windows XP remains a very popular operating system in Greece. The fact that Microsoft has terminated support for this operating system will affect both businesses and government agencies.
In many cases, IT departments do not have the necessary budget for upgrading hardware. Therefore, companies and government agencies should continue to use an operating system that is already 13 years old and no longer receives security updates.
3) iGuRu.gr: Can we safely say that there is security on the Internet?
Most people believe that the Internet is generally a fairly secure platform. We use the Internet for very personal issues like dating, shopping, communication, financial management, etc. The problem with the Internet is that when something goes wrong, the situation can get very nasty, very fast. One big problem is that the Internet is extremely fragmented. Some online resources have extremely high levels of security and very strong infrastructure, while others have been forgotten and remain extremely vulnerable. There are also sites that we think are very safe and powerful, but they tend to become vulnerable because of the excessive number of interdependencies between systems. It is impossible to protect every part of our information systems.
When using the Internet, we must bear in mind that the worst can happen and that we need to be properly prepared. The problem is that we also use some resources outside the Internet world we trust, such as medical systems, government agencies, etc., who also use the Internet. So when a serious incident occurs - such as Heartbleed vulnerability, eBay hacking, etc. - the impact is enormous.
I can give you some basic tips that can help a user stay safe:
1. When sending personal information or confidential information to someone, make sure that the person is actually the one who claims to be.
2. Be suspicious with spam suggestions. Do not believe in an unexpected victory or offer you goods or medicines for free.
3. Do not follow links found in messages from unknown senders.
4. Check the authenticity of the URL when importing personal data. Be careful and check whether website addresses contain additional letters or symbols, as it is one of the favorite tricks of scammers targeting careless users.
5. When typing passwords, use only secure https links (an extended http protocol that supports encryption).
6. Limit the volume of your personal information with public access.
7. Only use complex passwords. Use different passwords for different accounts and services. Using just one simple password for e-mail and social networking accounts, it's like using a small key to lock the main entrance of your home. In order not to hurt yourself in trying to remember so many codes, you can use solutions such as Kaspersky Password Manager, a security system that remembers and keeps passwords.
8. Create two e-mail accounts, a strictly private (you will not use in public sources) for your personal messages and a "public" for chats, forums,
9. Use only legitimate software (or open source software from secure sources) as this can guarantee the steady performance of your computer and keep your data secure.
10. Keep your software up to date. Also uninstall programs that you no longer use
11. Use complex file / mail / web anti-virus and firewall software with updated anti-virus bases. Be suspicious of the files you have downloaded from the network. Before opening a file, check if it contains viruses.
4) iGuRu.gr: How does Kaspersky Lab secure the personal and sensitive data of a single user and a company?
Consumers using smartphones, PCs and tablets should take the necessary steps to ensure that all their devices are protected by a comprehensive security software, such as Kaspersky Internet Security - Multi-Device. Installing an effective solution can give the user the protection he needs to avoid any "contamination" of digital threats, especially if he uses devices for online payments, visits to social networks, and other activities related to personal information.
To limit existing and emerging risks, companies must have an effective and easy-to-use security solution like Kaspersky Endpoint Security for Business, which covers all possible risks for the entire range of their information systems and applications. They must also have adequate security policies in place that employees can understand and follow.
Kaspersky Lab has a broad portfolio of solutions for home users and businesses that can help make the Internet a safer place.
6) iGuRu.gr: What is your opinion on "in a little while there will be no anti-virus"?
Eugene Kaspersky, Managing Director and President of Kaspersky Lab, has given an excellent answer to this question. Specifically, he said: "In recent years, I have heard several times that antivirus solutions are considered dead. Still, they are still here with us - and they remain alive. I totally agree that one-level solutions that simply detect signature-based viruses do not even reach levels of protection that are considered adequate - neither for individual users nor for small or large businesses. This has been a reality for many years. Today, security is a combination of a variety of technologies - heuristic, sandboxing, cloud protection, etc. - which are key elements for any quality security solution, beyond classical and proven signature-based signature detection tools. "
7) iGuRu.gr: After Snowden leaks, Kaspersky Lab has taken additional measures to protect the consumer?
Regarding their technical aspects, the information disclosed does not affect our daily work. Kaspersky Lab experts in the Research and Development department, as well as in the Global Research and Analysis Group, constantly monitor and analyze the severity and extent of existing and emerging digital threats. For example, with research of our experts, we were able to uncover sophisticated campaigns such as Flame, Stuxnet, Mask, etc. This leading threat intelligence is built into our portfolio of award-winning products, as we are committed to providing security to our customers, regardless of the origin of the threat source. We are constantly improving the functionality of our products and launching our new products according to the design we have drawn. It is worth mentioning that based on our plans, we will soon present the new generation of our Kaspersky Internet Security consumer solution.
8) iGuRu.gr: 2014 in Greece has seen an increase in domestic online shopping. What risks are there in an online marketplace and how can your company help?
With online shopping we can save a lot of time and make our lives easier. Based on research (PDF) online shopping is the most popular activity, as 87% of respondents in Europe use these services. However, the same technologies also make the lives of online criminals easier, offering new and easy ways to steal users' money. Using stolen payment data is an effective and popular way to make a quick profit. Although banks try to protect their customers, attacks against individual users remain quite common. Hacking a bank takes more time, is more expensive and involves more risk for fraudsters. In contrast, many individual users use computers with various vulnerabilities, which makes it easier to break them. By stealing a relatively small amount from any breached online bank account, a digital criminal is less likely to be detected.
There are several risks people need to know when shopping online. Specifically:
• Banking Trojans who can attack devices and collect payment information. Some of them can even carry out financial transactions on behalf of users.
• Phishing, or creating fake copies of websites to obtain confidential user data, is a common digital threat. The main purpose of phishing is to convince victims that they are visiting an authentic site and not a fake one. It can be the website of an online store or a bank. These efforts are often crowned with success. Thus, phishing campaigns are used both as a tool for extracting information and as part of a complex attack that lures users to a page, from where malware is "downloaded" to their devices.
In addition to the basic security advices we mentioned earlier, when we need to make a purchase, we advise users to use online security solutions that can be in front of developments in the area of "digital crime" and detect attempts to intercept sensitive data of users before their financial figures fall into the wrong hands.
This is the principle that characterizes the technologies embedded in Kaspersky Internet Security - Multi-Device 2014, an integrated security solution for devices running Windows, OS X, and Android operating systems.
Windows PCs are targeted more often than devices running other operating systems. That's why Kaspersky Lab's solution includes the Safe Money feature for PC. This is a high-level technology, which has been developed to protect customers' online financial transactions. This technology combines an impressive range of capabilities such as:
• Automatic verification of security certificates for bank sites or electronic payments
• The scanning feature for instant detection of any vulnerability in client computers that could make them vulnerable to an attack
• Two-level security for data entry - Secure Keyboard and Virtual Keyboard - which ensure that passwords and credit card details can be typed without the fear of being intercepted.
Kaspersky Internet Security - Multi-Device 2014 integrates preventive security technologies to address the underlying problem - which is nothing but financial scams. At the same time, it multiplies the benefits of online payments.
9) iGuRu.gr: Does Kaspersky intend to offer future protection on Content Management Platforms (CMS)?
According to our experts, the percentage of malicious code entering web pages through CMS platforms, such as Joomla, WordPress and Drupal, is particularly small, especially when compared to other known and emerging digital threats. Regarding the protection of web content, it is better to cover not only several different CMS platforms but to check all files and folders at system level, regardless of the CMS platform. Kaspersky Lab portfolio includes appropriate security solutions for Microsoft Windows, Microsoft Windows Server Enterprise Edition, and Linux environments. For collaborative tools such as Microsoft SharePoint, Kaspersky Lab offers the Safe Collaboration feature as part of the Kaspersky Endpoint Security for Business suite. And of course, regular CMS platform software update is required to ensure that your operating system and installed CMS platform are up to date and properly protected against known vulnerabilities.
10) iGuRu.gr: Why Kaspersky?
In today's digital security solutions market, it is difficult to talk about uniqueness in functionality. Differentiation is more about the different technological approaches used by solution providers in their products.
There are certain things that make Kaspersky Lab special. First of all, we create all our products ourselves, because we have the vision and ability to do so. Compared to some of its competitors, Kaspersky Lab rarely buys solutions from third parties to integrate into its software. This provides much greater integrity to our forces and ensures easier management of security solutions.
Second, we already provide technologies that independent organizations (such as Gartner and Forrester) recognize that they represent future trends in information security. We also pursue a "zero-pass" policy supported by one of the best whitelists of the market, which - based on independent testing - includes 97% of enterprise software solutions and 96% of consumer software. This is a very big step in the development of protection against threats that exploit vulnerabilities that are not already known (zero-day threats). Based on this policy, only software solutions included in the whitelist, which is maintained daily, can run on the devices. This means that no new malware will be able to "run" on a protected computer. We anticipated the success of this technology several years before many of our competitors are starting to realize it.
Both consumer and corporate solutions of Kaspersky Lab are firmly among the top in their areas. They are superior to alternatives to several features, as evidenced by tests carried out by independent laboratories (AV-Comparatives, AV-Test, etc.).
Based on the statistics we have collected from the most authoritative testing organizations, Kaspersky Lab ranks first in the ranking with the top three security solution companies. This ranking is based on whether the solutions consistently performed well in independent tests throughout 2013. Kaspersky Lab solutions took first place in 41 out of a total of 79 tests, while in 20 they came in second or third place. Kaspersky Lab was in the top three positions far more times than its competitors. More relevant information can be found here link..
Thank you very much. Vitaly Kamluk, for his very interesting replies, and more generally Kaspersky Lab for her work. We also thank our partner Mr. Constantinos Memos for his valuable help.
One Comment
Leave a Reply