Germany’s information security authorities has warned that antivirus tools from Russian firm Kaspersky could be used to spy on users throughout the world.
The German Federal Office for Information Security (BSI) recently issued a warning saying the Kaspersky antivirus software could be abused to launch cyberattacks, or for eavesdropping and espionage, amid the Russian invasion of Ukraine.
While BSI did not explicitly demand the banning of the company and the product, it did suggest companies replace their cybersecurity solutions with those built by non-Russian vendors.
Considering non-Russian vendors
“A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers,” the BSI statement reads, further reminding that antivirus tools must have root access, and constant connection with the manufacturer’s servers, in order to operate.
“Companies and authorities with special security interests and operators of critical infrastructures are particularly at risk,” BSI concludes.
Italy’s Computer Security Incident Response Team (CSIRT) has also moved in a similar direction, suggesting to Italian firms to assess potential risks from using Russian-made cybersecurity solutions.
Kaspersky has slammed the warnings, labeling them as political, rather than technical.
“We will continue to assure our partners and customers in the quality and integrity of our products, and we will be working with the BSI for clarification on its decision and for the means to address its and other regulators’ concerns,” Kaspersky spokesperson Francesco Tius told TechCrunch.
“Kaspersky is a private global cybersecurity company and, as a private company, does not have ties to the Russian or any other government.”
Despite the reassurances, some companies have already cut ties with Kaspersky. Eintracht Frankfurt FC, a football club from the city of the same name, has terminated the sponsorship agreement that’s been in effect since 2018.
“We have always made it clear that we base the continuation of the partnership with Kaspersky on facts and attitude and not on nationalities. With the warning from the BSI, the facts and thus the trust in the Protectability of Kaspersky’s products and services has changed significantly,” the club’s spokesperson said.
“We have informed the management of Kaspersky that we are terminating the sponsorship agreement with immediate effect. We can look back on a very trusting and successful partnership with Kaspersky and have always had a fair one over the past almost four years and good cooperation with the people involved. We very much regret the development.”