German authorities warned against using Kaspersky Lab products
The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) warned companies against using Kaspersky Lab antivirus products because of the potential threats they could pose to the EU, NATO and Germany.
The BSI statement says that companies are better off replacing Kaspersky products with any other security solutions from non-Russian manufacturers. The department motivates this by the fact that antivirus software usually has high privileges on Windows systems, and also maintains a permanent, encrypted connection with its servers. In addition, antiviruses can upload suspicious files to remote servers for further analysis, which means that developers of such solutions can use their software to steal confidential files.
BSI also suggests that Kaspersky Lab may be forced to help Russian intelligence agencies in conducting cyberattacks or espionage:
Representatives of Kaspersky Lab have already published an official response to this BSI warning.
The company also emphasizes that the data processing infrastructure was moved to Switzerland back in 2018, and since then all malicious and suspicious files that are voluntarily shared by users of Kaspersky Lab products in Germany have been processed in two data processing centers in Zurich. In addition, the information provided by users may be processed by the Kaspersky Security Network, whose servers are located in various countries around the world, including Canada and Germany.
However, this is not the first scandal with the Kaspersky Lab software. In 2017, the US presidential administration removed Russia’s Kaspersky Lab from two lists of approved service and software providers for government agencies.
Bloomberg reported that Kaspersky Lab carried out attacks on hackers together with the FSB.
The US Congress suggests that the Russian-based company Kaspersky Lab could be controlled by the Kremlin.
Let me remind you that we also said that Kaspersky Lab’s Amazon SES token was used for phishing, and also that Kaspersky Password Manager generated weak passwords due to a bug.