Antivirus Provider Breached For Second Time
By: Jim Stickley and Tina Davis
February 3, 2020
In October of last year, Avast, a company providing a family of antivirus solutions, announced it had experienced a second data breach. The Czech-owned company offers antivirus software at no cost for personal use. Avast’s file cleaning utility called CCleaner, known for deleting or “cleaning” a system of old or unwanted files and removing malware lurking in a system, was the focus of the attack. Although CCleaner helps free-up disk space by deleting unwanted files and malware, the same virus was discovered in a prior attack and was designed to steal data from users. CCleaner is used by Apple and Microsoft Windows platforms to optimize performance and has over 2 billion downloads to date.
At the heart of the latest security incident, Avast claims the attacker got hold of an employee’s VPN (Virtual Private Network) credentials. The compromise was the result of using those credentials to access the account and one that was not protected by multi-factor authentication. Through an escalation of privileges, the attacker eventually gained domain administrative access, an elevated level of privilege within a system. Avast states the recent attack had similarities to the first incident in 2017 for which they leveled blame on a Chinese hacking group. Its first security event compromised clients like Cisco, Microsoft, and Google, with over 2 million users downloading the infected CCleaner.
This incident was discovered in September 2019, with Avast claiming it found evidence of the attack going back to May. According to Avast, they didn’t act for two weeks after discovering the hack. Instead, they left the compromised VPN profile active, in hopes of observing the attacker’s actions and ultimately their identity. As of yet, the attackers haven’t been identified. Since going public about the event, Avast has released an update to older versions of CCleaner to address this latest security flaw. The company also changed the previous digital certificate to a new one, hoping to prevent attackers from using the older certificate to sign bogus CCleaner updates.
What can you do? Always keep your software updated with their latest versions. Make sure there is antivirus software installed on all devices and keep it updated too. And of course, always been on the lookout for phishing attacks that may try to steal your login credentials.