The IT Nerd

Now some of you reading this headline will be thinking “wait, didn’t the US already ban Kaspersky?” The answer is sort of. They were banned on federal government networks. But you and I could still get a copy of the anti-virus software for example. Well, that has changed as the Biden administration has banned them outright:

Yesterday, the Department of Commerce issued a final determination pursuant to Executive Order (E.O.) 13873 prohibiting Kaspersky Lab, Inc., its affiliates, subsidiaries and parent companies directly or indirectly from providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons. Commerce reached this determination after an investigation found transactions involving the products and services of Kaspersky Lab, Inc. and its corporate family pose unacceptable risk to U.S. national security or the safety and security of U.S. persons, as outlined in E.O. 13873. 

In addition, the Department of Commerce has designated AO Kaspersky Lab and OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom) on the Entity List for their cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives. These activities are contrary to U.S. national security and foreign policy interests.

Damir J. Brescic, CISO, Inversion6 had this comment:

The reason that the U.S. government took such a stance is due to the concerns that Kaspersky could/has complied with the Russian government in what could be seen as assisting in cyber espionage or other malicious activity. The concern is obviously heightened by some of the controversial laws Russia has in general regarding cybersecurity; where they require companies to assist the government in intelligence gathering activities. Similar to other nation-state threat actors, such as China, Iran and North Korea. 

There are a few key aspects that companies and even government agencies need to take into consideration when assessing the impact of a software tool, such as Kaspersky. The major concern is that the Kaspersky antivirus solution, when implemented in an organization, requires extensive system privileges to function correctly, as most solutions of its kind do. This type of technology can provide a threat actor the potential to exploit and gain access to a systems configuration, sensitive data, and network connections.

If an organization is currently utilizing the Kaspersky antivirus software, they should look to conduct the following steps:

• Deactivate the Kaspersky software immediately on all their host systems

• Conduct a thorough risk assessment of the organizational use of this Kaspersky software; this should include the potential impact of compromise, as well as the likelihood of such an event

• Start evaluating alternative solutions from a trusted vendor 

• Implement robust monitor detection

• Review incident response capabilities and plans, and potentially run a tabletop exercise 

• For advanced measures, look to implement network segmentation to limit the spread of any malware and reduce the overall impact from potential threat and compromise

All of this is good advice as unlike the when the US government network ban came into effect, Kaspersky sued the government, I can’t find any statements or any other reaction from the Russian software company. Their silence suggests a lot in my opinion.

This entry was posted on June 21, 2024 at 4:46 pm and is filed under Commentary with tags Kaspersky. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.