Germany’s Federal Office for Information Security (BSI) is warning companies not to use Kaspersky anti-virus products because of Russian threats against the EU, NATO, and Germany.
The Federal Bureau of Information Security (BSI) warns against the use of anti-virus software from Russian manufacturer Kaspersky under the BSI Act. We recommend replacing applications in the software portfolio with alternative products.
Kaspersky, a Moscow-based cybersecurity and antivirus provider founded in 1997, has been the subject of controversy over the company’s possible ties to the Russian government.
Kaspersky founder and CEO Eugene Kaspersky’s recent comments about his desire for “compromise” regarding Russia’s invasion of Ukraine drew outrage on Twitter, with many denying the company’s stance on the matter.
It is also feared that Kaspersky may not remain completely neutral, as it allegedly provides cybersecurity protection services to the Russian state’s IT infrastructure.
BSI warns German companies to replace Kaspersky AV and other of its products with alternative software from non-Russian vendors.
Antivirus software typically has a higher level of privileges on Windows systems and maintains a permanent, encrypted, and unverifiable connection with the vendor’s server for virus definition updates, according to a BSI statement.
In addition, real-time protection from nearly all anti-virus vendors can upload suspect files to a remote server for further analysis, raising concerns that anti-virus developers may use their software to exfiltrate sensitive files.
While Kaspersky appears to be a trustworthy and ethical company, it must still comply with Russian laws and regulations, including allowing state agencies access to its private company database.
The BSI takes this a step further, suggesting that Kaspersky may be forced to assist Russian intelligence agencies in carrying out cyberattacks and espionage activities
The actions of the military and intelligence services in Russia and the threats made by Russia against the EU, NATO, and the Federal Republic of Germany in the course of the current military conflict are associated with a substantial risk of a successful IT attack. Russian IT manufacturers may carry out offensive operations themselves, be forced to attack target systems against their will, be unwittingly spied on as victims of cyber operations, or be exploited as tools in attacks against their own customers.
Comments