German Federal Office warns against Kaspersky
The German Federal Office for Information Security (BSI) is currently warning against the use of antivirus software from the Russian manufacturer Kaspersky. It cannot be ruled out that both end customers' target systems and the software company could fall victim to Russian cyberattacks.
In a statement, the German Federal Office for Information Security (BSI) warns against the use of antivirus products from the Russian manufacturer Kaspersky. The current events of intelligence forces in Russia as well as the current threats against the EU, NATO and the Federal Republic of Germany are reason to believe that the risk of successful IT attacks from the Russian side could also increase. Antivirus software and the associated cloud services could, under certain circumstances, maintain a permanent, encrypted and unverifiable connection to the manufacturer's servers via far-reaching system authorizations, according to the BSI's official statement. Therefore, anti-virus software poses a particular risk to an infrastructure worth protecting.
BSI advises switching to alternative products
The software manufacturer with Russian roots could theoretically carry out offensive operations, be forced to attack target systems against its will, or become a victim of a cyber operation itself without being aware of being misused as a tool for attacks against its own customers, it continues. Companies and authorities with special security risks or operators of critical infrastructures are particularly at risk, the BSI emphasizes. Such companies and organizations should plan to replace their antivirus products, even if the changeover may involve temporary losses in convenience and functionality.
Kaspersky appeases
In a statement on Kaspersky's corporate website, the Russian software manufacturer writes that it does not believe that the BSI's decision was based on a technical assessment, but was made for political reasons. It said it would continue to work with partners and the BSI to convince them of the quality and integrity of its products. The data processing infrastructure has been moved to Switzerland since 2018. Malicious and suspicious files reaching users of Kaspersky products in Germany are processed in two data centers in Zurich, which Kaspersky said have "world-class facilities" in accordance with current industry standards to ensure the highest level of security. The security and integrity of the data services as well as the technical procedures are confirmed by independent third-party assessments, Kaspersky's statement said.
Source: BSI/Kaspersky