Kasperskys US Customers Face Tight Deadline Following Govt. Ban

  /     /     /  
Publicated : 23/11/2024   Category : security


Kasperskys US Customers Face Tight Deadline Following Govt. Ban


After Sept. 29, 2024, organizations and individuals that continue using the vendors products will no longer receive any updates or support.



US businesses and consumers using Kasperskys antivirus software products and services have until Sept. 29 to stop using them, following a Biden Administration ban earlier this week on sales of the companys technologies in the country over national security concerns.
Companies and individuals that continue to use Kaspersky products past that date will be doing so at their own — considerable — risk, because Kaspersky will no longer be able to offer any support or updates for its products after the deadline.
Its a good time for CISOs along with other C-suite executives and board members to revisit their organizational use of the software and, frankly, to begin preparing for this to be a long-term aspect of government commercial cybersecurity regulation, says Andrew Borene, executive director at threat intelligence firm Flashpoint. That means immediately evaluating the scope of any Kaspersky deployment, capturing current requirements, and identifying alternatives for delivering on those requirements once the ban takes full effect at the end of September.
In a first-of-its-kind move, the US Department of Commerce, on June 20 
formally banned
 Kaspersky from selling its products and services in the US, citing continued use of the companys software as presenting an undue or unacceptable national security risk.
The Commerce Departments concerns have to do with Kaspersky being a Russian company and therefore apparently being obligated to turn over customer data to the government there, whenever asked for it.
Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive US information, the Commerce department said.
The ban marks the first time the Commerce Department has used its authority under a Trump Administration 2019 Executive Order on 
Securing the Information and Communications Technology and Services Supply Chain
 (ICT).
As part of its action, the department also designated Kaspersky entities in Russia and the UK, meaning that US organizations and individuals are restricted from transacting business with them. In a related announcement, the US Department of Treasury placed similar restrictions on 12 key executives at Kaspersky, but notably not on the companys founder Eugene Kaspersky.
A Kaspersky spokesman described the Department of Commerce decision as likely motivated by the current geopolitical climate and theoretical concerns rather than on a comprehensive evaluation of the integrity of Kasperskys products and services. Kaspersky will pursue all available legal options to fight the decision, the spokesman said in an emailed statement. He added, Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies.
The US government decision does not impact Kasperskys ability to continue selling its threat intelligence services or its cybersecurity training programs in the US, the statement noted.
Even so, the US governments moves this week could effectively mean the end for Kaspersky in the country. In September 2017 the
US Department of Homeland Security banned Kaspersky
from selling to US federal civilian executive branch agencies over
similar national security concerns
. Though the company appealed that decision, the Federal Acquisition Regulation Council made it an official and
permanent ban 
in September 2019. With this weeks actions, the US government has formally blocked it from selling to US private sector companies and individuals as well.
The US government has had its eye on Kaspersky for quite a while, so the ban is not particularly surprising, says Eric Parizo, an analyst with Omdia. The 2019 Executive Order bans the use of IT products and services that are owned or directed by a foreign adversary and pose an unacceptable risk to US national security, he says.
This weeks US government action does not explicitly prohibit US individuals and organizations from using Kaspersky products after Sept. 29, 2024. But since the vendor cannot provide software updates for existing customers after that date, continued use of the product would represent a clear security risk, Parizo says. In light of these events, it would be prudent for Kaspersky customers in the US to immediately seek alternatives. What heightens the urgency is the fact that Kasperskys software products — like all anti-virus tools — have a lot of access to sensitive data on systems on which they are installed, he says.
Adam Maruyama, field CTO at Garrison Technology, recommends that companies which need to replace Kaspersky software make sure to catalog and identify unmanaged corporate devices that may be running the companys software. This includes looking at systems belonging to contractors on the corporate network as well as employees using personal devices at work.
In the longer term, companies need to be conscious that a rip and replace of antivirus software may not fully remove root-level access points from their systems, as antivirus programs often require root level access that is not easily removed by uninstallers, Maruyama cautions.
Given the concerns that the Commerce Department has raised about data theft and the potential weaponization of Kaspersky software, organizations should closely monitor network security suites and technical behavior of systems where Kaspersky was previously installed, he says.
The focus should be on anomalous behavior such as continued callbacks to Kaspersky or other unidentified servers. For users with the highest levels of access to high-risk data and administrative privileges, organizations with a critical infrastructure mission may even want to consider replacing devices that previously used Kaspersky antivirus products to guard against residual risk, he says.

Last News

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Kasperskys US Customers Face Tight Deadline Following Govt. Ban