New Delhi, Nov. 14 -- For more than a decade, the Security Analyst Summit (SAS) has been one of the most important stages for Kaspersky's showcase of deep research. The company considers it the place where its most complex investigations first see the light of day. "SAS has been our platform for 12-15 years now," the company's chief technology officer, Anton Ivanov, said. "It is where we present our best findings." One of the headline discoveries showcased this year is Dante, a highly sophisticated piece of spyware recently attributed to the ForumTroll APT. According to the CTO, Kaspersky first detected signs of an unfamiliar exploit through the vast telemetry shared voluntarily by its global user base. "Kaspersky has a huge presence across continents and millions of relations with users," he said. "When users choose to share telemetry with our researchers, we are able to spot anomalies early." This is how Dante first surfaced as an "unknown exploit" that set off alerts for Kaspersky's analysts. From that point, researchers began an intensive investigation. Kaspersky uncovered Dante while investigating Operation ForumTroll, an advanced persistent threat (APT) campaign that used a Google Chrome zero-day. The attackers sent targeted phishing emails posing as Primakov Readings forum invitations to Russian media, government, education, and financial institutions. Researchers first found a spyware called LeetAgent, notable for using leetspeak commands. Deeper analysis revealed that LeetAgent was linked to a more advanced spyware used in other attacks. In some cases, LeetAgent even launched it. Despite heavy obfuscation, Kaspersky extracted the name Dante from the malware code. They later connected it to a commercial spyware tool promoted by Memento Labs, the successor to HackingTeam. The latest samples of HackingTeam's RCS spyware also showed similarities to Dante, confirming the link. To be sure, HackingTeam was a Milan-based company that sold offensive intrusion and surveillance capabilities . "Dante is a multilayered malware," Ivanov explained. "You have to research the antivirus multiple times to really understand what's happening." He emphasised that the scale of the company's installation base is what makes such research possible. This data allows Kaspersky's threat intelligence service to provide early warnings to enterprise customers about region-specific and sector-specific threats. AI is already empowering attackers Ivanov said the cybersecurity battlefield has fundamentally shifted because of generative AI. "GenAI offers a lot of help for attackers right now," he said. He pointed out multiple ways adversaries are already exploiting AI, including generating phishing websites in minutes, creating content, imagery, and text at scale, writing malicious JavaScripts with AI models; and executing automated attack chains. "My prediction is that in 2-3 years, most attacks will be fully automated with AI," he said. But attackers are not the only ones who benefit. Kaspersky is aggressively building AI into its defensive stack, he added. Researchers at the company are experimenting with generative models for threat detection and response. Ivanov noted that AI inside Kaspersky products can now automatically summarise threat reports, recommend actions for security officers, and even execute automated responses. "This significantly reduces time to action," he said. Internally, AI is also being used to simplify and speed up analyst workflows. With high-quality cybersecurity talent in short supply globally, generative models help Kaspersky's teams analyse malware, organise intelligence, and prepare simplified summaries for customers. "Our AI analyst makes it easier for users to understand what threats are most relevant to them," he said. India: A fast-growing cybersecurity priority Kaspersky sees India as one of its most important growth markets, both from a business and threat-research perspective. Ivanov described India as a "focus region," noting the scale and sophistication of attacks seen in the country. "We detected more than 600,000 ransomware attacks in India in the past year," he said. Kaspersky also recorded over 12 million phishing attempts, with most targeting enterprises. "Ransomware gangs are operating at extremes. They try to destroy or stop business processes and then demand ransom." Hacktivist groups, he added, have also become more active in India. "They can ruin or stop business, so enterprises need complex solutions." Kaspersky offers incident response, managed detection, and other enterprise security services in the country. The India team comprises solution architects, support engineers, and threat researchers. The company reported that its India business grew 24% in 2024, making it one of Kaspersky's fastest-growing markets in South Asia. The B2B segment grew by 20%, while the B2C segment saw a 30% growth. Pushing for automation Globally, Kaspersky's engineering and research teams remain a major strength. The company has a Global Research and Analysis Team (GReAT) team of more than 100 engineers, Ivanov said, with its dedicated research unit crossing 200 specialists. "We are an engineering company. We are hiring everywhere," he added. But hiring alone cannot solve the scale problem, hence the push toward AI-based automation. "It is impossible to hire for all scenarios. That is why we are investing heavily in automation and AI." Most developers at Kaspersky already use generative AI tools, leading to a 15% productivity increase, according to internal metrics. "As threats get more automated, our defenses must get more automated too," he said. "That is the future of cybersecurity."
Note: The Author was in Thailand for SAS 2025 on Kaspersky's invitation
Published by HT Digital Content Services with permission from TechCircle.