"Russian software engineers are the best. Not my words. Condoleezza Rice told me that," said cybersecurity expert, Eugene Kaspersky, at the 2015 ACFE Fraud Conference Europe. "I said, ‘I 100 percent agree with you!' So Russian software engineers are the best, but at the same time Russian criminals, ah, it's the other side of the coin."
Kaspersky, CEO and co-founder of Kaspersky Lab Russia, began his career in cybersecurity accidentally when his computer became infected with the "Cascade" virus in 1989. Kaspersky's specialized education in cryptography helped him analyze the encrypted virus, understand its behavior and then develop a removal tool for it.
After successfully removing the virus, Kaspersky's curiosity and passion for computer technology drove him to begin analyzing more malicious programs and developing disinfection modules for them. This exotic collection of anti-virus modules would eventually become the foundation for Kaspersky Lab's anti-virus database. Today the database is one of the most comprehensive and complete collections in cybersecurity — detecting and preventing systems from being infected by more than 100 million malicious programs.
Kaspersky, a world-renowned cybersecurity expert and successful entrepreneur, spoke with attendees March 23, 2015, at the ACFE Conference in London about the cyber landscape today and what needs to be done to thwart cybercriminals' attacks. He'll be joining the ACFE again to speak at the 2017 ACFE Fraud Conference Middle East, January 29-31 in Dubai.
The following is a small glimpse of what he shared with attendees in 2015.
Kaspersky said the crooks who operate criminal-to-consumer schemes are a main source of financial fraud as they infect millions of computers around the world. Most of them speak several different languages and can be found in any country. They are getting stronger and are attacking increasingly more consumers, he said.
Additionally, these criminals are rapidly exploiting mobile spaces because few consumers seemed to be concerned about the security of their smartphones and tablets. "Five years ago, 10 years ago, we had hundreds of mobile malware attacks a year, and now we collect hundreds of thousands of unique attacks on mobile phones," said Kaspersky.
Kaspersky said criminals mostly go after Android devices, but no operating system is 100 percent safe. iPhones and iPads might be more secure, but they have their own vulnerabilities, and well-educated cybercriminals are beginning to break through these systems.
Kapersky said this is the worst cyberthreat. He explained that cybersaboteurs use professional tools and technologies to kill computer systems, not just to cripple them or steal data. They attack telecommunications, critical financial data and physical infrastructures such as industrial networks (e.g, power grids).
Kaspersky cited the telecommunications attack that caused the 2007 Estonian Internet blackout. Cybercriminals shut down Estonia's state (and some private) websites with "denial of service" attacks by bombarding them with bogus requests for information.
However, Kaspersky fears financial services will become one of the largest victims of cybersabotage. He covered tools and techniques that organizations should use to prevent cyberattack threats:
- Protect critical data using new technologies.
- Only run trusted applications or applications that you download from a trusted updater.
- Invest in system administrators and IT jobs to manage these systems. Secure operating systems will help protect industrial infrastructure.
Kaspersky finished with a call to action: "The systems must be protected so well that the attack has to be more expensive than the possible damage."
He said cybersecurity has improved, but we need to invest more in technologies and products to protect consumers.