Avast fights off cyber-espionage attempt, Abiss

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,573
Content source
https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss
Another attack on CCleaner and the reason for the latest update.
Avast deploys hardened self-defense and wider intelligence industry collaboration

Global software companies are increasingly being targeted for disruptive attacks, cyber-espionage and even nation-state level sabotage, as evidenced by the many reports of data breaches and supply chain attacks over the last few years. At Avast, we constantly work hard to stay ahead of the bad guys and to fight off attacks on our users. It is therefore not so surprising that we ourselves could be a target.
On September 23, we identified suspicious behavior on our network and instigated an immediate, extensive investigation. This included collaborating with the Czech intelligence agency, Security Information Service (BIS), the local Czech police force cybersecurity division, and an external forensics team to provide additional tooling to assist our efforts and verify the evidence that we were collecting.
Click to expand...
Read more here:
blog.avast.com

Avast fights off cyber-espionage attempt, Abiss

Avast deploys hardened self-defense and wider intelligence industry collaboration to fight off cyber-espionage attempt, Abiss
blog.avast.com blog.avast.com
Latest changelog of CCleaner here:

Version History

www.ccleaner.com www.ccleaner.com
v5.63.7540 (15 Oct 2019)
General
- This release contains an important security update and some minor bug fixes and UI updates

You can read more here: CCleaner v5.63.7540
Click to expand...
 
  • Like
  • Wow
  • +Reputation
Reactions: CyberTech, Venustus, upnorth and 9 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,573
  • Like
Reactions: Venustus, upnorth, Fel Grossi and 4 others
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,765
The truth is all the vendors and Microsoft have a target on their backs and big kudos from fellow hackers if compromised. Pretty much every AV is hacked at one point or another. There was already the big one a few months ago where three major endpoint vendors were hacked. Hopefully these companies get a little more serious about network security. It’s cumbersome to implement on a large scale, and management doesn’t like how it slows things down, but it is clearly necessary.
 
  • Like
Reactions: Venustus, upnorth, Fel Grossi and 3 others
CyberTech

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
Hackers accessed the internal network of Czech cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started since May 14.

Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account.


Tiptoeing to higher privileges:

From the information collected this far, the attack appears to be "an extremely sophisticated attempt," says Jaya Baloo, Avast Chief Information Security Officer (CISO).

Avast refers to this attempt by the name 'Abiss' and says that the threat actor behind it exercised extreme caution to avoid being detected and hide the traces of their intention.

Logs of the suspicious activity show entries on May 14 and 15, on July 24, on September 11, and on October 4.

The intruder connected from a public IP address in the U.K. and took advantage of a temporary VPN profile that should no longer have been active and was not protected with two-factor authentication (2FA).

In a statement today, Jaya Baloo says that the company received an alert for "a malicious replication of directory services from an internal IP that belonged to our VPN address range;" this had been dismissed as a false positive, though.

However, it turned out that the user whose credentials had been compromised did not have the permissions of a domain administrator, indicating that the attacker achieved privilege escalation.

The logs further showed that the temporary profile had been used by multiple sets of user credentials, leading us to believe that they were subject to credential theft.
Click to expand...

More information: Hackers Breach Avast Antivirus Network Through Insecure VPN Profile
 
  • Like
Reactions: Gandalf_The_Grey
You must log in or register to reply here.

Similar threads

RoxasDev
    • Like
    • Applause
    • +Reputation
App Review Avast Free 2023 - Test
Replies
1
Views
1,045
Video Reviews - Security and Privacy
Seandc33
S
upnorth
    • Like
    • +Reputation
Researchers Uncover Mysterious 'Metador' Cyber-Espionage Group
Replies
0
Views
474
News Archive
upnorth
upnorth
silversurfer
    • Like
Cyber espionage campaign targets renewable energy companies
Replies
0
Views
502
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top