It launched an investigation with Czech intelligence officials and police that included quietly monitoring the attacker’s activity rather than immediately evicting it from the network. The hacker or hackers had been trying to get into Avast’s network since May, but the company did not notice something was amiss until Sept. ![]() ![]() The more recent attack on CCleaner was also persistent. The goal of the operation, which analysts believe was the work of a Chinese state-sponsored group, was reportedly to steal intellectual property from CCleaner customers. In the 2017 hack, the attackers signed their malware with a legitimate Avast certificate, a technique that is the hallmark of a clever supply-chain breach. The 2017 breach of CCleaner is often cited by security experts to illustrate the threat of wide-ranging supply-chain hacks. “We do not know if this was the same actor as before and it is likely we will never know for sure,” she wrote. The revelation first hit the web on Monday morning, when the software’s developer Piriform published a blog post on the subject. “t is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose,” Baloo wrote in a blog post. News has emerged that an infected version of the popular PC and Android optimization software CCleaner has been spreading malware to large numbers of computer users. Avast, which boasts of 400 million users of its products around the world, said it will study its network logs to learn more about the intrusion. Those measures, Avast CISO Jaya Baloo assured customers, were enough to ensure that CCleaner users were unaffected by the attack. ![]() Worried that the attackers would manipulate CCleaner again, Avast said it halted an upcoming release of the product, revoked its previous security certificate, and put out a security update to users. The target of the persistent attack was likely Avast’s software-cleaning tool, CCleaner - the same product that was infiltrated in an infamous 2017 supply-chain attack breach that affected over 2 million computers. In that case, as in the CCleaner attack, victims installed seemingly legitimate software from a small but trusted company, only to find that it had been silently corrupted, deeply infecting their IT systems.An unidentified attacker used stolen credentials to gain high-level privileges on the network of Czech software security vendor Avast, the company said Monday. Two months earlier, hackers hijacked the update mechanism of the Ukrainian accounting software MeDoc to deliver a destructive piece of software known as NotPetya, causing massive damage to companies in Ukraine as well as in Europe and the United States. But it already represents another serious example in the string of software supply-chain attacks that have recently rocked the internet. The exact dimensions of the CCleaner attack will likely continue to be redrawn, as analysis continues. "If you didn’t restore your system from backup, you’re at high risk of not having cleaned this up," Williams says. Instead, the researchers recommend that anyone affected fully restore their machines from backup versions prior to the installation of Avast's tainted security program. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected.įor any company that may have had computers running the corrupted version of CCleaner on their network, Cisco warns that its findings mean merely deleting that application is no guarantee the CCleaner backdoor wasn't used to plant a secondary piece of malware on their network, one with its own, still-active command and control server. It wound up installed on more than 700,000 computers. ![]() Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 18 tech firms.Įarlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. Here’s how to tell if you were affected, and what you should do. Update: On September 25, Avast confirmed that of the 18 companies targeted, a total of 40 computers were successfully infected with a secondary malware installation at the following companies: Samsung, Sony, Asus, Intel, VMWare, O2, Singtel, Gauselmann, Dyn, Chunghwa and Fujitsu. CCleaner, the incredibly popular PC maintenance utility, has been hacked to include malware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |