Kaspersky Anti-Virus Is Still Active in U.S. Government Agencies and the Fortune 500

Cyberwarfare, hacks, and data breaches — such concerns are present in the minds of today’s citizens and organizations, and rightfully so.

kaspersky expanse 2125 1416
Expanse

Cyberwarfare, hacks, and data breaches — such concerns are present in the minds of today’s citizens and organizations, and rightfully so. The continued digital transformation of business and government has led to those very entities becoming increasingly vulnerable to cyberattacks.

All of this means that government agencies and leading enterprises need to be hypervigilant in guarding against such attacks, especially nation-state attacks. But unfortunately, Expanse has discovered that software created by Russia-based Kaspersky Lab is still present on networks belonging to U.S. government agencies and many Fortune 500 companies, despite warnings by the U.S. government that it poses a security risk.

The Department of Homeland Security issued a Binding Operational Directive in September 2017 that directed all federal executive branch departments and agencies to identify and remove Kaspersky Lab’s anti-virus software from their systems. Federal agencies were given 90 days to comply and government contractors until October 2018.

“Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems,” the Department of Homeland Security said.

Expanse used its Behavior product to analyze network traffic between organizations’ networks and Kaspersky servers to identify which ones were using Kaspersky software. The results were concerning. Expanse detected Kaspersky software residing on at least two government military networks, eight government non-military networks, and 14 defense contractor networks. Additionally, Expanse detected the prevalent use of Kaspersky software in leading commercial organizations, including 19 financial services companies and 17 healthcare businesses in the Fortune 500.

Expanse based its data on observations collected over the last two weeks of July 2019; the number of government and government contractor organizations observed communicating with Kaspersky servers since the start of the ban was noted to be substantially larger. Further, Kaspersky Lab has several partnerships with hardware suppliers with agreements to have its software pre-installed in systems, making it increasingly difficult for IT teams to detect and remove.

“Clearly the Kaspersky problem is not going away,” said Tim Junio, CEO, and Co-Founder of Expanse. “This is a real issue, exacerbated by the size and complexity of large government agencies and Fortune 500 companies. Most organizations don’t have a planned solution or diagnostic approach to identify access points and vulnerabilities. Or worse, they think they do, but don’t. Understanding your network is a key requirement if you want to secure it, and that’s what we set out to solve when we founded Expanse.”

It is clear that organizations need to carefully gauge where they are buying products from and what software comes pre-installed on those products. And they need continuous, outside-in visibility of all their Internet-connected assets and communications to identify risky and out-of-policy systems and behaviors.

Learn more about Expanse’s Kaspersky detection solution here.

 

Related:

Copyright © 2019 IDG Communications, Inc.