Coming Soon: A Supreme Court Ruling on TikTok, China and National Security
EXPERT INTERVIEWS — Does Chinese ownership of the wildly popular TikTok app pose a national security risk to the United States? And if so, what should […] More
OPINION — The Commerce Department’s recent decision to ban the sale of Kaspersky Lab’s anti-virus products in the United States removed a significant strategic threat from the cybersecurity ecosystem. But the removal of a back doored product from the market will not stop sophisticated attackers from trying to hack other security products to give them similar capabilities.
In its Final Determination outlining the ban against Kaspersky, the Commerce Department notably did not critique Kaspersky’s effectiveness as an antivirus product; it instead highlighted the elevated privileges that antivirus products like Kaspersky have on users’ systems and how a hostile actor – in this case, Russia – could use those privileges to nefarious effect. Some of these effects include:
Looking for a way to get ahead of the week in cyber and tech? Sign up for theCyber Initiatives Group Sunday newsletter to quickly get up to speed on the biggest cyber and tech headlines and be ready for the week ahead. Sign up today.
Although the Determination goes on to enumerate how the policies of Kaspersky’s US subsidiary do little to prevent – and in some cases actually enable – the Russian government or malicious insiders to take advantage of this level of privileges, it’s important to note that these levels of privilege, and their potential deleterious effects, aren’t unique to Kaspersky’s anti-virus products. In fact, the ability to inspect files and network traffic are critical to anti-virus software’s ability to do its job on users’ systems. And just as Kaspersky is accused of leaving a backdoor in its software to allow the Russian government to take advantage of these privileges, sophisticated attackers are looking for vulnerabilities that will let them do the same.
A less publicized, but equally alarming, trend in cybersecurity is the increasing frequency of attacks on enterprise cybersecurity software. Google’s review of new vulnerabilities exploited by hackers in 2023 revealed an uptick in targeting of enterprise technologies “fueled mainly by the exploitation of security software and appliances.” In essence, sophisticated attackers realize that they don’t have to produce and market a subverted anti-virus product to gain the abilities that Kaspersky’s anti-virus supposedly provided to the Russian government: all they have to do is find a vulnerability in an existing security product and exploit it. Then, as PRC-linked threat actors have recently done, they can use the security bypass to install other tools that will give them continued access to the impacted networks and systems even after the vulnerability is patched.
As quick and ready access to the information and resources hosted on the Internet becomes increasingly imperative for government, critical infrastructure, and businesses, the risk of subverted security software – whether it’s through compromise by design in the case of Kaspersky or through one of the 36 vulnerabilities in enterprise solutions identified in Google’s report – is rising.
What national security news are you missing today? Get full access to your own national security daily brief by upgrading to Subscriber+Member status.
What’s more, many of the same companies whose products have been hacked are encouraging customers to take a “platformization” approach – concentrating more functions, and therefore more potential privileges for an attacker to abuse if the platform is subverted. Yet the vulnerabilities that emerge in these platforms are generally not met with the widespread attention that is emerging around Kaspersky products; instead, the cybersecurity community collectively puts temporary protections in place and installs a patch when one is available – often with a shrug of acknowledgement that vulnerabilities in security products are the new normal.
But this doesn’t need to be the case. CISA’s Secure by Design program aims to provide a software framework that eliminates entire classes of vulnerabilities from software, and other innovative approaches to cybersecurity – such as including security functions that are engrained in single-purpose hardware rather than coded into hackable software – are emerging.
For these approaches to succeed, however, the cybersecurity companies adopting them need the market’s help. One can only hope that, as companies look to replace Kaspersky with other solutions, they not only ask, “Does this product do a good job of identifying viruses” – because Kaspersky did just that – but also ask, “How does this product keep sophisticated attackers from compromising it and using it against my organization?”
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to [email protected] for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
Sign up for the Cyber Initiatives Group newsletter. Better results in cyber require better thinking. Sign up for the CIG newsletter today.
Related Articles
EXPERT INTERVIEWS — Does Chinese ownership of the wildly popular TikTok app pose a national security risk to the United States? And if so, what should […] More
EXPERT INTERVIEW — The race between China and the U.S. for tech supremacy gets fiercer by the day. In the latest salvo, the U.S. this […] More
EXPERT INTERVIEW — The U.S. starts the new year with a daunting set of challenges in the national security space – from global conflicts to terrorism […] More
EXPERT INTERVIEW — The U.S. Treasury Department closed 2024 with the announcement that state-sponsored hackers from China had breached its systems in a “major incident.” The hackers […] More
SPECIAL REPORT — In 2025, technological advances will continue to reshape industries, transform national security strategies, and fuel global competition. Artificial Intelligence (AI) will expand its […] More
EXPERT VIEW — 2024 has brought multiple reminders of the threats – real and potential – posed by the People’s Republic of China (PRC). Over the […] More
Search