Quick Thoughts regarding the Kaspersky Labs Intrusion

Kaspersky Labs has revealed this week that their corporate network was subject to a sophisticated cyber-intrusion that leveraged a new malware platform. Their investigation is ongoing, and they have found the malware to have been used against other victims as well. So while I am sure there are more details that they will reveal, I did have some instant reactions that I couldn’t fit into a tweet, so decided to gather them here:

• Even organizations with the best security teams and infrastructure in place are vulnerable. Our attackers are persistent, and crafty.
• But that doesn’t mean there’s no point. If anything, it means making security and identity management a priority from a budget and implementation perspective, and don’t do what the Fed Government apparently did (discovered in the wake of the OPM breach)
• It is vigilance that led Kaspersky Labs to detect this completely new malware intrusion (which seems to be pretty good at covering up its tracks). Lack of vigilance is why most organizations don’t find out they’ve been breached for months or years (on average 264 days, according to the IBM Cyber Security Index). In some cases until a security vendor comes in to do a demo and discovers a long standing breach (oops!).
• The ever changing, ever evolving nature of the malware used in this attack, and the fact that these intrusions on the corporate network were launched from non corporate venues further reinforces the need for us to build the security technologies and innovations that help create the Self-Defending Enterprise that I just presented at the Cloud Identity Summit (will post the talk soon).
• There is no better illustration of why the government asking for backdoors in crypto and services is a stupid idea. The attackers weren’t after money or PII. The attackers “were especially interested in the details of product innovations including Kaspersky Lab’s Secure Operating System, Kaspersky Fraud Prevention, Kaspersky Security Network and Anti-APT solutions and services“. Asking companies to build in backdoors that only the government will be able to use will inevitably mean that you have backdoors that the government, terrorists, nation-state sponsored hackers and professional cybercriminals will be able to use to attack using a zeus trojan for example, or to extract personal documents and information from “secure” servers.

Oh, and one more thing: