IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Germany advises against using Kaspersky software due to hacking risk

The Moscow-headquartered cyber security company has a history of being targeted for its alleged links to the Russian state

Germany’s Federal Office for Information Security (BSI) has warned against using Kaspersky antivirus security products due to the company being headquartered in Russia. 

The BSI said it recommends switching away from any Kaspersky product to another vendor because the company could be forced by the Russian state to carry out offensive cyber operations.

It also said Kaspersky could carry out such offensive operations in cyber space through its own will, can use its own products as a tool in attacks on its own customers, or be spied on without its knowledge. 

Because of these factors, the BSI said there is a “considerable risk of a successful IT attack” as a result of current conflicts between Russia, the EU, NATO, and Germany

It believes organisations that are tied to critical infrastructure or have other special security interests are particularly at risk of attacks linked to Kaspersky’s antivirus software and the BSI will advise any organisation that believes it may be affected.

“Antivirus software, including the associated real-time capable cloud services, has extensive system authorisations and, due to the system (at least for updates), must maintain a permanent, encrypted, and non-verifiable connection to the manufacturer's servers,” the BSI said in a statement

“Therefore, trust in the reliability and self-protection of a manufacturer as well as his authentic ability to act is crucial for the safe use of such systems. If there are doubts about the reliability of the manufacturer, virus protection software poses a particular risk for the IT infrastructure to be protected.”

Kaspersky has denied any allegations that it is linked to the Russian state, or any other government across the globe, saying the BSI’s decision has not been made on the basis of technical analysis of its products.

“We believe this decision is not based on a technical assessment of Kaspersky products – that we continuously advocated for with the BSI and across Europe – but instead is being made on political grounds,” a Kaspersky spokesperson told IT Pro. “We will continue to assure our partners and customers in the quality and integrity of our products, and we will be working with the BSI for clarification on its decision and for the means to address its and other regulators’ concerns.

“At Kaspersky, we believe that transparency and the continued implementation of concrete measures to demonstrate our enduring commitment to integrity and trustworthiness to our customers is paramount. Kaspersky is a private global cybersecurity company and, as a private company, does not have any ties to the Russian or any other government.

“We believe that peaceful dialogue is the only possible instrument for resolving conflicts. War isn’t good for anyone.”

History of persecution

This isn’t the first time Kaspersky has been targeted by a country based on its alleged links to the Russian government, claiming that said links compromise its ability to safeguard the national security of countries other than Russia. 

Related Resource

Edge-to-cloud security webinar

Safeguards your IoT devices that require Zero Trust

Dark blue webinar screen with orange and light blue circular graphicsWatch now

In 2017, the US accused Kaspersky of being able to surveil its customers, of which the US government was one, leading to its products being banned from use in federal government departments that year. 

Kaspersky said at the time that it believed the decision was not being made on the basis of facts and had its appeals to overturn the ban thrown out of court. The cyber security company also launched a lawsuit against the Trump administration a week after the ban was imposed.

The UK’s National Cyber Security Centre (NCSC) also followed the US in advising all UK government departments against using Kaspersky security products. The EU labelled the company’s software products as “malicious”, leading to an EU-wide ban.

Following the wave of government bans, Twitter also prevented Kaspersky from placing ads on the social media platform, claiming its business model conflicts with its Twitter Ads business practices. 

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Is Kaspersky still safe to use?
cyber security

Is Kaspersky still safe to use?

1 Apr 2022
The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021
Kaspersky Endpoint Security Cloud Plus review: One security solution to rule them all
Security

Kaspersky Endpoint Security Cloud Plus review: One security solution to rule them all

23 Nov 2021
Office 365 phishing campaign used stolen Kaspersky Amazon SES token to fool victims
hacking

Office 365 phishing campaign used stolen Kaspersky Amazon SES token to fool victims

2 Nov 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022