amir 957

Level 5
Verified
Malware Hunter
Hi guys
I'm just wondering what happened to avast?
It's been a long time that they have not released a new version
the have always had a monthly update schedule
I guess the Current version was released 4 months ago which is strange
 

I3rYcE

Level 11
Verified
Avast deploys hardened self-defense and wider intelligence industry collaboration


Global software companies are increasingly being targeted for disruptive attacks, cyber-espionage and even nation-state level sabotage, as evidenced by the many reports of data breaches and supply chain attacks over the last few years. At Avast, we constantly work hard to stay ahead of the bad guys and to fight off attacks on our users. It is therefore not so surprising that we ourselves could be a target.
On September 23, we identified suspicious behavior on our network and instigated an immediate, extensive investigation. This included collaborating with the Czech intelligence agency, Security Information Service (BIS), and an external forensics team to provide additional tooling to assist our efforts and verify the evidence that we were collecting.
The evidence we gathered pointed to activity on MS ATA/VPN on October 1, when we re-reviewed an MS ATA alert of a malicious replication of directory services from an internal IP that belonged to our VPN address range, which had originally been dismissed as a false positive. The user, whose credentials were apparently compromised and associated with the IP, did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges. The connection was made from a public IP hosted out of the UK and we determined the attacker also used other endpoints through the same VPN provider.
When analyzing the external IPs, we found that the actor had been attempting to gain access to the network through our VPN as early as May 14 of this year.
After further analysis, we found that the internal network was successfully accessed with compromised credentials through a temporary VPN profile that had erroneously been kept enabled and did not require 2FA.
On Oct 4, we observed this activity again. Timestamps for the suspicious activity flagged by MS ATA are (all times GMT+2):
2:00 AM May 14, 2019
4:36 AM May 15, 2019
11:06 PM May 15, 2019
3:35 PM Jul 24, 2019
3:45 PM Jul 24, 2019
3:20 PM Sep 11, 2019
11:57 AM Oct 4, 2019
The logs further showed that the temporary profile had been used by multiple sets of user credentials, leading us to believe that they were subject to credential theft.
In order to track the actor, we left open the temporary VPN profile, continuing to monitor and investigate all access going through the profile until we were ready to conduct remediation actions.
In parallel with our monitoring and investigation, we planned and carried out proactive measures to protect our end users and ensure the integrity of both our product build environment as well as our release process.
Even though we believed that CCleaner was the likely target of a supply chain attack, as was the case in a 2017 CCleaner breach, we cast a wider net in our remediation actions.
On September 25, we halted upcoming CCleaner releases and began checking prior CCleaner releases and verified that no malicious alterations had been made. As two further preventative measures, we first re-signed a clean update of the product, pushed it out to users via an automatic update on October 15, and second, we revoked the previous certificate. Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected.
It was clear that as soon as we released the newly signed build of CCleaner, we would be tipping our hand to the malicious actors, so at that moment, we closed the temporary VPN profile. At the same time, we disabled and reset all internal user credentials. Simultaneously, effective immediately, we have implemented additional scrutiny to all releases.
Moreover, we continued to harden and further secure our environments for Avast's business operations and product builds, including the resetting of all employee credentials, with further steps planned to improve overall business security at Avast.
From the insights we have gathered so far, it is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected. We do not know if this was the same actor as before and it is likely we will never know for sure, so we have named this attempt 'Abiss'.
We are continuing with an extensive review of monitoring and visibility across our networks and systems to improve our detection and response times. Also, we will further investigate our logs to reveal the threat actor’s movements and modus operandi together with the wider security and law enforcement community; we have already shared more detailed indications with them, including the actor’s IPs, under confidential disclosure to aid in the investigation (TLP RED).
 

RejZoR

Level 14
Verified
Dont use it, they sell your info to advertisers and spies on you
They asked you during install and I remember that coz I keep on trying AV's and I've reinstalled avast! several times. And the "could be traced back to you" is just alleged "could be". Haven't seen any actual proof anyone could actually trace back to exact certain individual. It's still a good antivirus and everyone who unchecked data sharing were not even affected...
 

RejZoR

Level 14
Verified
It's a bit funny though, when avast! was selling data, everyone sperged like it's end of the world because "they didn't tell us" (even though they actually have). But no one is dropping basically ALL Google services because they knew it upfront. Yet they still use their apps and services even though there are alternatives that are known NOT to sell anyones' data. like DuckDuckGo or Protonmail. Because knowing upfront somehow changes everything while changes nothing if people are still hooked on those services. And Google is still making billions of selling everyone's data. It's a bit hilarious situation when you think of it. And the data granularity avast! had is NOTHING compared to what Google has. avast! had browsing history and some location data, maybe something extra on top. Whatevers. Google has all that with all your e-mails, all the things in emails like order recipes, tracking numbers, flights, medical and world related things, your spreadsheets and photos, they most certainly run facial recognition on photos to "help you sort them", your voice fingerprint, your accent, your schedules from calendar. If anyone ever had so much information on anyone, everyone would be freaking out. But since it's Google, "meh". No one. Similar scenario with Facebook. And they are known to make far more serious [removed]ups than avast! ever did. Where are mass outrages all over the world for days and mass leaving from Facebook as platform? The worst I've seen was, "Facebook is bad with privacy, I'm gonna only use Instagram from now on". Uhm, ok...

Sure there are some questions about data they were selling as some are alleging it's possible to track back things to individuals through several data points. But has anyone ever evaluated data Facebook and Google are selling to 3rd parties are not susceptible to same issues? Even google in all its might is known to do some really serious rookie [removed]ups. Coz no one has really looked at any data to such granularity that "it could be potentially traced back". Because when you have so many datapoints as Google has, there sure as hell can be connections established despite anonymization protocols in place. Want to know why I wiped basicalyl entire Google and also entirely stopped using it? That's why. They have so many input data points it's straight up creepy as [removed] and I don't care how awesome their services are. I rather lumber around with DuckDuckGo and still get what I need instead of have that creepy guy always finding everything for me exactly. I don't value convenience that much to toss entire privacy into a garbage bin.
 
F

ForgottenSeer 823865

@RejZoR You can't compare Google and Avast, Google is a company based on ads and data collection which need users infos to offer targeted services.


Avast is an AV company, they don't need your personal datas to offer quality protection and even less selling them to 3rd party entities. Avast was just led by greedy board. Does Emsisoft work less good than Avast because they don't collect and resell datas? In contrary...

Even if I suspect all this affair to be a clickbait witch-hunt orchestrated by PCrapMag, Avast is way below purity in this... But I also recognize their right to collect if they I want, at least they told it. Now if the users are ok, well... Their choice and I won't blame Avast.
 

RejZoR

Level 14
Verified
@Umbra Sure, but does your privacy even matters anywhere when you're using Google? Being outraged at avast! but using Google at the same time just makes everyone ultra disingenuous. If someone wasn't and was using more private solutions for a reason, fair enough, I'd be mad too, but how many people actually are like that? Not many as those already avoid cloud antiviruses in general even though that's hard these days...
 
F

ForgottenSeer 823865

@Umbra Sure, but does your privacy even matters anywhere when you're using Google?
If i was very concerned, i could use any Google services without even giving my datas, how? i just won't use my real name or real picture; then it doesn't matters what they collect.
I told here many times here and there, if you are concerned with privacy, don't use your real persona online, privacy is about what you expose online. If you can't resist, don't blame the data miners, they just do their job.

Being outraged at avast! but using Google at the same time just makes everyone ultra disingenuous.
If someone wasn't and was using more private solutions for a reason, fair enough, I'd be mad too, but how many people actually are like that? Not many as those already avoid cloud antiviruses in general even though that's hard these days...
i agree with that. you can't blame one party and praising another doing the same or worst, reason i qualified this affair as an orchestrated witch-hunt. And i wasn't surprised at all it came from PCmag...

avast tells that they do sell data so they're probably that, too.
Obviously.
 
Top