Kaspersky Lab is developing its own operating system (OS). Ending speculation, a post by Eugene Kaspersky now confirms that a secure OS meant to be used in protecting crucial information systems such as industrial control systems (ICS) is in the making.
Kaspersky highlights that ideal ICS software should have all the security technologies incorporated, while considering the changing picture of cyber-attacks. Such a system – despite inviting a lot of effort – together with huge investments does not still guarantee a stable system operation. The secure OS, which is currently under development, is an achievable alternative, according to Kaspersky. Such an OS can have ICS installed on it, which could then be structured within an “existing infrastructure”.
A screenshot of the OS currently under development
In his post, Kaspersky puts forth answers to some obvious questions: “How will it be possible for KL to create a secure OS if no one at Microsoft, Apple, or the open source community has been able to fully secure their respective operating systems?” “It’s all quite simple really,” he shares. The OS has been developed to play a role in a specified task, and is not the one for something mundane such as editing vacation videos or for using the social media.
Kaspersky is working on ways to write software designed such that it would not be possible to anyone to “carry out any behind-the-scenes, undeclared activity”. He shares that the highlight of the OS would be that it would be impossible to execute third-party code, or break into the system or be able to run unauthorised applications on it. This, he adds, is “both provable and testable”.
Kaspersky adds that although industrial IT systems and typical office computer networks seem similar in many ways, they differ in their choices between security and usability. He adds, “In your average company, one of the most important things is confidentiality of data, and IT administrators are encouraged to isolate infected systems from non-infected systems to that end, among others. Thus, for example, if on the corporate file server a Trojan is detected, the simplest thing to do is disconnect the infected system from the network and then later start to tackle the problem.” In industrial systems, he shares that since maintaining constant operation come is a higher priority, security gets pushed to the second place.
Experts at Kaspersky Lab recently announced the discovery of miniFlame, a small and highly flexible malicious program, which has been designed to steal data, and control infected systems during targeted cyber espionage operations.
The miniFlame, which is also known as SPE, was found by Kaspersky Lab’s experts in July 2012. It had been originally identified as a Flame module. In September 2012, when Kaspersky Lab’s research team conducted an in-depth analysis of Flame’s command and control servers (C&C), it found that the miniFlame module was in fact an 'interoperable tool' that could be used as an independent malicious program, or together as plug-in for both the Flame and Gauss malware.
An analysis of the miniFlame reveals that there were several versions that were created between 2010 and 2011, and there were a few of them still active in the wild. In fact, the analysis unearthed new evidence that indicates the coming together of the creators of Flame and Gauss. Both malicious programs could be using miniFlame as a 'plug-in' for their operations. The number of infections combined with miniFlame’s info-stealing features and flexible design indicate it was used for extremely targeted cyber-espionage operations, and was most likely deployed inside machines that were already infected by Flame or Gauss.