Additionally, Kaspersky will not be able to provide services to any existing customers from September onwards.
US Commerce Secretary Gina Raimondo, who is slated to announce the ban on Friday, told customers of the vendor: "You have done nothing wrong, and you are not subject to any criminal or civil penalties.
"However, I would encourage you, in as strong as possible terms, to immediately stop using that software and switch to an alternative in order to protect yourself and your data and your family."
|
|
In 2022, the Federal Communications Commission put Kaspersky on its list of companies deemed to be posing unacceptable security risks.
Andrew Borene, executive director for Global Security at threat intelligence firm Flashpoint, commented: "This decision is a logical reflection of the tectonic shifts that are dividing economies along the lines of power competition between [US] allies and the Russia/China/Iran/North Korea digital domain; these divides obviously extend into private sector actors as well.
"Kaspersky has a history of problems with US, Canadian and other allied governments - banning its use for US security probably is a wise choice in many cases, particularly in the categories of civilian critical infrastructure at state/local/municipal level whether that infrastructure is inherently governmental or privately owned and operated.”
Adam Maruyama, field CTO at Garrison Technology, said: "The [US] administration’s move to ban Kaspersky Lab products in the United States underscores the stakes of security products gone bad, wherein the privileges that are supposed to be used to protect networks and systems are instead used to subvert security mechanisms, deploy malware, and steal data.
"But deliberate seeding of such capabilities via a commercially available product is only the tip of the iceberg. In their report on zero-days exploited in the wild in 2023, Google noticed a marked increase in attacks against enterprise security software, including detection and response, VPN, and firewall operating systems.
"Left unchecked, this rise in exploits could provide attackers the same privileged access they would have had if administrators installed compromised software.
"As threat actors become more sophisticated and look to privileged services such as security software to gain and maintain persistent access, the cyber security community needs to rethink the way we consider security solutions. The cyber security community, particularly in the high-threat sectors of government and critical infrastructure, must consider innovative solutions like using fixed-function, deterministic components such as FPGAs rather than malleable software solutions to enforce critical security functions.
"If we don’t fundamentally rethink the way we approach and enforce security, our most sophisticated adversaries will continue to subvert the software meant to keep us safe – whether it’s by shipping compromised software or attacking and compromising legitimately-developed solutions.”
Kaspersky has made no public comment on the development. iTWire has contacted the company for comment.
