‘A Russian IT manufacturer may itself carry out offensive operations, be forced to attack target systems against its will,’ says Federal Office for Information Security
Germany’s Federal Office for Information Security (BSI) has warned against the use of anti-malware software from the Russian vendor Kaspersky
The federal agency put out a notice [German] advising organisations that are using Kaspersky’s security products to seek out BSI-approved replacements.
In the statement, the BSI says that the actions of Russia’s military and intelligence services in invading Ukraine and the subsequent threats made by the Russia against the EU, NATO and Germany are “associated with a considerable risk of a successful IT attack”.
It continues: “A Russian IT manufacturer may itself carry out offensive operations, be forced to attack target systems against its will, or itself be spied upon as a victim of a cyber operation without its knowledge, or be misused as a tool for attacks against its own customers.”
BSI specifically warns about the possibility of anti-virus software being disabled by a malicious party prior to an attack.
“If IT security products and, in particular, antivirus software were to be switched off without preparation, they might be left defenseless against attacks from the Internet,” it says.
A Kaspersky spokesperson responded to the BSI’s warning, saying it was a political measure and not based on any technical evaluation of its products.
“Kaspersky is a privately held global cybersecurity company, and as a private company, Kaspersky has no ties to the Russian or any other government,” the spokesperson said, adding that the firm has moved its data processing infrastructure to Switzerland.
“We assure our partners and customers of the quality and integrity of our products and will work with the BSI to clarify the decision and address any concerns raised by the BSI or other regulators.”
The US banned government agencies from using Kaspersky solutions in 2017, with the UK also forbidding its use in sensitive systems. The European Parliament followed suit in 2018, branding the firm’s software as “malicious” due to the alleged link of the company with Russian intelligence.
The company’s founder Eugene Kaspersky (pictured) was criticised by members of the security community earlier this month when he struck a neutral stance on the Ukraine conflict. His critics said that maintaining silence on the issue means indirectly backing the Russian government – something that Kaspersky, headquartered in Moscow, may feel compelled to do.