The German Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) has announced that businesses should avoid using popular Russian antivirus software Kaspersky due to concerns that it could be used in impending cyberattacks.
Moscow-based Kaspersky has in the past faced accusations of operating on behalf of the Russian government. Following a specific event in 2017, the United States banned any government usage of the service.
Now, the official statement from the German authority says: “The BSI recommends replacing applications from Kaspersky’s virus protection software portfolio with alternative products.”
Read More:-Google Buys Israeli Security Startup Siemplify Amid Rising Cyberattacks
Cyberthreat
Fears that the antivirus software could be exploited by the Kremlin to help an international IT attack prompted the BSI to issue a warning to German organisations. These charges come as Russia continues to threaten NATO, the European Union, and Germany while intensifying its invasion of Ukraine.
“A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its customers,” the statement further reads.
The BSI also believes that governmental organisations and public-interest businesses, such as the industrial sector, should be suspicious of Kaspersky’s technologies.
“You have the option of obtaining advice from the BSI or the responsible authorities for the protection of the constitution,” the statement says.
Read More:-Cyberattacks On Rise: Here’s how to stop cybercrime
The BSI also stated that companies and other organisations should carefully plan and implement the replacement of critical IT security infrastructure components.
If IT security products, particularly virus-prevention software, are turned off without preparation, one may become vulnerable to cyberattacks, it added.
“Switching to other products is associated with temporary losses in comfort, functionality and safety. The BSI recommends carrying out an individual assessment and consideration of the current situation and, if necessary, consulting IT security service providers certified by the BSI,” the statement notes.
‘Long game’
In the wake of Russia’s invasion of Ukraine, such warnings are understandable considering the infamous history of Kremlin-backed hackers’ activities in the past.
Lauren Zabierek, director of the Cyber Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs, told The Harvard Gazette that even though there is no indication of an immediate attack against the United States, it is known that for years, Russians have conducted reconnaissance operations against critical infrastructure and may have implanted tools to disrupt these services in response to the United States or allied foreign policy action.
“Cybersecurity is a long game. It’s a strategic investment, and engagement between companies and federal and state governments is vital. It also depends on an individual’s awareness and action,” he stated.
While talking about the risk of cyberattacks from Russia, he also said, “The government is not responsible for private-sector networks. And since most of the critical infrastructure in this country is operated within the private sector, it really comes down to individuals being prepared and being secure in their practices.”
This is similar to what BSI has advised the German businesses. But after its warning, Kaspersky released a statement in which it said: “We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds.”
The Russian company also stated that it will continue to reassure its partners and customers about the quality and integrity of products.
“We will be working with the BSI for clarification on its decision and for the means to address its and other regulators’ concerns,” it added.
Additionally, Kaspersky clarified that it is a global cybersecurity company and has no ties to the Russian or any other government.
