On September 25th, 2019, cybersecurity company Avast disclosed a significant security breach on its internal network. This breach, believed to be a meticulously planned supply chain attack, targeted the popular CCleaner software, a product acquired by Avast in 2017.
Table of Contents
A Complex Intrusion: Abiss Unveiled
Avast's investigation revealed a determined attacker, dubbed “Abiss,” who infiltrated the network using compromised credentials from a temporary VPN account. The lack of two-factor authentication (2FA) on this account significantly compromised its security.
Jaya Baloo, Avast's Chief Information Security Officer (CISO), emphasized the sophisticated nature of the attack, highlighting Abiss's focus on stealth and meticulous efforts to cover their tracks.
The investigation identified suspicious activity logs dating to May 14th, 2019, with additional entries on July 24th, September 11th, and October 4th.
These entries point towards a persistent attacker, meticulously planning and executing their attack strategy. The attacker reportedly connected through a public IP address in the United Kingdom before exploiting the vulnerable VPN account.
CCleaner Updates and User Protection
Upon identifying CCleaner as the potential target, Avast took immediate action. On September 25th, they halted all future updates for the software and initiated a thorough review of previous versions to identify any potential malicious modifications.
Prioritizing user safety, Avast re-signed a clean version of CCleaner and deployed it as an automatic update on October 15th. This ensured all users received a genuine, secure version of the software.
EXPLORE: CCleaner Business Edition Review: Unlocking Optimization & Efficiency
Investigation and Collaboration
Avast's security team meticulously traced the attacker's activity through the compromised VPN profile. This allowed them to monitor the attacker's actions and implement mitigation measures before significant damage could be done.
Following standard security protocols, Avast notified law enforcement about the intrusion. Additionally, they engaged an external forensics team to assist with data validation and secure evidence collection.
With a focus on continuous improvement, Avast pledged to enhance its network monitoring systems to facilitate quicker detection and more efficient responses to future threats.
They also confirmed sharing crucial information, such as attacker IP addresses, with law enforcement agencies to aid their investigation. The cybersecurity community was also informed to raise awareness and promote collaborative efforts to combat cyber threats.
READ ALSO: Security Alert: The Most Common COVID-19 Online Frauds and Scams
CCleaner Users: Update Immediately
David Peterson, the CCleaner General Manager, emphasized that all CCleaner users must update their software automatically. This essential step ensures users are running the latest, verified version free from potential malware.
Peterson highlighted the preventative nature of this update, stating that while investigations are ongoing, they prioritized user safety by eliminating the risk of malicious software delivery.
This update applies to all CCleaner installations from version 5.57 onwards. Users who installed versions after May 2019 were automatically updated to guarantee security.
READ ALSO: Review of G DATA Total Security
CCleaner Security Incident: Frequently Asked Questions
How did CCleaner get hacked?
CCleaner wasn't directly hacked. The target of the attack was Avast, the cybersecurity company that owns CCleaner. Hackers infiltrated Avast's network using compromised credentials for a temporary VPN account, which lacked two-factor authentication (2FA) for added security. This allowed them to tamper with CCleaner updates potentially.
Is Avast and CCleaner the same company?
No, Avast acquired CCleaner in 2017. However, this incident highlights the vulnerability of supply chain attacks, where compromising one company can indirectly affect its acquired products or services.
Does Avast work against hackers?
Avast is a cybersecurity company that develops antivirus and anti-malware software designed to protect users from hackers. However, in this incident, their network was infiltrated by a skilled attacker. This emphasizes the importance of robust security measures even for cybersecurity companies.
EXPLORE: The Unbiased CCleaner Kamo Review
How secure is Avast VPN?
While Avast offers VPN services, the security of their VPN specifically wasn't compromised in this incident. However, the breach highlights the importance of using strong passwords and enabling 2FA on all accounts, including VPNs.
Can CCleaner damage my computer?
Traditionally, CCleaner cleans up temporary files and improves system performance. However, in this specific case, there was a potential risk of hackers injecting malicious code into CCleaner updates. Avast has addressed this concern by releasing a clean, verified version of CCleaner.
Which version of CCleaner was infected?
There is no confirmation that any version of CCleaner was definitively infected with malware. However, Avast recommends updating all CCleaner installations from version 5.57 onwards to the latest version as a precautionary measure.
Lessons Learned and a Call to Action
The Avast breach serves as a stark reminder of the evolving tactics employed by cybercriminals.
The meticulous planning, exploitation of vulnerabilities like weak VPN credentials, and focus on supply chain attacks highlight the need for heightened security measures across the industry.
This incident underlines the importance of:
- Strong Password Management: Implementing solid and unique passwords and enforcing multi-factor authentication (2FA) on all accounts significantly reduces the risk of unauthorized access.
- Regular Security Audits: Conducting regular penetration testing and security audits helps identify vulnerabilities before they can be exploited.
- Continuous Monitoring: Maintaining robust network monitoring systems allows for early detection and rapid response to suspicious activity.
- Open Communication: Transparency and collaboration within the cybersecurity community are crucial for effective threat mitigation and prevention.
By prioritizing these measures, organizations can significantly enhance their security posture and better protect themselves against sophisticated attacks like the one Avast recently encountered.
Note: This was initially published in October, 2019 but has been updated for freshness and accuracy.
RELATED POSTS
- Most Effective Cybersecurity Strategy For A Small Business [We Asked 45+ Experts]
- Sophos: UK-based Antivirus Company to accept a 3.1billion pound takeover
- Top 5 Checklist for Choosing a VPN Service Provider
- Mozilla Partners with CloudFlare to launch a new VPN
- Dos And Don'ts Of Using A Public Wi-Fi [Ultimate Guide]
- Top 4 Dangerous VPN Providers to Avoid in 2020
- VPN Chaining: Can You Use Multiple VPNs at Once?
- How To Remove Avast Password Manager [ALL DEVICES]
About the Author:
Abraham Faisal is a professional content writer. He has a strong passion for online privacy, cybersecurity and blockchain and is an advocate for online privacy. He has been writing about these topics since 2018 and is a regular contributor to a number of publications. He has a degree in Computer Science and has in-depth knowledge of the ever-evolving world of digital security. In his free time, he likes to travel and explore new cultures.
Christian Schmitz is a professional journalist and editor at SecureBlitz.com. He has a keen eye for the ever-changing cybersecurity industry and is passionate about spreading awareness of the industry's latest trends. Before joining SecureBlitz, Christian worked as a journalist for a local community newspaper in Nuremberg. Through his years of experience, Christian has developed a sharp eye for detail, an acute understanding of the cybersecurity industry, and an unwavering commitment to delivering accurate and up-to-date information.
