The warning renews global concerns about using Russian-made software as the country continues its assault on Ukraine. Credit: LPETTET / Getty Images Germany’s Federal Office for Information Security (BSI) has warned businesses against using Kaspersky virus protection products amid concerns of Russian technology being coerced by Russian government agents and forced to attack target systems against its will or spied on. The BSI did not raise any concrete allegations against Kaspersky products but recommended replacing them with alternatives due to the Russian-Ukraine conflict. The Russian vendor responded in an official statement suggesting the BSI’s actions have been made on political rather than technological grounds.The warning echoes earlier unconfirmed claims by U.S. intelligence agencies about ties between Kaspersky and the Russian government. Those claims led to the removal of Kaspersky Lab products of approved vendors for U.S. federal agencies in 2017.Risk of attacks considerable, organizations urged to switch products with cautionThe BSI wrote that antivirus software “must for systemic reasons (at least for updates) maintain a permanent, encrypted and non-verifiable connection to the manufacturer’s servers.” BSI clearly considers this connection to pose a potential risk and identifies a conceivable scenario in which Kaspersky itself is attacked, impacting its customers. “All users of the virus protection software can be affected by such operations,” it stated. However, BSI also urged organizations switching products to do so with caution because, “If IT security products and in particular virus protection software were switched off without preparation, one might be exposed to attacks from the internet without protection.” Kaspersky claims no ties to Russian governmentIn a statement published on its website, Kaspersky responded to the BSI’s warning, claiming its actions are politically motivated. “We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds. We will continue to assure our partners and customers in the quality and integrity of our products, and we will be working with the BSI for clarification on its decision and for the means to address its and other regulators’ concerns.” It added that the company believes that transparency and the continued implementation of concrete measures to demonstrate its commitment to integrity and trustworthiness to customers is paramount. “Kaspersky is a private global cybersecurity company and, as a private company, does not have any ties to the Russian or any other government. We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn’t good for anyone.” The security and integrity of its data services and engineering practices have been confirmed by independent third-party assessments, the statement read, while customers can run a free technical and comprehensive review of Kaspersky solutions.The question of whether businesses should continue to use Russian-made security products and technology along with the risks associated is one of notable significance given Russia’s continued invasion of Ukraine, and one that continues to raise discussions across the industry. Update: On March 17, Kaspersky Lab founder and CEO Eugene Kaspersky posted an open letter in response to the BSI’s warning in which he stated that the reputational and business damage of the decision is “quite significant.” He also claimed that, despite continuous calls from Kaspersky to conduct a deep audit of its source code, updates, architecture, and processes at Kaspersky Transparency Centers in Europe, BSI is yet to do so. Related content brandpost Sponsored by Microsoft Security New threat trends emerge out of East Asia With total vigilance concerning the latest East Asian developments in the threat landscape, security leaders can enhance their readiness to safeguard against the most imminent dangers. By Microsoft Security May 14, 2024 5 mins Security news Equipped with AI tools, hackers make apps riskier than ever The odds of attacks are growing as attackers can now easily access code modification and reverse engineering tools. By Shweta Sharma May 14, 2024 4 mins Application Security feature Low-tech tactics still top the IT security risk chart USB-based attacks, QR codes for phishing and social engineering continue to be some of the most effective, now more dangerous with the help of AI. By Rosalyn Page May 14, 2024 9 mins Cyberattacks Social Engineering Data and Information Security how-to Download the SASE and SSE enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what SASE (Secure Access Service Edge) and SSE (Secure Service Edge) can do for their organizations and how t By Neal Weinberg May 13, 2024 1 min Remote Access Security Network Security Enterprise Buyer’s Guides PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe