BSI warns against using Kaspersky
Today, the BSI is warning German companies to replace Kaspersky AV and any other products from the firm with alternative software from non-Russian vendors.
As the BSI statement explains, antivirus software typically has higher-level privileges on Windows systems, maintaining a permanent, encrypted, and non-verifiable connection to the vendor’s servers for constant virus definition updates.
Furthermore, as real-time protection from almost all antivirus vendors can upload suspicious files to remote servers for further analysis, there is concern that antivirus developers could use their software to exfiltrate sensitive files.
While Kaspersky is likely trustworthy and ethical, it still has to abide by Russian laws and regulations, including allowing state agents to access private firm databases.
BSI is taking this further by suggesting that Kaspersky could be forced into aiding the Russian intelligence forces in carrying out cyberattacks or conducting espionage.
"The actions of military and/or intelligence forces in Russia and the threats made by Russia against the EU , NATO and the Federal Republic of Germany in the course of the current military conflict are associated with a considerable risk of a successful IT attack. A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers."
BSI
To avoid panic moves like switching off protection without activating a replacement security product, BSI advises all organizations to prepare accordingly by first performing a complete assessment.
Also, whenever a switch to alternative security products takes place, loss of comfort, functionality, and even safety is expected, so a remediation plan to address all that must be developed.
This warning has already led to German organizations, such as Germany's Eintracht sports club, to no longer use Kaspersky's services.
However, Kaspersky believes that BSI's warning to remove Kaspersky products is a political decision rather than a technical assessment of their products.
A Kaspersky spokesperson shared the following statement with BleepingComputer regarding BSI's warnings, which we have shared in full below:
We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds. We will continue to assure our partners and customers in the quality and integrity of our products, and we will be working with the BSI for clarification on its decision and for the means to address its and other regulators’ concerns.
At Kaspersky, we believe that transparency and the continued implementation of concrete measures to demonstrate our enduring commitment to integrity and trustworthiness to our customers is paramount. Kaspersky is a private global cybersecurity company and, as a private company, does not have any ties to the Russian or any other government.
We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn’t good for anyone.
Our data processing infrastructure was relocated to Switzerland in 2018: since then, malicious and suspicious files voluntarily shared by users of Kaspersky products in Germany are processed in two data centers in Zurich that provide world-class facilities, in compliance with industry standards, to ensure the highest levels of security. Beyond our cyberthreat-related data processing facilities in Switzerland, statistics provided by users to Kaspersky can be processed on the Kaspersky Security Network’s services located in various countries around the world, including Canada and Germany. The security and integrity of our data services and engineering practices have been confirmed by independent third-party assessments: through the SOC 2 Audit conducted by a ‘Big Four’ auditor, and through the ISO 27001 certification and recent re-certification by TÜV Austria.
Kaspersky has set the industry benchmark for digital trust and transparency. Our customers can run a free technical and comprehensive review of our solutions, allowing them to:
- Review our secure software development documentation including threat analysis, secure review, and application security testing processes
- Review the source code of our leading solutions including Kaspersky Internet Security (KIS), our flagship consumer product; Kaspersky Endpoint Security (KES), our flagship enterprise product; and Kaspersky Security Center (KSC), a control console for our enterprise products
- Review all versions of our builds and AV-database updates, as well as the types of information which Kaspersky products send to our cloud-based Kaspersky Security Network (KSN)
- Rebuild the source code to make sure it corresponds to publicly available modules
- Review the results of an external audit of the company’s engineering practices conducted by one of the ‘Big Four’ accounting firms;
- Review the Software Bill of Materials (SBOM) for Kaspersky Internet Security (KIS), Kaspersky Endpoint Security (KES), and Kaspersky Security Center (KSC)
-
Dozens of ransomware variants used in 722 attacks over 3 months
The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants.
- March 15, 2022
- 05:40 PM
- 0
-
FBI warns of MFA flaw used by state hackers for lateral movement
The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols.
- March 15, 2022
- 05:20 PM
- 0
-
New Linux botnet exploits Log4J, uses DNS tunneling for comms
A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies.
- March 15, 2022
- 04:22 PM
- 1
-
Android trojan persists on the Google Play Store since January
Security researchers tracking the mobile app ecosystem have noticed a recent spike in trojan infiltration on the Google Play Store, with one of the apps having over 500,000 installs.
- March 15, 2022
- 03:55 PM
- 0
-
FTC to fine CafePress for cover up of massive data breach
The U.S. Federal Trade Commission (FTC) wants to slap the former owner of the CafePress custom t-shirt and merchandise site with a $500,000 fine for failing to secure its users' data and attempting to cover up a significant data breach impacting millions.
- March 15, 2022
- 02:25 PM
- 0
-
Learn how to defend networks with this ethical hacking bundle
White-hat hacking is becoming more important to the security of networks and systems. The Complete 2022 PenTest & Ethical Hacking Bundle helps you develop those skills for $49, 97% off the MSRP of $1770.
- March 15, 2022
- 02:11 PM
- 0
-
Russia faces IT crisis with just two months of data storage left
Russia faces a critical IT storage crisis after Western cloud providers pulled out of the country, leaving Russia with only two more months before they run out of data storage.
- March 15, 2022
- 12:52 PM
- 0
-
Massive phishing campaign uses 500+ domains to steal credentials
Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet.
- March 15, 2022
- 12:10 PM
- 0
No comments:
Post a Comment