Why Kaspersky's Bank Robbery Report Should Scare Us All - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Why Kaspersky’s Bank Robbery Report Should Scare Us All
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
yalanand
50%
50%
yalanand,
User Rank: Ninja
2/22/2015 | 12:53:45 PM
Re: Stalking the intruder
With Windows, it's more like welcome the next visitor, check his credentials later.


Windows Firewall is a terrible example of how a company can waste millions of dollars of resources for a design that is not even remotely beneficial.
yalanand
50%
50%
yalanand,
User Rank: Ninja
2/22/2015 | 12:52:11 PM
Re: Putin's Kaspersky
Kaspersky Lab might identify these things, but I am sure they take up on that idea, improve it, and pass it on to the Russian government.

I believe you should provide some facts or evidence of such bold statement.


I believe there is a backdoor whistle blower to every company that leaks out data to other fences of government, be it knowingly or unknowingly. 
mak63
50%
50%
mak63,
User Rank: Ninja
2/22/2015 | 1:15:51 AM
Re: Putin's Kaspersky
Kaspersky Lab might identify these things, but I am sure they take up on that idea, improve it, and pass it on to the Russian government.

I believe you should provide some facts or evidence of such bold statement.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
2/20/2015 | 6:27:28 PM
Stalking the intruder
Yes, this example of sly and persistent intrusion is alarming. I think we need behavior analytics that learn from routine system ops and recognize an activity that is out of line. Once it spots such a thing, it raises an alarm or shuts it down. I also agree with TerryB. Security was such a concern on the IBM mainframe when it first came out that the MVS operating system, when asked by an application process to do something, would query, Who is  your owner? If no clear answer came back, it killed the process. With Windows, it's more like welcome the next visitor, check his credentials later.
TerryB
50%
50%
TerryB,
User Rank: Ninja
2/20/2015 | 2:32:46 PM
Not ready for prime time
It just amazes me that there is no backlash yet on using Windows and Linux in business. The level of corruption which can be applied on the core o/s is beyond belief. You can't do that stuff to IBM mainframes or the IBM i5 server my company uses.

I know people love to argue that if Windows/Linux patched and locked down correctly, this stuff won't happen. But the fact a running o/s can be corrupted for any reason means the design is fundamentally flawed in the first place. I read the detailed report Susan referenced in article, that malware was changing stuff in a context that shouldn't have been allowed if it was using God's crendentials.

For example, I'm a full admin on my IBM i5 server. But under no circumstances can I touch what IBM calls the LIC (Licensed Internal Code) or directly manipulate memory. They have a level of abstraction between the commands I can use and that code which touches the physical resources of the hardware. Obviously Windows and Linux could use a little of that type of foresight.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
2/20/2015 | 10:05:47 AM
Re: Putin's Kaspersky
@moarsauce123 I don't know how much truth there is to that.  Kaspersky Lab is actually incorporated in the UK, despite having lots of Russian employees, they do lots of work with huge government agencies such as Interpol and Europol. Do they have lots of employees in Russia, ofcourse considering if you look at where a large pool of employees with the right skillsets for researching threats it makes sense to have folks from there.  Just like we see Israeli and US based security companies with high ratios of employees based in those areas.  But the fact that they are putting out public information about "here are the risks" and not pinning it to specific entities like other news outlets have done or that would be an easy way to shift blame to other governments, shows a bit about the character of the company.

With that logic, what if Trend Micro or McAfee had released the same info.  Would it be viewed the same way?

Just my 2 cents.
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
2/20/2015 | 7:31:10 AM
Putin's Kaspersky
What scares me most is that these reports come from Kaspersky. Mr. Kaspersky is a far too close friend of Mr. Putin and anything that comes out of Kaspersky Labs should not be taken with just a grain of salt, but a full truckload of road salt. Kaspersky Lab might identify these things, but I am sure they take up on that idea, improve it, and pass it on to the Russian government.
Susan_Nunziata
100%
0%
Susan_Nunziata,
User Rank: Strategist
2/19/2015 | 10:44:31 PM
Re: Keeping up with the Hackers
@impactnow: What will finally have to happen for corporations to invest where they need to? How big do the breaches have to get? How much damage has to be done to individuals? Or will this keep on escalating endlessly?
Susan_Nunziata
100%
0%
Susan_Nunziata,
User Rank: Strategist
2/19/2015 | 10:41:39 PM
Re: Brian Krebs
@bwjustice: Thank you for noticing that error, it's been corrected. I am clearly living proof of how sloppy humans can be, especially when working in haste and multi-tasking. If Mr. Krebs happens to have read this, I hope he accepts my apology!

I'll be picking up SPAM Nation for my weekend reading list. And if you never hear from me again, you'll know why.

:)
Susan_Nunziata
100%
0%
Susan_Nunziata,
User Rank: Strategist
2/19/2015 | 10:32:22 PM
Re: Why Kaspersky's Bank Robbery Report Should Scare Us All
@Zerox203: As the Anthem breach also showed, it all comes down to how these organizations make money. Anthem didn't encrypt its data because it wasn't required to do so by law. The cost, or inconvenicence, of encryption was enough of a deterrent for them, because they faced no hefty fines if they didn't do it. Like banks, health insurance providers are for-profit organizations whose main goal is to keep their shareholders happy.

That said, you make a good point about playing the odds and finding the right balance between investing in prevention and leaving yourself open to a breach. In the case of what the Kaspersky report revealed, though, it's hard to believe that patch updating would have impacted the bototm line of the banks involved. It seems a bigger issue -- not enough employees in IT? sloppy governance -- than just an accouting problem.
<<   <   Page 2 / 3   >   >>


State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Slideshows
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll