Kevin Bocek, vice president of security strategy and threat intelligence at machine identity protection provider Venafi, comments on the type of attack carried out against Avast: “Based on Avast’s response, it’s seems likely that the attackers targeted code signing keys and certificates. For decades, code signing has been used to verify the integrity of software, and nearly every organization relies on it to confirm their code has not been corrupted with malware.”
“However, if code signing keys and certificates are not properly protected, attackers can turn them into powerful cyber weapons,” says Bocek. “With code signing, cyber criminals can make their malware look like trusted software, allowing it to spread and go undetected. Code signing certificates were the key reason Stuxnet and ShadowHammer were so successful; these attacks are prototypes that many attackers are trying to emulate today.”
Before you continue reading, how about a follow on LinkedIn?
Fortunately for Avast, the company was using an advanced cyber security product from Microsoft, which alerted the company about “malicious replication of directory service from an internal IP.” This was the tip-off that the company needed to understand that hackers were going after domain administrator privileges, even as traces of the intruder were still difficult to find. Avast immediately went to work hardening its internal cyber defenses, including a reset of all internal passwords. The company also pushed out new and updated “clean” versions of its software as an extra precaution, even though Avast says that hackers were not able to distribute any malicious code.
Another attack on CCleaner
The ultimate target of the internal network attack appears to have been CCleaner, a Windows utility app that helps uses clean up programs and speed up overall PC performance. CCleaner (originally known as “Crap Cleaner”) was launched in 2004, and has become one of the most popular apps of its kind. Avast describes it as a “thriving, best-in-class product” that has more than 400 million users worldwide.
However, it was exactly this popularity of CCleaner that made it so attractive for hackers. What better way to get access to hundreds of millions of computers around the world than to infiltrate a popular Windows app? And, indeed, CCleaner was also the target of a high-profile cyber espionage hack back in 2017, when hackers were able to gain access to it and then push out malicious, malware-infected versions to 2.27 million users worldwide. This, in essence, is what a “supply chain attack” is all about – the cyber espionage threat actors viewed Avast as simply the first step of a much wider attack that would enable them to gain access to sensitive business information from the world’s top companies. The way the attack was carried out was designed to leave no traces of the intruder.
Implications of the Avast cyber attack
As Avast noted in a blog post detailing the Abiss attack, global software companies are now being regularly targeted for disruptive attacks, cyber espionage campaigns and attempts at nation-state sponsored sabotage. In short, the very companies that people are counting on to provide them with anti-virus and anti-malware tools are now being targeted by hackers, often with insidious purposes in mind.
The big question now, of course, is how to prevent future attacks of the same nature from taking place. It will take more than just changing passwords or adopting multi-factor authentication. As Avast acknowledges, it’s important for software companies to “stay ahead of the bad guys.”
Avast’s CCleaner product with more than 435 million users in 68 countries is a target of cyber espionage by suspected Chinese #hackers. #respect Click to Tweet
For now, Avast says it has no plans to discontinue CCleaner – but it’s easy to see how this second attack on CCleaner in just two years might lead to a loss of some customers. Throughout 2017 and 2018, Avast struggled to clean up the PR damage after the first attack. That might be why the company immediately enlisted the help of the Czech police and the Czech intelligence agency – they aren’t taking any more chances. The Chinese hackers pulled off an “extremely sophisticated attempt” this time, and there’s no reason to think that they won’t be back soon with another attempt.
Going forward, cyber security is going to become an even more important issue for senior executives at software companies around the world. It will impact which companies they partner with, which companies they acquire, and which companies they choose to do business with. The latest Avast cyber espionage hack is just further proof that hackers are becoming more and more sophisticated in how they target companies.
Contect us: CCleaner Product Key