![]() ![]() ![]() Such attacks are effective mainly because cyber criminals try to spread malware throughout the target organizations by leveraging a resource used internally. The malware has been delivered through a backdoor, and still remaining undetected. Basically, hackers often manipulate with hardware or software during the manufacturing stage and implant rootkits or tie in hardware-based spying elements. What is a supply-chain attackĭefinition: This type of attack initiated by cybercriminals aims to damage an organization by leveraging vulnerabilities in its supply network. The company is strongly encouraging users to download the latest version available, 5.34 or higher of the application to avoid being exposed to a potential attack. Given the proactive approach of the Avast team, the number of affected people went down to 730,000 users still using the affected version (). Since November 2016, CCleaner has had over 2 billion downloads worldwide, with a growth rate of 5 million desktop installations per week, so the potential impact that cyber criminals wanted to achieve was massive! It’s also worth mentioning that, for almost one month, 2.27 million people used the affected version of CCleaner. September 19: in the update, Avast said about this incident that they will keep updating it and “to take all possible measures to ensure that it never happens again.”ĬCleaner is a popular application that helps users clean unwanted files on various programs by saving and optimizing the hard disk space for better performance.“ Older versions of CCleaner v and CCleaner Cloud v for only 32-bit Windows users had been compromised in a sophisticated manner”. On September 18, Piriform made the official announcement on their blog about this security issue providing.Avast notified the remaining users to upgrade to the latest version of the product as soon as possible.Then they released a fixed version, identical to but with the backdoor removed.The Piriform and Avast teams provided a quick fix for CCleaner users by assuring that the currently shipping version (5.34) and previous versions didn’t contain the threat.With these two actions, “ the server was taken down and the threat was effectively eliminated” During that time, the Cisco Talos team was also working on the issue and registered the secondary DGA domains.Avast worked with law enforcement in the US and the offending Control and Command server was taken down on September 15.Avast first learned about the compromise on September 12, and, by the time the Cisco message was received (September 14), they already analyzed the threat, assessed its risk level and started investigating the root cause of the issue.Separately, Cisco also reported this problem to Avast on September 13.The following day, on September 12, Morphisec started the investigation and notified Avast about its findings to identify the issue.Morphisec researchers identified and prevented CCleaner.exe installations on August 20 and 21, at customers logs, and some of them shared their logs on September 11.A compromised version of CCleaner was released on August 15 and “ went undetected by any security company for four weeks” said Avast on an updated article on their blog.If you are using the older version of CCleaner app, 5.33 and above, you should upgrade to the 5.34 version immediately. Attackers managed to infiltrate two versions of CCleaner and slip backdoors into them, potentially impacting millions of devices and their users. The attack against CCleaner has been labeled as a “supply-chain attack” which involves exploiting vulnerabilities in the supply network used by a specific organization.ĬCleaner, one of the most widely used PC cleaner and optimization applications created by Piriform and acquired in July 2017 by the antivirus company Avast, has been compromised by cyber criminals. Like this recent one with CCleaner, a popular PC cleaning software app. But unfortunate incidents happen, critical pieces of infrastructure are affected and produce business disruptions. And every part of the system should provide maximum security and safeguard sensitive data. IT infrastructure is important for any company to better perform on the market. ![]()
0 Comments
Leave a Reply. |