Kaspersky Unveils How Cybercriminals Use AI to Mastermind Global Attacks

Why Trust Techopedia
Key Takeaways

  • Eugene Kaspersky highlights the dual role of AI in cybersecurity, used both to enhance malware detection and by criminals to intensify cyber threats.
  • The diverse and organized nature of cybercrime is detailed by Kaspersky, with specific criminal activities often dominated by language groups, showing the complexity and global scale of the issue.
  • Kaspersky also discusses personal cybersecurity measures, advocating for careful digital footprint management and skepticism online, especially with the rise of deepfake technology.

Eugene Kaspersky, CEO of Kaspersky Lab, stated that artificial intelligence (AI) serves both as a weapon and a shield in the battle against cybercrime. 

“The good news is that we use artificial intelligence to detect malware. The bad news is that criminals also use it for their purposes.”

He points out that many cyber criminals, possibly as many as 100,000, are involved in creating harmful software, showing the immense scope and complexity of modern cyber threats.

AI’s Role in Cybersecurity

Decades ago, Kaspersky began questioning why malware and hackers exist. He realized the main problem lies in how the operating systems were designed. These systems, developed in the 1960s and 1970s, were initially used mostly by scientists and military staff.

In an interview with El Pais, Kaspersky stated:

“Cybernetics wasn’t for the general public; it was for a gentlemen’s club who knew each other, so there was no room for criminals.”

As computers became widely used, these original systems failed to adapt adequately to protect against the threats posed by a growing and diverse range of users, setting the stage for the cybersecurity issues we see today.

In combating these threats, AI has become a vital tool. AI’s ability to swiftly process large amounts of data enables it to detect malware in real time, far outpacing human abilities.

However, this technological progress is a two-edged sword. The very AI systems meant for protection are also being exploited by cybercriminals to uncover new weaknesses, develop more complex malware, and carry out attacks more efficiently, increasing their operations dramatically.

Cybercrime Landscape

Kaspersky illuminated the complex world of cybercrime by detailing profiles of criminals involved. He explained that cybercriminal networks are as organized as global companies and use regional and linguistic skills to tailor their illegal activities.

“If we’re talking about ransomware, most of [the actors] are Russian-speaking. If we talk about [those who run] botnets and backdoors, most of them are Chinese-speaking. And, if we talk about financial fraud, the majority [of perpetrators] are Spanish and Portuguese speaking,” Kaspersky details.

This diversity affects the types of cybercrimes common in various regions, emphasizing the global nature of these threats and the difficulty of combating them effectively.

Organizational Complexity

  • Corporate-like Structure: Cybercriminal groups mimic legitimate businesses with structured departments dedicated to different stages of cyberattacks, including development, execution, maintenance, and even ransom negotiations.
  • Anonymity and Collaboration: Members of these networks often only know each other by nicknames and rarely meet in person, which keeps their identities hidden and makes it hard for law enforcement to track them.

Demographic Profiles

  • Age Range: Primarily, these are young software engineers between 20 and 30 years old, but the range can extend from teenagers to those in their sixties, indicating the wide appeal and accessibility of cybercrime.
  • Regional Focus: Cybercriminals usually work within networks defined by language or geography, using local expertise and language abilities to improve the success of their operations.

Roles and Specializations

Certain members specialize in distinct types of cyberattacks:

  • Ransomware: Typically, Russian-speaking specialists use malware to encrypt data and demand cryptocurrency ransoms.
  • Botnets: Often managed by Chinese-speaking individuals, these involve numerous compromised devices orchestrated to perform synchronized attacks. Chinese-speaking individuals often do not make as much ransomware, since “ransomware often asks for cryptocurrency, and cryptocurrencies are banned in China. So, Chinese cybercriminals cannot monetize them.”
  • Financial Fraud: Mainly conducted by Spanish and Portuguese speakers, these criminals carry out scams and phishing to steal money from unsuspecting individuals.

Personal Cybersecurity Practices of Eugene Kaspersky

In his interview, Kaspersky outlined the serious personal measures he took to protect himself from the same digital threats his company addresses. His personal and professional life blends in with his approach to digital security, reflecting deep involvement in his everyday digital activities and decisions.

  • Custom Mobile Phone: Kaspersky uses a specially designed mobile phone with few features. In fact, unlike most modern smartphones, it does not have a camera — it carries a separate camera for taking pictures. This separation aims to reduce digital risks and protect privacy.
  • Managing Digital Footprint: Kaspersky is very careful about managing his personal information. He chooses what to share online and who to share it with, and only gives his phone number to people who respect his privacy and time zone.
  • Utilizing Updated Security Products: To avoid being a victim of any attack or fraud, he recommends utilizing updated security products on devices. This is crucial as it ensures that all security measures are current and can effectively counter the latest threats.

In his guidelines for safe online behavior, Kaspersky stressed the need for caution. He pointed out the growing dangers of criminals — especially in Latin America — using deepfakes to deceive people with fake voices and images.

His advice is simple but impactful: “Don’t trust anyone online. Especially now, when we’re in the era of deepfakes.”

The Geopolitical Tensions That Impacted Kaspersky Lab

Kaspersky Lab’s role in the cybersecurity industry has been heavily influenced by controversies and political tensions between the United States and Russia.

The US government has expressed worries about Kaspersky’s possible connections to Russian intelligence agencies. This has led to a ban on Kaspersky software in federal agencies, and there are plans to extend this ban to all US citizens and businesses.

These concerns are based on suspicions that the Russian government could force Kaspersky Lab to use its software to spy on or harm foreign users. The company’s software has extensive access to user data, which raises fears that it could be used for spying, particularly because of the sensitive nature of the data involved. Historical events and revelations, like those disclosed by Edward Snowden, have shown a pattern of cooperation between Russian government bodies and private companies like Kaspersky.

As a result, the US has taken serious measures, including placing Kaspersky on the Federal Communications Commission (FCC) blacklist along with some Chinese companies. This action reflects a wider distrust of foreign tech firms considered potential risks.

Despite Kaspersky’s ongoing denials and attempts to prove its independence, the company’s past connections to Russian military and intelligence, as well as its reactions to previous cybersecurity events, still raise concerns about its activities.