ESET

Last updated

ESET, spol. s r.o.
Company type Private limited company
IndustrySecurity software
Founded1 January 1992;32 years ago (1992-01-01) in Slovakia
Founder Rudolf Hrubý
Peter Paško
Miroslav Trnka
Headquarters,
Slovakia
Area served
Worldwide
Key people
  • Miroslav Trnka
  • Peter Paško
  • Rudolf Hrubý
  • Maroš Grund
  • Anton Zajac
  • Richard Marko (CEO)
  • Pavol Luka
  • Juraj Malcho
  • Martin Balušík
  • Ignacio Sbampato
Products
Products list [1]
RevenueIncrease2.svg€526 million [2]
68,100,000 Euro (2018)  OOjs UI icon edit-ltr-progressive.svg
Number of employees
Increase2.svg1,831 [2]  (2020)
Website www.eset.com

ESET, s.r.o., is a software company specializing in cybersecurity. ESET's security products are made in Europe [3] and provides security software in over 200 countries and territories worldwide. Its software is localized into more than 30 languages.

Contents

The company was founded in 1992 in Bratislava, Slovakia. However, its history dates back to 1987, when two of the company's founders, Miroslav Trnka and Peter Paško, developed their first antivirus program called NOD. This sparked an idea between friends to help protect PC users and soon grew into an antivirus software company. At present, ESET is recognized as Europe's biggest privately held cybersecurity company. [4] [5] [6]

History

1987–1992

The product NOD was launched in Czechoslovakia when the country was part of the Soviet Union's sphere of influence. Under the communist regime, private entrepreneurship was banned. It wasn't until 1992 when Miroslav Trnka and Peter Paško, together with Rudolf Hrubý, established ESET as a privately owned limited liability company in the former Czechoslovakia. In parallel with NOD, the company also started developing Perspekt. [7] They adopted the name ESET, from the Czech name of Isis, the Egyptian goddess of health, marriage and love, as the company name.

2003–2017

In 2013, ESET launched WeLiveSecurity, [8] a blog site dedicated to a vast spectrum of security-related topics.

December 2017 marked the 30th anniversary of the company's first security product. To mark its accomplishments, the company released a short documentary [9] describing the company's evolution from the perspective of founders Miroslav Trnka and Peter Paško. In the same year, the company partnered with Google to integrate its technology into Chrome Cleanup. [10]

2018–present

In December 2018, ESET partnered with No More Ransom, [11] a global initiative that provides victims of ransomware decryption keys, thus removing the pressure to pay attackers. The initiative is supported by Interpol and has been joined by various national police forces. [12] ESET has developed technologies to address the threat of ransomware and has produced papers [13] [14] documenting its evolution.

ESET became a founding member of Google's App Defense Alliance. [15] [16]

Current Management
PositionManagement Member
Chief Executive OfficerRichard Marko
Chief Financial OfficerMartin Balušík
Chief Marketing OfficerMária Trnková
Chief Operating OfficerPalo Luka
Chief Technology OfficerJuraj Malcho
Chief Information OfficerVladimír Paulen
Chief Sales OfficerMiroslav Mikuš

Products

ESET provides security products for home and business users. Its products cover all the main operating systems across server, cloud, and mobile deployments.[ citation needed ]

ESET's first product was NOD, an antivirus program for computers running the MS-DOS operating system. NOD32 1.0 for Microsoft Windows was released in 1998 and version 2.0 in 2003. A third version, ESET NOD32 Antivirus, followed in 2007 along with ESET Smart Security 3, which added antispam and firewall modules.[ citation needed ]

ESET NOD32 Antivirus and additional related products with a wider suite of security functions, including ESET Smart Security Premium and ESET Internet Security, [17] are upgraded and released on an annual basis. [18] In 2010, ESET released products for macOS, with a business version now called ESET Endpoint Antivirus [19] and a home version called ESET Cyber Security.

ESET also offers products for Android devices. The first version of ESET Mobile Security was announced in 2012. [20] The product offers malware protection and a call filter, an adware detector, payment protection, and theft protection (such as SIM card locking and total data wipes). In 2015, ESET introduced ESET Parental Control, [21] which allows parents to monitor children's use of Android devices.

ESET Smart TV Security, designed to protect Android TV from malware, phishing, and ransomware, was introduced in 2018 at the Mobile World Congress event in Barcelona. [22]

The company offers a full range of solutions to protect corporate data, ranging from workstation and server protection with ESET PROTECT Entry [23] to endpoint detection and response with ESET Enterprise Inspector. [24]

ESET also offers security products that help companies comply with GDPR requirements. These include ESET Secure Authentication, a two-factor authentication solution introduced in 2015, [25] and ESET Endpoint Encryption, which ESET released in 2017 [26] following the integration of DESlock+ products since 2015. [27] ESET Endpoint Encryption offers file, folder, email, and virtual disk encryption, as well as a desktop shredder for secure file deletion. [28]

Along with its individual products and packages, ESET offers services designed mainly for corporations and large companies. These include managed detection and response, premium support, security audits, and incident response.[ citation needed ]

Technology

ESET has 13 R&D centres globally and is an operator in the field of malicious code detection. [29] In 1995, ESET introduced heuristic analysis [30] [31] into its detection engine.

ESET has been using machine learning in its products, starting with neural networks, since 1997. In 2005, ESET incorporated a machine learning-based technology called DNA Detections, which extracts selected features – called genes – from samples. These genes split samples into clean, malicious and potentially unwanted categories. In 2019, ESET released an Advanced Machine Learning detection layer that can analyze samples locally on endpoints even when offline. [32]

In 2011, ESET replaced ThreatSense.NET with ESET LiveGrid®, [33] a cloud-based reputation system that evaluates unknown or suspicious samples submitted anonymously by millions of ESET-protected endpoints from around the world for machine learning analysis on servers in Bratislava. [33]

ESET also uses additional security layers including Botnet Protection, [34] Network Attack Protection, [35] Script-Based Attacks Protection, [36] and Brute-Force Attack Protection. [37]

In 2017, ESET became the first security company in the world to implement a UEFI Scanner. [38] UEFI is a firmware that is loaded into a computer's memory during the startup process. The scanner can identify threats while the computer is booting up, before standard detection modules start running.

Malware research

ESET dedicates part of its operations to malware research, as well as to the monitoring of advanced persistent threat groups and other cybercriminal groups, with 40% of the company's employees working in research. [39]

One of the groups that ESET tracked is Sandworm. After the 2015 attack on the Ukrainian power grid and the global NotPetya ransomware attack in 2017 – both attributed to Sandworm – ESET discovered Sandworm (more specifically, a subgroup that ESET tracks as TeleBots) deploying a new backdoor called Exaramel, which is a version of the main Industroyer backdoor. As Industroyer was used in the 2016 blackout in Ukraine, [40] ESET linked Industroyer to NotPetya, as well as to BlackEnergy, which was used in the 2015 blackout. [41]

At the time of the NotPetya outbreak, ESET and Cisco tracked down the point from which the global ransomware attack had started to companies afflicted with a TeleBots backdoor, resulting from the compromise of M.E.Doc, a popular financial software in Ukraine. [42]

In March 2021, when Microsoft released out-of-band patches to fix the ProxyLogon vulnerability affecting on-premises versions of Microsoft Exchange Server, ESET discovered more than 10 APT groups leveraging the vulnerability to compromise them. ProxyLogon allows an attacker to take over any reachable Exchange server, even without knowing valid account credentials.[ citation needed ]

In addition, ESET found that multiple threat actors had access to the details of the vulnerabilities even before the release of the patches. Except for DLTMiner, which is linked to a known cryptomining campaign, all of these threat actors are APT groups interested in espionage: Tick, LuckyMouse, Calypso, Websiic, Winnti Group, Tonto Team, ShadowPad activity, The "Opera" Cobalt Strike, IIS backdoors, Mikroceen, DLTMiner, [43] and FamousSparrow. [44]

Another focus of ESET's research is on threats to Android devices. ESET discovered the first clipper malware in the Google Play Store called Android/Clipper.C, [45] which can manipulate clipboard content. In the case of a cryptocurrency transaction, a wallet address copied to the clipboard could be quietly switched to one belonging to the attacker.[ citation needed ]

In the area of IoT research, ESET discovered the KrØØk vulnerability (CVE-2019-15126) in Broadcom and Cypress Wi-Fi chips, which allows WPA2-encrypted traffic to be encrypted with an all zero session key following a Wi-Fi disassociation. [46] Then ESET discovered another KrØØk related vulnerability (CVE-2020-3702) in chips by Qualcomm and MediaTek, as well as in the Microsoft Azure Sphere development kit, with the main difference being that the traffic is not encrypted at all. [47]

Other notable research includes the discovery of LoJax, the first UEFI rootkit found in the wild, which was used in a campaign by the Sednit (aka Fancy Bear) APT group. LoJax is written to a system's SPI flash memory from where it is able to survive an OS reinstall and a hard disk replacement. LoJax can drop and execute malware on disk during the boot process. [48] In 2021, ESET discovered another UEFI malware called ESPecter, [49] which is the second real-world bootkit after FinSpy [50] known to persist on the EFI System Partition in the form of a patched Windows Boot Manager.

In 2021, ESET released the white paper Anatomy of native IIS malware, [51] which analyzed over 80 unique samples of malicious native extensions for Internet Information Services (IIS) web server software used in the wild and categorized these into 14 malware families — 10 of which were previously undocumented.

Among these families, IIS malware demonstrated five main modes of operation:

ESET also works alongside experts from competitors and police organizations all over the world to investigate attacks. In 2018, ESET partnered with the European Cybercrime Centre — a specialist Europol team that investigates cybercrime — as a member of its Advisory Group on Internet Security. [52] [53] ESET partnered with law enforcement agencies worldwide and Microsoft to target the Dorkbot botnet in 2015 [54] and the Gamarue (aka Andromeda) botnet in 2017. [55] Then in 2020, ESET partnered with Microsoft, Lumen's Black Lotus Labs, and NTT Ltd. in an attempt to disrupt Trickbot, another botnet. [56]

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

<span class="mw-page-title-main">ESET NOD32</span> Computer protection software

ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package made by the Slovak company ESET. ESET NOD32 Antivirus is sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.

<span class="mw-page-title-main">Microsoft Defender Antivirus</span> Anti-malware software

Microsoft Defender Antivirus is an antivirus software component of Microsoft Windows. It was first released as a downloadable free anti-spyware program for Windows XP and was shipped with Windows Vista and Windows 7. It has evolved into a full antivirus program, replacing Microsoft Security Essentials in Windows 8 or later versions.

Ransomware is a type of malware that permanently blocks access to the victim's personal data unless a "ransom" is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Cryptovirology refers to the study of cryptography use in malware, such as ransomware and asymmetric backdoors. Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, and security to users. Cryptovirology employs a twist on cryptography, showing that it can also be used offensively. It can be used to mount extortion based attacks that cause loss of access to information, loss of confidentiality, and information leakage, tasks which cryptography typically prevents.

<span class="mw-page-title-main">Bitdefender</span> Romanian cybersecurity technology company

Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East.

<span class="mw-page-title-main">VirusTotal</span> Cybersecurity website owned by Chronicle

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

The Kraken botnet is a network hacking spyware program that attacks Microsoft Windows and Apple Macintosh systems through email and World Wide Web sites such as social networking sites. It was the world's largest botnet as of April 2008.

<span class="mw-page-title-main">Malwarebytes (software)</span> Anti-malware software

Malwarebytes is anti-malware software for Microsoft Windows, macOS, ChromeOS, Android, and iOS that finds and removes malware. Made by Malwarebytes Corporation, it was first released in January 2006. This is available in a free version, which scans for and removes malware when started manually, and a paid version, which additionally provides scheduled scans, real-time protection and a flash-memory scanner.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Avalanche was a criminal syndicate involved in phishing attacks, online bank fraud, and ransomware. The name also refers to the network of owned, rented, and compromised systems used to carry out that activity. Avalanche only infected computers running the Microsoft Windows operating system.

<span class="mw-page-title-main">Trend Micro Internet Security</span> Antivirus and online security software

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats, but as of June 2024 based on the chat support there is no known mechanism as with Microsoft Defender Antivirus to submit false positives like "Incorrectly detected as malware/malicious" or "Incorrectly detected as PUA " which may point to cutting corners and be the cause of application mislabeling e.g. as ransomware, while the mechanism for detecting real threats is not specified.

The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that occurred from 5 September 2013 to late May 2014. The attack utilized a trojan that targeted computers running on Microsoft Windows, and was believed to have first been posted to the Internet on 5 September 2013. It propagated via infected email attachments, and via an existing Gameover ZeuS botnet. When activated, the malware encrypted certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displayed a message which offered to decrypt the data if a payment was made by a stated deadline, and it threatened to delete the private key if the deadline passes. If the deadline was not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin. There was no guarantee that payment would release the encrypted content.

Festi is a rootkit and a botnet also known by its alias of Spamnost, and is mostly involved in email spam and denial of service attacks. It works under operating systems of the Windows family. Autumn of 2009 was the first time Festi came into the view of the companies engaged in the development and sale of antivirus software. At this time it was estimated that the botnet itself consisted of roughly 25.000 infected machines, while having a spam volume capacity of roughly 2.5 billion spam emails a day. Festi showed the greatest activity in 2011-2012. More recent estimates - dated August 2012 - display that the botnet is sending spam from 250,000 unique IP addresses, a quarter of the total amount of one million detected IP's sending spam mails. The main functionality of botnet Festi is spam sending and implementation of cyberattacks like "distributed denial of service".

Emotet is a malware strain and a cybercrime operation believed to be based in Ukraine. The malware, also known as Heodo, was first detected in 2014 and deemed one of the most prevalent threats of the decade. In 2021, the servers used for Emotet were disrupted through global police action in Germany and Ukraine and brought under the control of law enforcement.

Emsisoft Ltd. is a New Zealand-based anti-virus software distributed company. They are notable for decrypting ransomware attacks to restore data.

References

  1. "ESET :: Download :: For Home". Eset.com. Retrieved 17 April 2012.
  2. 1 2 "2019 CONSOLIDATED ANNUAL REPORT" (PDF). Retrieved 24 March 2021.
  3. Baumann, Max-Otto; Schünemann, Wolf J. (2017). Introduction: Privacy, Data Protection and Cybersecurity in Europe. Cham: Springer International Publishing. pp. 1–14. doi:10.1007/978-3-319-53634-7_1. ISBN   978-3-319-53633-0 . Retrieved 16 August 2022.{{cite book}}: |work= ignored (help)
  4. SME. ""Firma roka je Eset a najúspešnejšia banka VÚB"" (in Slovak).
  5. Doktor, Vladislav. ""Eset je opäť firmou roka"". Hospodárske noviny. (in Slovak). "Firmou roka v dvanástom ročníku udeľovania cien za mimoriadne podnikateľské výsledky týždenníka Trend sa včera stala softvérová spoločnosť Eset, ktorá obhájila vlaňajší primát." (Yesterday, the software company Eset became the company of the year in the twelfth year of awarding awards for extraordinary business results of the weekly Trend, which defended last year's primacy.){{cite web}}: Missing or empty |url= (help)
  6. "Eset sa po štyroch rokov vrátil na vrchol. Firmou roka bol 2016 aj 2017 :: AMMADO". ammado.sk. Retrieved 16 August 2022.
  7. "Made in Slovakia: ESET". IT News (in Slovak). 18 June 2016. Retrieved 16 August 2022.
  8. "WeLiveSecurity". WeLiveSecurity. Retrieved 16 August 2022.
  9. Prvních 30 let #ESET - film . Retrieved 16 August 2022 via YouTube.
  10. "A cleaner, safer web with Chrome Cleanup". Google. 16 October 2017. Retrieved 16 August 2022.
  11. "No More Ransom, a global anti-ransomware initiative, announces ESET as new partner". ESET. Archived from the original on 16 August 2022. Retrieved 16 August 2022.
  12. Sedlák, Jan. "Česká policie se zapojuje do boje proti ransomwaru a vydává rady". Lupa.cz (in Czech). Retrieved 16 August 2022.
  13. "RANSOMWARE: an enterprise perspective" (PDF).
  14. "ANSOMWARE: A look at the criminal art of malicious code, pressure, and manipulation" (PDF).
  15. "App Defense Alliance". App Defense Alliance. Retrieved 16 August 2022.
  16. "The App Defense Alliance: Bringing the security industry together to fight bad apps". Google Online Security Blog. Retrieved 16 August 2022.
  17. "Test antivirus software ESET". av-test.org. Retrieved 16 August 2022.
  18. "Protecting consumers at every level with enhanced protection for Windows". eset.com. Retrieved 16 August 2022.
  19. "ESET launches ESET NOD32 Antivirus 4 Business Edition for Mac". eset.com. Retrieved 16 August 2022.
  20. "ESET Goes Google Play with ESET Mobile Security for Android Smartphones and Tablets". businesswire.com. 2 May 2012. Retrieved 16 August 2022.
  21. "Parental Control Review 2017 for Android - ESET". AV-Comparatives. Retrieved 16 August 2022.
  22. "ESET launches ESET Smart TV Security to protect against rising malware threats". eset.com. Retrieved 16 August 2022.
  23. "ESET PROTECT Entry with ESET PROTECT Cloud". AV-Comparatives. Retrieved 16 August 2022.
  24. "ESET's endpoint detection and response capabilities put to the test in third MITRE Engenuity ATT&CK® Evaluations". eset.com. Retrieved 16 August 2022.
  25. "Secure Authentication" (PDF).
  26. "Say Hello to ESET Endpoint Encryption | ESET". eset.com. Retrieved 16 August 2022.
  27. "ESET Buys Recognized Data Encryption Leader DESlock". eset.com. Retrieved 16 August 2022.
  28. "About ESET Endpoint Encryption | ESET Endpoint Encryption | ESET Online Help". help.eset.com. Retrieved 16 August 2022.
  29. "Technology Whitepaper" (PDF).
  30. "Understanding Heuristics" (PDF).
  31. "Heuristic Analysis — Detecting Unknown Viruses" (PDF).
  32. "ESET ADVANCED MACHINE LEARNING" (PDF).
  33. 1 2 "ESET LiveGrid® | ESET Glossary | ESET Online Help". help.eset.com. Retrieved 16 August 2022.
  34. "ESET LiveGrid® | ESET Glossary | ESET Online Help". help.eset.com. Retrieved 16 August 2022.
  35. "ESET LiveGrid® | ESET Glossary | ESET Online Help". help.eset.com. Retrieved 16 August 2022.
  36. "ESET LiveGrid® | ESET Glossary | ESET Online Help". help.eset.com. Retrieved 16 August 2022.
  37. "Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game". WeLiveSecurity. 29 June 2020. Retrieved 16 August 2022.
  38. "ESET LiveGrid® | ESET Glossary | ESET Online Help". help.eset.com. Retrieved 16 August 2022.
  39. Revue, I. C. T. (29 April 2019). "ICT Revue". ICT Revue (in Czech). Retrieved 16 August 2022.
  40. "Industroyer: An in-depth look at the culprit behind Ukraine's power grid blackout". ZDNet. Retrieved 16 August 2022.
  41. Greenberg, Andy. "Here's the Evidence That Links Russia's Most Brazen Cyberattacks". Wired. ISSN   1059-1028 . Retrieved 16 August 2022.
  42. "M.E.Doc Software Was Backdoored 3 Times, Servers Left Without Updates Since 2013". BleepingComputer. Retrieved 16 August 2022.
  43. "More hacking groups join Microsoft Exchange attack frenzy". BleepingComputer. Retrieved 16 August 2022.
  44. "Hacking group used ProxyLogon exploits to breach hotels worldwide". BleepingComputer. Retrieved 16 August 2022.
  45. Goodin, Dan (9 February 2019). "Google Play caught hosting an app that steals users' cryptocurrency". Ars Technica. Retrieved 16 August 2022.
  46. "New Kr00k vulnerability lets attackers decrypt WiFi packets". ZDNet. Retrieved 16 August 2022.
  47. "KrØØk attack variants impact Qualcomm, MediaTek Wi-Fi chips". BleepingComputer. Retrieved 16 August 2022.
  48. Dunn, John E. "Ransomware's Next Nasty Surprise: Pay Up Or We'll Brick Your PC's UEFI Firmware". Forbes. Retrieved 16 August 2022.
  49. "UEFI threats moving to the ESP: Introducing ESPecter bootkit". WeLiveSecurity. 5 October 2021. Retrieved 16 August 2022.
  50. "FinSpy: unseen findings". securelist.com. 28 September 2021. Retrieved 16 August 2022.
  51. "Anatomy Of Native Iis Malware" (PDF).
  52. ESET. "ESET, the leading endpoint IT security company based in the European Union, is now a member of Europol's Advisory Group on Internet Security [Press release]" . Retrieved 18 July 2018.
  53. "EC3 Partners". Europol. Retrieved 16 August 2022.
  54. "EUROPOL WORKS WITH INTERNATIONAL PARTNERS TO TARGET DORKBOT BOTNET". Europol. Retrieved 16 August 2022.
  55. "World Police Shut Down Andromeda (Gamarue) Botnet". BleepingComputer. Retrieved 16 August 2022.
  56. "Microsoft and others orchestrate takedown of TrickBot botnet". ZDNet. Retrieved 16 August 2022.