Anti-Virus, Kaspersky, and the Government – What Should You Do

  • July 18, 2017 - by SYNOPTEK

There have been several instances in the news lately around government involvement in attacks led by hackers using government held vulnerabilities. Whatever your political affiliation, this probably doesn’t sit too well with you.

Lately Kaspersky has been in the news. They are the popular antivirus software. They are accused of being associated with the Russian attacks on the US, as the investigation into the Presidential election tampering unfolds. One side claims no wrongdoing and will fully cooperate with any government, while the other side claims Russian influence to this company. The owner attended a Russian intelligence academy and worked as a cybersecurity engineer for Russian military intelligence.

Who is to believe?  Is my data safe?  I can’t trust that the government isn’t spying on me, and getting corporate cooperation! 

Trust your government?

The hacker group Shadow Brokers dumped dozens of exploits from the NSA onto the internet in April. One of these exploits later turned into the “most successful spreading ransomware” to date.  Ironically, the fastest spreading was also the most short lived, least lucrative, and quickly decrypted. Its only a matter of time that other toolsets are released, as they hide around the corner.  No vendor is safe.  Cisco was in amongst the carnage too, but no one is throwing their routers out the window.

What should your organization do? 

Don’t rely on just AV

Have a plan. Use a multi-layered or multi faceted approach to security. Why barricade the front door, put in two tripwires, and four different padlocks, if the other family member leaves the windows open? Or the nice hacker on the outside just asks to come in, and they let them in?

Throw your television out of the window

If the media worded things differently, maybe we’d treat our computer security more serious. I heard a great security quote the other day.

 If the media stopped saying ‘hacking’ and instead said ‘figured out their password’, people would take password security more seriously. – Khalil Sehnaoui

The hackers are not as sophisticated as the media suggests, or as I like to say, aren’t as sophisticated as they need to be. We are missing basic security precautions.  Security starts with your employees, they are the largest and most susceptible target yet.

Patch please…

The WannaCry ransomware was patched a month and a half before the exploit was even released. Kudos Microsoft. Old, unsupported version of windows patches (Windows XP and Windows 8) were even released later. So why the massive infection rate?  Poor procedures on implementing critical vendor patches. It’s disturbing to me that the EU healthcare industry got hit so quick, but so did a Spanish telecom, so no one was safe if they hadn’t patched.

 Wait, what about Kaspersky?

There are lots of options out there for antivirus.  In my belief, security is not a single layer item.  It’s multi layer, it’s multi dimensional. I get asked as the CISO, which anti-virus is better? To me, have anything from anyone, but don’t rely on it solely. Have DNS and link protection, spam protection, patch your systems, inform and educate your users, and then look for what you’ve missed. If you don’t like the situation, there are options to change.

Regardless of the politics, the government, or the hackers, we need to stay the course of good security practices:

  1. Patch – The top vendors are responding quicker than ever. Yes, there are a couple in the news, but if we don’t patch, then shame on us, not on them.
  2. Stop clicking on bad things – This is getting trickier, but still amazes me how basic investigations start with an obviously wrong email.  Invest in DNS / URL protections.
  3. Police the perimeter – Spam protection, antivirus in email. Slow the noise.
  4. Educate your users. – Busy users still need reminders, assurance and guidance. Even though IT is interwined with the business, users have a business function that demands their attention.  Help them.  Advise them.  Without their help, this is all much worse, and the hackers get richer.
  5. Reevaluate your protections. Something that worked yesterday, might not tomorrow.
  6. Take the media with a grain of salt, especially when politics are in the middle of it.

Author:

Randy Russo, CISO, Synoptek

Additional Information / Credits:

http://mspmentor.net/managed-security-services/kaspersky-lab-offers-source-code-us-government

http://money.cnn.com/2017/04/14/technology/windows-exploits-shadow-brokers/

http://www.gallup.com/poll/168251/illinois-residents-least-trusting-state-government.aspx#1

https://krebsonsecurity.com/2017/05/global-wana-ransomware-outbreak-earned-perpetrators-26000-so-far/

https://krebsonsecurity.com/2017/05/microsoft-issues-wanacrypt-patch-for-windows-8-xp/