From phishing to politics: Kaspersky outlines the state of security in 2014

Including why cyber criminals are a bit like electricity...

David Emm

Kaspersky Lab opened a new central London office toward the end of 2013 to serve as a European hub for its employees and customers.

To find out more about the company's operations and to gain insight into the challenges facing the security industry in 2014, TechRadar Pro spoke to David Emm, senior regional researcher at Kaspersky Lab UK.

TechRadar Pro: Why has Kaspersky opened its new European headquarters in central London? Does it make it easier having more than one team in the capital?

David Emm: I think it's less research that's driving it than business. In a sense, it doesn't matter where we as a research team are based, but from a business point of view it certainly makes sense to be in London.

London is a business hub, and this is going to be our European hub, so from a communications and business point of view, it certainly makes sense to have a presence in the capital.

We made the decision that, if we're going to have a presence here, let's move the thing lock, stock and barrel. All 130 of us will be based in London.

TRP: You've been at Kaspersky now for 10 years - have you found that security threats are becoming more sophisticated over time? And do you ever pause to admire their complexity?

DE: I think it's difficult. You can never really detach yourself from what the impact of this stuff is. It's very interesting. I mean, if a mugging happens on the street, then to some degree or other, the perpetrator is interacting with the victim, and that's not really true of cyber crime - you don't see the whites of victim's eyes.

Perhaps that's one reason why I suppose there's a blunting of the moral compass, for want of a better phrase. But we can never totally forget about that impact. But obviously when you look at the code, there's no question.

You see the whole scale right through from pretty basic ones right through to phishing attacks with clumsy grammar and so on right through to the kind of attack like Stuxnet or Red October, where you can see some pretty complex code.

Obviously, our aim is to get to the bottom of them and find out what its purpose is in order to be able to mitigate that threat.

TRP: Have you found an increase in politically motivated security threats, similar to Stuxnet, in the past few years?

DE: There are two kinds of political aspects of threats. On the one hand, there can be some group protesting - let's say the Anonymous attack on the Polish government website 18 months ago - that said "we don't like you passing anti-copyright theft law". So that's political.

Or, you can have a protest about Wikileaks, where they take down or deface a website. Or even groups of hackers in Turkey and Syria competing with each other to protest about political attitudes of their governments.

And then, on the other hand, you have states getting involved in developing code in order to further some overtly political or state activity. Those are, numerically at least, pretty tiny.

If we look at the things that we believe have got national state involvement, or sponsorship, we're talking about six in total that have been uncovered in the past four years. And I think they will always be numerically less significant because they're extremely complex - lots of intelligence has gone into developing them.

TRP: Can such threats impact on society in a way that wasn't originally intended?

DE: Looking at it from a societal point of view, I think the danger is that the fallout from an attack like that can have a much bugger impact than its numerical significance in the whole mass of malware.

So from the point of view of malware as a whole, it's nought point something per cent of the problem.

However, if somebody takes out Thames Water's systems, for instance, and we all stop getting clean running water through the tap, that's a huge impact on an awful lot of citizens in the UK.

And so potentially the impact of that is big, and it can be big from another point of view, which is that if exploits are being developed or brought in to launch an attack, the chances are that sometime after to that it will filter down into the mainstream and be used for other targeted attacks that have nothing to do with governments.

And there's also the risk of collateral damage. It's generally accepted that Stuxnet was probably designed to interface with Iran's nuclear program, but actually there were victims in other countries that were nothing to do with that.