Kathy Gibson reports from Jordan – Organisations around the world are being attacked by more sophisticated criminal gangs developing complex cyberattacks that are difficult to protect against.

At the same time, they are expanding their field of operations to industry and critical industrial systems, says Eugene Kaspersky, CEO of Kaspersky.

To counter these threats, systems need to be made secure by design, he explains.

“Unfortunately, the bad guys are very active so we are seeing a massive increase in the daily incidence of malicious files. Our daily catch is now about 400 000. This means there are more and more people developing malware, and the criminals are getting more and more smart.”

With automatic tools, security vendors like Kaspersky are able to identify and mitigate these new malicious files.

“What is a problem, though, is the highly complex, professional attacks we are seeing.”

Just five years ago, there were less than 100 professional espionage groups; today there are more than 900, developing complex malicious tools.

These groups are the likes of Revil, known for a series of high-profile attacks on Kaseya, Colonial Pipeline and JBS.

The Revil actors were arrested in November, but there are many others still out there.

These attackers can only be thwarted by multi-layered protection, from multiple sources, powered by threat intelligence.

“The good news is that we are going to improve our global protection,” Kaspersky says. “Many companies have left Russia, so we have been forced to develop new tools to fill the gap.

“We will have all the layers of cybersecurity and a complete picture of the tools needed to protect enterprise networks.”

These tools will have open APIs, he adds, so organisations can also use third-party tools.

“”We also have the resources: Russian IT companies are exempt from corporate tax.”

Kaspersky Threat Intelligence is a vital tool in cybersecurity, Kaspersky adds. “It is constantly updated and refined, and is good enough that our own security experts use it.”

The victims of cybercrime are increasingly being seen in the industrial sector, rising 50% over the last year.

“This is the worst news,” Kaspersky says. “Some cybercriminals have realised that attacks on SCADA systems can be profitable as well.”

That’s why Kaspersky is expanding its solutions to industrial cybersecurity to protect SCADA and DCS networks, sandboxing industrial threats, picking up anomalies in network traffic, and performing PLC integrity checks.

Typically, cybersecurity works by assessing the risk and protecting against the most common threats.

When it comes to critical infrastructure, the damage is unpredictable, so cybersecurity cannot compensate for the risks, Kaspersky says.

“This is the time to switch to cyber immunity.

“My definition is that a system is immune if the cost of a successful attack is more than the possible damage – so hackers have a negative return on investment.

“So the system is secure by design.”

Kaspersky believes this will not be possible by building on top of existing operating systems.

“So we have done that: our operating systems is based on microkernel architecture. The security layer isolated all modules. And every piece of the system has a trusted behaviour.

“It is in the DNA of the system.”

As an example, he points out that a calculator can only calculate – and has access only to those things needed to calculate.

Even if there is a vulnerability in one part of the system, it is isolated, so it cannot spread to the rest of the system.

“The good news is that we are able to do this, and we have the first products with our partner companies. And we are looking for new partners.”

Already, hardware offering from Tonk, Siemens and Advantech are using the KasperskyOS to build immunity into their products.