Olivier Le Moal - stock.adobe.co
EU institutes Kaspersky ban, calls software 'malicious'
News roundup: Following a vote by the European Parliament to implement a Kaspersky ban in the EU, Kaspersky announced it would halt ties with the No More Ransom project and Europol.
After the European Parliament voted to institute a Kaspersky ban on the use of its products in the European Union, Kaspersky Lab temporarily suspended its involvement with Europol and the No More Ransom project.
In a plenary session, the European Parliament voted on a cyberdefense strategy report written by Urmas Paet, the Estonian member of the European Parliament on the Committee on Foreign Affairs. The resolution included an amendment from the Polish MEP that "calls on the EU to perform a comprehensive review of software, IT and communications equipment and infrastructure used in the institutions in order to exclude potentially dangerous [programs] and devices, and to ban the ones that have been confirmed as malicious, such as Kaspersky Lab."
The Kaspersky ban resolution was approved, with 476 votes to 151. Following the vote, Kaspersky announced it was freezing its cooperation with Europol and the No More Ransom project.
Kaspersky Lab was one of the first antivirus companies to collaborate with Europol law enforcement officials. The company is also one of the founding members of the No More Ransom project, which provides ransomware victims with free decryptors. The European Parliamentary Research Service had recently praised the work of the No More Ransom project.
"We have protected the EU for 20 years working with law enforcement leading to multiple arrests of cybercriminals," Kaspersky Lab CEO Eugene Kaspersky tweeted after the vote, adding that the company is "forced to freeze" its cooperation with Europol and the No More Ransom project.
We have protected the EU for 20 years working with law enforcement leading to multiple arrests of CYBERCRIMINALS. Based upon today’s decision from the EU Parliament, we are forced to freeze our cooperation with orgs including @Europol & #NoMoreRansom pic.twitter.com/7dSGn9Bycw— Eugene Kaspersky (@e_kaspersky) June 13, 2018
Other governments -- including the United States, the United Kingdom, the Netherlands and Lithuania -- have already taken steps to implement a Kaspersky ban on sensitive systems because of suspicions that the Moscow-based company does not work entirely independently from the Russian government and is, therefore, a security risk.
Kaspersky has denied all of these accusations and took to Twitter again this week to reiterate that the claims made by the European Parliament are unfounded.
"The risks of using our software are purely hypothetical. Just as hypothetical as with any other cybersecurity software of any country," he tweeted, adding that the risk of cyberattacks is real and "extremely high." He went as far as saying the European Parliament's decision "plays for cybercrime."
The risks of using our software are purely hypothetical. Just as hypothetical as with any other cybersecurity software of any country. But the risk of becoming a victim of a genuine cyberattack is real – and extremely high. Ergo: EP's political decision plays *for* cybercrime— Eugene Kaspersky (@e_kaspersky) June 13, 2018
Kaspersky Lab has been trying to prove its innocence with measures such as its Global Transparency Initiative, which moves some of the company's processes out of Russia and to Switzerland.
In other news:
- Yahoo has been fined 250,000 pounds -- approximately $331,000 -- for its 2014 data breach. The United Kingdom Information Commissioner's Office (ICO) investigated the more than 515,000 Yahoo user accounts affected by the breach in the U.K. and found Yahoo had violated the Data Protection Act 1998. The Yahoo U.K. Services branch of the company -- which was purchased by Verizon and merged with AOL to form Oath -- is responsible for the breached U.K. accounts. Overall, the massive data breach affected around 500 million users worldwide. The ICO found that Yahoo U.K. Services failed to take the appropriate measures to ensure its parent company, Yahoo Inc., complied with the correct data protection standards and failed to ensure the appropriate monitoring services were in use to protect users.
- Equifax appointed Bryson Koehler as its new CTO this week. Koehler was previously the CTO of IBM Watson and Cloud Platform, as well as CTO and CIO of The Weather Co. "The world of AI is unlocking massive potential in how data can be used, and cloud-based AI technology is a game changer for developing secure and reliable data-driven products," Koehler said in a statement announcing his new role. "I see tremendous opportunity for Equifax to become a leading data-driven technology company, and I'm excited to join its highly-talented team to bring new energy that accelerates Equifax's transformation into a leader of insight forecasting." Koehler's appointment follows the massive data breach Equifax reported in September 2017, which affected at least 145 million consumers
- Tenable Network Security has filed for an initial public offering (IPO), according to a report from The Information. Tenable filed for the IPO on June 11, which makes it the third cybersecurity company to go public so far this year, following Carbon Black and Zscaler. Both companies have reported growth since going public, with shares up 12% and 18%, respectively. Tenable plans to go public in late July, according to the report. The company makes cybersecurity software and is run by CEO Amit Yoran, who was previously the president of RSA. Reuters reported in March 2018 that the company hired the investment bank Morgan Stanley to prepare for the IPO. The report also said the IPO could put the value of Tenable between $1.5 and $2 billion.