F-Secure wins the Best Protection 2012 Award from AV-TEST

This is a guest post from Sami, Product Manager for F-Secure Internet Security.

DSCN0046Some days you will remember forever. In your personal life, these irreplaceable days include the birth of your child, your wedding or visiting a new country. In business, it could be a promotion to new job, meeting an important business partner or speaking at a conference.

Last Tuesday is definitely a day I know I’ll remember forever.

When I woke up at 5am to catch my flight to Berlin, I had a little smile on face. I was heading to a ceremony where F-Secure would be given the prestigious BEST PROTECTION 2012 AWARD from AV-TEST.

Winning feels always great. Working in a software security company, you really don’t concentrate on winning a certain award or nomination. Our focus is on providing best possible product and service to our customers.

DSCN0041We know it’s not easy to select security software to protect your PC. Each vendor claims to provide the best protection, most features and the simplest interface.

Testing security software is not easy either. It’s especially difficult to prove how good protection is against modern, sophisticated malware. It requires deep knowledge of malware and state-of-the-art testing facilities. AV TEST is one of the most respected independent testing organizations in the antivirus industry.

Being recognized by AV-TEST as the best product to protect consumers feels even better than great. It feels awesome.

Of course, this award would not have been possible without huge effort from hundreds individuals within our Labs. It’s their skills, hard work and determination to be the best that has made all this possible. They analyze sophisticated threats, provide detection mechanisms against them and develop new technologies to protect against new, unknown malware.

It’s really they who receive this award. For me, it’s my honor to work with them.

DSCN0043After the  award ceremony and photos, AV-TEST arranged for a trolley car tour around Magdeburg, where our guide George gave us a history of the city. A gala dinner followed. It was an excellent time and unique opportunity talk with Andreas Marx, Guido Habicht and Maik Morgenstern about latest trends in computer security.

Tomorrow, I’ll head back to Finland. My colleagues are anxiously waiting to celebrate this award in our own special way. At F-Secure we have a tradition. We take our trophies out on the town and pose them for pictures around Helsinki so we can post them online. And we never forget to get a picture in the sauna.

Great tradition. Great times.

Sami enjoys his freetime with his family and friends. He is a long distance runner who participates in 2-3 marathons every year. He never travels without his running gear.

More posts from this topic

safe harbor, U.S privacy, European privacy

The ‘Safe Harbor’ ruling divides the ‘old world’ and ‘new world’

This week's ruling by the European Court of Justice striking down the 2000 "Safe harbor" agreement between the European Union and and the United States was celebrated as vindication by privacy activists, who saw the decision as a first major international consequence of the Snowden revelations detailing the extraordinary extent of mass surveillance being conducted by the U.S. and its allies. "The safe harbor agreement allowed U.S. companies to self-certify they abided by EU-strength data protection standards," Politico's David Meyer reported. "This gave them a relatively simple mechanism to start legally handling Europeans’ personal data." That simple mechanism did not abide by the Commissions own privacy standards, the Court decided. "The court, by declaring invalid the safe harbor which currently permits a sizeable amount of the commercial movement of personal data between the EU and the U.S., has signaled that PRISM and other government surveillance undermine the privacy rights that regulates such movements under European law," the EFF's Danny O'Brien wrote. A new Safe Harbor agreement is currently being negotiated and the Court's ruling seems designed to speed that up. But for now many companies -- especially smaller companies -- and users are now in a sort of a legal limbo. And that legal limbo may not be great news for your privacy, according to F-Secure Security Advisor Sean Sullivan, as it creates legal uncertainty that could easily be exploited by government spy agencies and law enforcement. "Uncertainty is their bread or butter," he told me. To Sean, this ruling and the urge to break it represent an "old world" view of the Internet where geography was key. The U.S. government has suggested that it doesn't need to respect borders when it comes to companies like Microsoft, Facebook and Google, which are headquartered in the U.S. but do business around the world. Last month, the Department of Justice said it could demand Microsoft turn over Hotmail data of any user, regardless where s/he lives. "The cloud doesn’t have any borders," Sean said. "Where stuff is located geographically is kind of quaint." You can test this out by using an app like Citizen Ex that tests your "Algorithmic Citizenship." Sean, an American who lives in Finland, is identified as an American online -- as much of the world would be. What Europe gave up in privacy with Safe Harbor was, to some, made up for in creating a cohesive marketplace that made it easier for businesses to prosper. Facebook and Google warned that the U.S.'s aggressive surveillance risked "breaking the Internet." This ruling could be the first crack in that break. Avoiding that requires a "new world" view of the Internet that respects privacy regardless of geography, according to Sean. He's hopeful that reform comes quickly and democratically in a way that doesn't require courts to force politicians' hands. The U.S. showed some willingness to reform is surveillance state when it passed the USA FREEDOM Act -- the first new limitations on intelligence gathering since 9/11. But more needs to be done, says the EFF. The digital rights organization is calling for "reforming Section 702 of the Foreign Intelligence Surveillance Amendments Act, and re-formulating Executive Order 12333." Without these reforms, it's possible that any new agreement that's reached between the U.S. and Europe might not reach the standards now reaffirmed by the European Court of Justice.

October 9, 2015
Hillary Clinton, email scandal, phishing scam

A phishing scam may hurt Hillary Clinton’s career — could it cost you yours?

This email was one of five phishing scams found in the 6,400 pages of Hillary Clinton's emails released on Wednesday. While there's no confirmation that former First Lady fell for the scam, her political opponents are using it to attack her for the security risks of the unconventional private server she used while in office -- even though a recent report found that 1 of 7 emails received on official U.S. Defense Department servers were either spam, phishing or other malware attacks. Receiving such attacks is inevitable. Cyber criminals have long known that one the best ways to hack into something is to simply ask you for the password. This technique has long relied on the fact that most of are used to entering our credentials so if a site looks trustworthy enough, we'll just type our credentials. From there, the bad guys can use these keys to unlock our digital life. As we've become more savvy in recognizing untrustworthy emails like the one above, criminals have taken advantage of our growing desire to share information about ourselves online to pioneer a more advanced technique called "spear phishing," which usually arrives in the form of a personalized email from an person or business you have a relationship with. This sort of attack was pioneered to hack high-value targets like Clinton. The Russian-backed Dukes group used this method in its 7-year campaign against western interests and others. In our Business Insider blog, Eija offers an inside look at how the CEO of a Finnish startup was the victim of an attempted spear phishing. "However, anyone can be a target..." Eija explains. And if you work in the U.S. government your chances of being hit with a very personalized attack have greatly increased as a result of the recent hack of the Office of Personnel Management. “Every bit of my personal information is in an attacker’s hands right now,"Paul Beckman, the Department of Homeland security’s chief information security officer, said at the Billington Cybersecurity Summit in September. "They could probably craft my email that even I would be susceptible to, because they know everything about me virtually.” Beckman said he regularly sends fake phishing emails to his staff to see if they fall for them, and “you’d be surprised at how often I catch these guys.”' Getting caught results in mandatory security training. But even after two or three rounds of instruction, the same people still fall for similar scams. “Someone who fails every single phishing campaign in the world should not be holding a [top secret clearance] with the federal government,” he said. “You have clearly demonstrated that you are not responsible enough to responsibly handle that information.” Beckman said he has proposed that those who prove they cannot detect a scam be stripped of their clearance, which could limit their career possibilities or even cost them a job. If you're the CEO of a startup, you recognize that security of your business is essential to your success. But if you're just an employee, your incentives for protecting intellectual property are nowhere as strong. Criminals only need one victim to make one mistake to succeed. So what are employers to do when education just isn't good enough? How about positive reinforcement for those who successfully avoid a scam? The truth is we're all only as secure as our training and focus. Organizations need to work on the best methods for developing both. Whether it's at work or at home or in the U.S. State Department, you're likely to be faced with a phishing attempt before long. Here's basic guidance from Eija on how to avoid being hooked: Be vigilant when entering your password anywhere Enable two-factor authentication Use Google’s built-in Security Checkup and Privacy Checkup tools Periodically review forwarding and mail filter settings, Connected apps & sites, Devices and Activities, shared files Disable POP and IMAP access if you don’t need them for a desktop or mobile client Cheers, Sandra

September 29, 2015
The Dukes

“The Dukes” – Ask the Experts

Last week, F-Secure Labs published a new study that provides a detailed analysis of a hacking group called “the Dukes”. The Dukes are what’s known as an advanced persistent threat (APT) – a type of hacking campaign in which a group of attackers is able to covertly infiltrate an organization’s IT network and steal data, often over a long period of time while remaining undetected. The report provides a comprehensive analysis of the Dukes’ history, and provides evidence that security researchers and analysts say proves the various attacks discussed in the report are attributable to the Duke group. Furthermore, the new information contained in the report strengthens previous claims that the group is operating with support from the Russian government. Mikko Hypponen has said that attacker attribution is important, but it’s also complex and notoriously difficult, so the findings of the report have considerable security implications. I contacted several people familiar with the report to get some additional insights into the Dukes, the research, and what this information means to policy makers responsible for issues pertaining to national cybersecurity. Artturi Lehtiö (AL) is the F-Secure Researcher who headed the investigation and authored the report. He has published previous research on attacks that are now understood to have been executed by the Dukes. Patrik Maldre (PM) is a Junior Research Fellow at the International Center for Defense and Security, and has previously written about the Dukes, and the significance of this threat for global security. Mika Aaltola (MA) is the Program Director for the Global Security research program at the Finnish Institute for International Affairs. He published an article of his own examining how groups like the Dukes fit into the geopolitical ambitions of nations that employ them.   Q: What is the one thing that people must absolutely know about the Dukes? PM: They are using their capabilities in pursuit of Russian strategic interests, including economic and political domination in Central and Eastern Europe, as well as the Caucasus region, and a return to higher status at the international level. AL: They are a long-standing key part of Russian espionage activity in the cyber domain. MA: The geopolitical intention behind the vast majority of targets. Q: We now know the Dukes are responsible for a number of high profile attacks, and seemingly target information about politics and defense. But what kind of information might they obtain with their attacks, and why would it be valuable? AL: They might obtain information like meeting notes, memos, plans, and internal reports, not to mention email conversations. In essence, the Dukes aim to be a fly on the wall behind the closed doors of cabinets, meeting rooms, and negotiating tables. PM: The targets of the Dukes include government ministries, militaries, political think tanks, and parliaments. The information that can be gained from these organizations includes, among other things, sensitive communication among high-level officials, details of future political postures, data about strategic arms procurement plans, compromising accounts of ongoing intelligence operations, positions regarding current diplomatic negotiations, future positioning of strategic military contingents, plans for future economic investments, and internal debates about policies such as sanctions. MA: The targets are high value assets. Two things are important: data concerning the plans and decisions taken by the targeted organizations. Second, who is who in the organizations, what are the key decision-making networks, what possible weaknesses can be used and exploited, and how the organization can be used to gain access to other organizations. Q: The Dukes are typically classified as an APT. What makes the Dukes different from other APTs? MA: APT is a good term to use with the Dukes. However, there are some specific characteristics. The multi-year campaigning with relatively simple tools sets Dukes apart from e.g. Stuxnet. Also, the Dukes are used in psychological warfare. The perpetrators can even benefit from they actions becoming public as long as some deniability remains. AL: The sophistication of the Dukes does not come as much from the sophistication of their own methods as it comes from their understanding of their targets’ methods, what their targets’ weaknesses are, and how those can be exploited. PM: They are among the most capable, aggressive, and determined actors that have been publicly identified to be serving Russian strategic interests. The Dukes provide a very wide array of different capabilities that can be chosen based on the targets, objectives, and constraints of a particular operation. They appear to be acting in a brazen manner that indicates complete confidence in their immunity from law enforcement or domestic oversight by democratic bodies. Q: There are 9 distinctive Duke toolsets. Why would a single group need 9 different malware toolsets instead of just 1? AL: The Dukes attempt to use their wide arsenal of tools to stay one-step ahead of the defenders by frequently switching the toolset used. MA: They are constantly developing the tools and using them for different targets. Its an evolutionary process meant to trick different “immunity” systems. Much like drug cocktails can trick the HIV virus. PM: The different Duke toolsets provide flexibility and can be used to complement each other. For example, if various members of the Dukes are used to compromise a particular target and the infection is discovered, the incident responders may be led to believe that quarantines and remediation have been successful even though another member of the Dukes is still able to extract valuable information. Q: Many people reading this aren’t involved in geopolitics. What do you think non-policy makers can take away from this whitepaper? AL: This research aims to provide a unique window into the world of the Dukes, allowing people not traditionally involved with governmental espionage or hacking to gauge for themselves how their lives may be affected by activity like the Dukes. PM: It is important for people to understand the threats that are associated with these technological developments. The understanding of cybersecurity should grow to the point where it is on par with the wider public’s understanding of other aspects of international security, such as military strategy or nuclear non-proliferation. This knowledge is relevant for the exercise of fundamental liberties that are enjoyed in democratic societies, including freedom of speech, freedom of the press, freedom of association, as well as of basic rights such as voting in elections. MA: The geopolitical intent is clearly present in this activity. However, the developments in this realm affects other types of cyber-attacks. Same methods spread. There is cross-fertilization, as in the case of Stuxnet that was soon adapted for other purposes by other groups.   F-Secure’s Business Security Insider blog recently posted a quick breakdown on how the Dukes typically execute their attacks, and what people can do to prevent becoming a victim of the Dukes or similar threats. Check it out for some additional information about the Dukes.

September 22, 2015