Tag: Kaspersky Lab

Kaspersky Lab Labeled ‘a Threat to National Security’

The Federal Communications Commission (FCC) has labeled Kaspersky Lab “a threat to national security,” a first for a Russian firm.

Kaspersky Lab is a popular provider of antivirus software and other cybersecurity software. The company is often on the front lines of identifying and combating viruses, trojans, ransomware, and other malware. The company is also based in Moscow, and therefore subject to Russian law and governance.

That last point has helped land the company on the FCC’s Covered List, a list of entities “that have been deemed a threat to national security.” Chinese firms China Telecom and China Mobile International USA Inc, were also added at the same time.

“Last year, for the first time, the FCC published a list of communications equipment and services that pose an unacceptable risk to national security, and we have been working closely with our national security partners to review and update this list,” said Chairwoman Jessica Rosenworcel. “Today’s action is the latest in the FCC’s ongoing efforts, as part of the greater whole-of-government approach, to strengthen America’s communications networks against national security threats, including examining the foreign ownership of telecommunications companies providing service in the United States and revoking the authorization to operate where necessary. Our work in this area continues.”

The news was met with support from the agency’s other commissioners, including Commissioner Brendan Carr.

“The FCC’s decision to add these three entities to our Covered List is welcome news,” wrote Carr. The FCC plays a critical role in securing our nation’s communications networks, and keeping our Covered List up to date is an important tool we have at our disposal to do just that. In particular, I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold necessary to add these entities to our list. Their addition, as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state backed entities seeking to engage in espionage and otherwise harm America’s interests.

“I applaud Chairwoman Rosenworcel for working closely with our partners in the Executive Branch on these updates. As we continue our work to secure America’s communications networks, I am confident that we will have more entities to add to our Covered List.”

March 29, 2022
Advanced Malware Has Been Infiltrating Google Play Store For Years

A new report has found that hackers have been loading advanced Android malware onto the Google Play Store for years.

Kaspersky Lab was first alerted to the issue in July 2019, prompting them to investigate. What they found was a variety of malware that, rather than trying to display ads or steal the victim’s money, worked to create a backdoor on infected devices that could be exploited with custom malware payloads.

The malware apps used a variety of sophisticated techniques to bypass Google’s approval process, including what essentially amounts to a bait-and-switch. The apps would often install with little to no permissions required, only to gain the necessary permissions later. In other cases, the apps would install a benign version, and then create the backdoor at a later date. Once a phone was infected with a malicious version, hackers then had an access point that provided a wealth of information.

“Functionality of all samples are similar – the main purpose of spyware was to gather sensitive information,” writes Alexey Firsh and Lev Pikman. “While the basic functionality was not very broad, and included geolocation, call logs, contact access and SMS access, the application could also gather a list of installed applications, as well as device information, such as model and OS version. Furthermore, the threat actor was able to download and execute various malicious payloads, thus, adapting the payload that would be suitable to the specific device environment, such as Android version and installed apps. This way the actor is able to avoid overloading the application with unnecessary features and at the same time gather information needed.”

This is a particularly disturbing discovery and, hopefully, Google will be quick about resolving their vetting process issues to ensure this kind of malware does not continue appearing on the Google Play Store.

April 30, 2020
Is Apple’s Security Reputation Diminishing?

When Eugene Kaspersky, the CEO and co-founder of security firm Kaspersky Lab, made the statement that Apple was “10 years behind Microsoft in terms of security,” a lot of heads turned. Apple has long been touted as the leader in security and has publicly poked fun at Microsoft for its security flaws as demonstrated in below ad that targets Vista specifically:

When Kaspersky made his bold statement at the Infosecurity Europe 2012 conference, he was referring to the Flashback family of malware that has recently been detected in thousands of Mac computers. The notorious Flashfake Trojan, which is one element of this family, is credited with helping infect nearly 700,000 Macs with the malicious program.

Are the tables really turning with Apple and Microsoft regarding security? Is Apple becoming more vulnerable than Microsoft? What do you think?

Aside from Kaspersky Lab, numerous security firms, including Sophos and F-Secure, have reported on the recent outbreak of malware on Macs. The consensus from the firms is that Apple’s reputation of being exempt from security threats is no longer true.

However, does this mean that Microsoft is more secure than Apple? Kurt Baumgartner, a senior researcher at Kaspersky Lab, told us that Apple’s security response pales in comparison to Microsoft’s.

“The efforts that Microsoft has done as far as creating a map program and creating a vulnerability-patching program and rolling their response out quickly and efficiently… Apple just hasn’t done that,” he said.

“The Apple name or the reputation of being a completely clean system [and] that there are no viruses for Apple just isn’t true,” he added.

According to Baumgartner, Java is the “thorn” in Apple’s side. He said that vulnerabilities in Java software played a big role in the large spread of the Flashfake Trojan.

Microsoft, undoubtedly, has had its share of security problems, but it recognized its issues and made adjustments. It outsources its security to Oracle, which means that when a Java vulnerability is identified, the problem can be fixed immediately.

Apple, on the other hand, maintains its own patching schedule. As a result, Baumgartner told us that vulnerabilities could exist for months at a time before they are addressed.

“A vulnerability can exist for quite some time, and they [Apple] are just not up to snuff like the Microsoft security response team,” he said.

“With a turnaround cycle of months to patch certain vulnerabilities,” Baumgartner continued, “that just really isn’t acceptable in this day and age. I suppose you could spread the blame, but if security and your customer’s security is a priority, that’s something that needs to come first.”

Baumgartner went on to say that Apple is making improvements to its security but that it would take time for the issues to be completely resolved. He would like to see Apple follow Microsoft’s example and entrust third-party software systems with its security.

In the meantime, Baumgartner advises Apple customers to de-install Java unless they need it, since it seems to the root of many of the issues. In addition, he said they should reach out to their Apple representatives and demand better security.

Incidentally, just this week, news came out that Apple’s latest update to OS X Lion exposed passwords. Furthermore, the technology giant released iOS version 5.1.1, which reportedly fixes multiple bugs for both the iPhone and the iPad.

Going forward, who do you trust more for security: Apple or Microsoft? Please share your thoughts.

May 8, 2012