The company said that the target of the attack was probably the insert malware into CCleaner software. 2017 had a similar incident.
How did the violation occur?
The company discovered the breach on 23 September. Immediately, it began an investigation and found evidence that the attackers had been targeting the company's systems since 14 May 2019.
“The user whose credentials were breached did not have domain administrator rights. However, through a successful escalation privilege attack, the attacker managed to gain administrator privileges, ”said Jaya Baloo, Avast's chief information security officer.
According to Baloo, the company has activated the violated VPN profile to monitor the attacker's activities.
This lasted until 15 October, when the company released a new update of its CCleaner.
In addition, Avast changed the digital certificate used for CCleaner updates. The company considered that this change was necessary if the hackers had managed to obtain the old certificate at infringement of the network.
“Having taken all these precautions, we are confident that users CCleaner's are protected and unaffected, ”Baloo said.
The company, based in the Czech Republic, works with the police, the Czech intelligence agency, the Security Information Service (BIS) and a private company for the investigation of a violation.
Avast believes that the attackers were experienced hackers but it is not certain whether it is the team itself that attacked the company 2017.
"From the information we have gathered so far, it is clear that this was a very complex attack on us that was intended not to leave traces of the intruder. The attackers they were proceeding with extreme caution not to be identified, ”said Baloo.
The investigation is ongoing. Avast has said it will inform if it learns any new information. 2017 had published several updates on the infringement incident and was praised for speaking openly and in detail about it.
2017, the attackers had 'planted' malware in CCleaner, in violation of a account TeamViewer. According to Avast, about 2,27 millions of users had downloaded the corrupted CCleaner software.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.