Antivirus

Biden bans massive antivirus software company due to Russian hacker concerns

Whether you know it or not, odds are good that you have at some point in your life worked with Kaspersky Lab software. Founded in the late 1990s, the Moscow tech company has spent decades cementing its reputation as a global powerhouse in antiviral and cybersecurity products. It claims on its website to serve some

Whether you know it or not, odds are good that you have at some point in your life worked with Kaspersky Lab software. Founded in the late 1990s, the Moscow tech company has spent decades cementing its reputation as a global powerhouse in antiviral and cybersecurity products. It claims on its website to serve some 400 million users and 250,000 corporate clients, all in the name of “building a safer world” in which “technology improves all of our lives.”

Despite its position in the uppermost echelons of elite cybersecurity businesses, Kaspersky has long been dogged by allegations of Russian government influence, leading in part to a 2017 U.S. government ban on using the company’s software on federal computers. Those tensions reached a crescendo last week, however, when Commerce Secretary Gina Raimondo announced plans to “prohibit Kaspersky Lab and all of its affiliates, subsidiaries and parent company from providing cyber security and antivirus software anywhere in the United States” in a call with reporters. While Kaspersky’s alleged susceptibility to Russian influence has “certainly been on the government’s radar for a number of years,” the “malign activity from Russia in particular over the past couple of years” led the government to “more broadly address this threat,” said Commerce Department’s Office of Information and Communications Technology and Services head Liz Cannon to NPR last week.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week’s Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Antivirus

Don’t fall for McAfee’s tricky antivirus warnings on your laptop

I review a lot of laptops and I’ve noticed many of them come with a “free trial” of McAfee antivirus preinstalled. I’ve clicked through so many warnings about how my PC will be “at risk” unless I pay up for extended protection, and those McAfee alerts are in a stark red color that’s surely designed

I review a lot of laptops and I’ve noticed many of them come with a “free trial” of McAfee antivirus preinstalled. I’ve clicked through so many warnings about how my PC will be “at risk” unless I pay up for extended protection, and those McAfee alerts are in a stark red color that’s surely designed to scare me…
Read More

Continue Reading
Antivirus

This antivirus actually respects your Mac

Macworld Mac users, we get it—you don’t like bloated, ugly antivirus software slowing down your beautifully tuned machines. But you also don’t want to be the one person who ignores modern cyber threats just because “Macs don’t get viruses.” Spoiler: they can and they do. If you’re looking for a lightweight…

Macworld

Mac users, we get it—you don’t like bloated, ugly antivirus software slowing down your beautifully tuned machines. But you also don’t want to be the one person who ignores modern cyber threats just because “Macs don’t get viruses.” Spoiler: they can and they do.

If you’re looking for a lightweight…
Read More

Continue Reading
Antivirus

I tested the best antivirus software for Windows: Here’s what I’d use to protect my PC

ZDNET tested the best antivirus software on the market that supports multiple operating systems, VPNS, and robust protection…

ZDNET tested the best antivirus software on the market that supports multiple operating systems, VPNS, and robust protection…
Read More

Continue Reading
Antivirus

Your antivirus is under attack from new “killer” tool – here’s what we know

EDRKillShifter is getting a dangerous upgrade The new malware can disable AV and EDR from reputable vendors Sophos, Bitdefender, and Kaspersky among the tools being targeted Cybercriminals appear to have improved their antivirus-killing capabilities, as recent research suggest a new tool being shared within the underground community. In a new report, security researchers from Sophos


  • EDRKillShifter is getting a dangerous upgrade
  • The new malware can disable AV and EDR from reputable vendors
  • Sophos, Bitdefender, and Kaspersky among the tools being targeted

Cybercriminals appear to have improved their antivirus-killing capabilities, as recent research suggest a new tool being shared within the underground community.

In a new report, security researchers from Sophos said multiple ransomware groups are successfully disabling endpoint detection and response (EDR) systems before deploying the encryptor.

Originally, the group known as RansomHub developed a tool called EDRKillShifter, which Sophos says is now made obsolete thanks to this new and improved variant. The new tool can disable security software from multiple high-end vendors such as Sophos, Bitdefender, and Kaspersky.

You may like

  • ransomware avast This devious ransomware is able to hijack your system to turn off antivirus
  • A robot hand touching a locked digital shield blocking a human from accessing data Hackers can turn off Windows Defender with this sneaky new tool
  • A digital representation of a lock This top security platform is being hacked to carry out malware threats

Shifting strategies

The malware is often packed using a service called HeartCrypt, which obfuscates the code to evade detection.

Sophos found the attackers are using all sorts of obfuscation and anti-analysis techniques to protect their tools from security defenders, and in some cases, they’re even using signed drivers (either stolen or compromised).

In one case, the malicious code was embedded inside a legitimate utility, Beyond Compare’s Clipboard Compare tool, the researchers explained.

Sophos also said that multiple ransomware groups are using this new EDR-killing tool, suggesting a high level of collaboration between players.

EDRKillShifter was first spotted in mid-2024, after a failed attempt to disable an antivirus and deploy ransomware.

Sophos then uncovered that the malware dropped a legitimate, but vulnerable driver.

Now, it seems there is a new method – taking an already legitimate executable and modifying it locally by inserting malicious code and payload resources (as was the case with Beyond Compare’s tool). This is often done after the attacker has access to a

Read More

Continue Reading