The Hacker News — Cyber Security, Hacking, Technology News

Moscow-based cyber security firm Kaspersky Lab has taken the United States government to a U.S. federal court for its decision to ban the use of Kaspersky products in federal agencies and departments.

In September 2017, the United States Department of Homeland Security (DHS) issued a Binding Operational Directive (BOD) ordering civilian government agencies to remove Kaspersky Lab software from their computers and networks within 90 days.

The order came amid mounting concern among United States officials that the Kaspersky antivirus software could be helping Russian government spy on their activities, which may threaten the U.S. national security.

U.S. President Donald Trump also signed into law last week legislation that bans the use of Kaspersky products within the U.S. government, capping a months-long effort to purge Kaspersky from federal agencies amid concerns it's vulnerable to Kremlin influence.

The Kaspersky's appeal is part of an ongoing campaign by the company to refute allegations that the company is vulnerable to Russian influence.

Moreover, there's no substantial evidence yet available which can prove these allegations, but an article published by US media WSJ in October claimed that Kaspersky software helped Russian spies steal highly classified documents and hacking tools belonging to the NSA in 2015 from a staffer's home PC.

Just last month, Kaspersky claimed that its antivirus package running on the staffer's PC detected the copies of the NSA exploits as malware and uploaded them to its cloud for analysis, but its analysts immediately deleted them.

Earlier this month, the NSA staffer, identified as Nghia Hoang Pho, a 67-year-old of Ellicott City, Maryland, pleaded guilty to illegally taking classified documents home, which were later stolen by Russian hackers.

Kaspersky Lab Challenges DHS's Ban on its Software in U.S. Court

Underlining that U.S. authorities have not provided any substantial evidence of wrongdoing by the company, CEO Eugene Kaspersky wrote in an open letter to the Homeland Security agency on Monday, stressing that the "DHS's decision is unconstitutional" and based purely on "subjective, non-technical public sources."

"One of the foundational principles enshrined in the U.S. Constitution, which I deeply respect, is due process: the opportunity to contest any evidence and defend oneself before the government takes adverse action," Kaspersky wrote. 

"Unfortunately, in the case of Binding Operational Directive 17-01, DHS did not provide Kaspersky Lab with a meaningful opportunity to be heard before the Directive's issuance, and therefore, Kaspersky Lab's due process rights were infringed."

Kaspersky argues that the company was not given enough time to contest allegations before the DHS issued a ban, and that the documents available at the time of the ban were based more on references than a technical threat that the company could analyze and respond to.

The company also said that it wrote to DHS in mid-July to address any concerns the U.S. agency had, and DHS even acknowledged receipt of the communication in mid-August, appreciating the company's offer to provide information on the matter.

Kaspersky: DHS Harmed Kaspersky Lab's Reputation

However, Kaspersky said the agency did not follow up with the company "until the notification regarding the issuance of Binding Operational Directive 17-01" and accusing Kaspersky products of causing infosec risks on federal information systems.

"DHS has harmed Kaspersky Lab's reputation, negatively affected the livelihoods of its U.S.-based employees and U.S.-based business partners, and undermined the company’s contributions to the broader cybersecurity community," Kaspersky wrote.

"In filing this appeal, Kaspersky Lab hopes to protect its due process rights under the US Constitution and federal law and repair the harm caused to its commercial operations, its US-based employees, and its US-based business partners." 

CEO Eugene Kaspersky has repeatedly denied the company's ties to any government and said it would not help a government with cyber espionage, adding that "If the Russian government comes to me and asks me to anything wrong, or my employees, I will move the business out of Russia."

In October, it was also reported that Israeli government hackers hacked into Kaspersky's network in 2015 and caught Russian hackers red-handed hacking United States government with the help of Kaspersky software.

In the wake of this incident, Kaspersky Lab also launched a transparency initiative late October, giving partners access to its antivirus source code and paying large bug bounties for security issues discovered in its products.

What's the worst that could happen when a Ransomware malware hits University?

Last month, the IT department of the University from where I have done my graduation called me for helping them get rid of a Ransomware infection that locked down all its student's results just a day before the announcement.

Unfortunately, there was no decrypter available for that specific ransomware sample, but luckily they had the digital backup for the examination results in the form of hundreds of excel sheets.

So, somehow backup helped administrator to re-compile complete result once again into the database, but this delayed the announcement for over 30 days.

However, the situation is not same every time.

Recently, the University of Calgary in Alberta paid a ransom of $20,000 to decrypt their computer systems' files and regain access to its own email system after getting hit by a ransomware infection.

The University fell victim to ransomware last month, when the malware installed itself on computers, encrypted all documents and demanded $20,000 in Bitcoins to recover the data.

Also Read: Ransomware attacks on Hospitals put Patients at Risk

Since the University obviously was not properly backing up the data, the administrators have agreed to pay up the ransom amount, the university announced in a release Tuesday, after a cyber attack that left students and staff unable to access university-issued PCs, email or Skype.

"As part of efforts to maintain all options to address these systems issues, the university has paid a ransom totaling about $20,000 CDN that was demanded as part of this 'ransomware' attack," Linda Dalgetty, VP of finance and services at the University said in a release.

The University assured its staff and students that no personal or University data was released to the public and that it is working with Calgary police to investigate the cyber attack that affected more than 100 computers.

The university's IT department is still in the process of assessing and evaluating the decryption keys and is working to recover data and ensure all of the affected systems are operational again.

The University also confirmed the decryption keys provided by the attacker worked successfully. The email service for its students and staff was brought back yesterday, but not on the original University system.

The University did not further comment on how the infection made its way into their systems and networks.

Also Read: Ransomware attacks Shuts Down Electric and Water Utility.

We saw an enormous rise in Ransomware threats, both in numbers and sophistication. You would be surprised to know about the latest version of Cerber ransomware that generates a different sample in every 15 seconds in order to bypass signature-based antivirus software.

One of the best first steps in securing your environment is to deploy automated and isolated backup mechanism, along with an Intrusion detection system (IDS) at the network level as well as host-based IDS on your critical assets.

IDS gives you detailed insight into what exactly is coming across the wire, instead of just relying on signature-based antivirus and anti-malware software.

You can try AlienVault Unified Security Management (USM) that includes an inbuilt IDS with SIEM and real-time threat intelligence to help you quickly detect malware and other threats in your network.

Infects users via Phishing campaign:

Here’s the kicker:

Rombertik other Tricks involve:

"If an analysis tool attempted to log all of the 960 million write instructions, the log would grow to over 100 gigabytes," researchers explained in a blog post.

"Even if the analysis environment was capable of handling a log that large, it would take over 25 minutes just to write that much data to a typical hard drive. This complicates the analysis."

Data wiping and Self-destructing malware:

TIP