Even security companies are exposed to cyberattacks. IT system audit specialists report that security software developer Avast has become victim of an attack on their internal networks. Through a statement, the Czech-based company mentioned that hackers most likely tried to inject malware into the CCleaner tool code, similar to the incident occurred a couple of years ago.
Apparently, the intrusion occurred because the
threat actors compromised the virtual private network (VPN) credentials of one
of Avast employees, gaining access to an account without additional layers of
security, such as multi-authentication factor.
The company’s IT system audit teams mentioned
that internal networks showed signs of suspicious activity since at least four
months ago; however, the intrusion was confirmed until September 23. “Even though the targeted
user did not have administrator privileges, the hackers performed a privilege
escalation to gain broad access to the domain,” Avast Information Security
director, Jaya Baloo said.
Avast teams are also tracking new security
alerts in their Microsoft Advanced Threat Analytics (ATA) dashboard, a tool for
analyzing local network and traffic to prevent external attacks. Avast IT system
audit experts even left the targeted user’s VPN profile active, with the
intention of tracking the source of malicious activity.
Subsequently, on October 15, the company
finished performing security analysis on previous versions of CCleaner, in
addition to releasing a new update, no longer the errors present in previous
deployments.
Another security measure implemented by Avast
was changing the digital certificate used to sign CCleaner updates, so the
latest update has a completely new certificate, while old certificates have
been revoked. “This way, hackers will no longer be able to use these
certificates to sign fake updates,” the company added.
Finally, the company reset the VPN credentials
of all its employees. “We are confident that these measures will be enough
to ensure the safety of all CCleaner users,” Jaya Baloo added. Avast
timely notified BIS, the Czech Intelligence Service, in a timely manner; the
Czech Police Cybersecurity Department was also notified.
Although it is not possible to reveal further
details about the incident due to the ongoing investigation, Avast stated that
so far there is no evidence to suggest that the same group that hacked CCleaner
a couple of years ago is responsible for this incident as well.
In 2017, IT system audit specialists from the
International Institute of Cyber Security (IICS) reported that Piriform, former
CCleaner developer, was hacked. A group of hackers managed to access the
company’s networks using a compromised TeamViewer account. Once inside
Piriform’s networks, threat actors injected a dangerous malware
variant into CCleaner code. The attack was attributed to hacker groups backed
by Chinese government.
