An insidious attack trend has started lately. It's called the software supply chain attack.
Originally downplayed as an averted attack on a popular Windows utility program, the CCleaner compromise specifically targeted networking-equipment manufacturers and enterprise-software makers, according to evidence uncovered by investigators and published on September 20.
The malware inserted into CCleaner, a popular system utility downloaded by at least 2.3 million users, is far more serious than originally thought.
An initial investigation carried out by security researchers at Cisco Talos revealed that with this attack, hackers managed to compromise Czech anti-virus maker firm Avast’s CCleaner software servers as well as embed a backdoor and a multi-stage malware payload in two of the software’s versions namely CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (both are 32-bit versions), which got installed automatically whenever CCleaner was installed. Morphisec, an Israeli cybersecurity startup, had discovered the compromise too.
While Avast—the security firm that acquired CCleaner with its purchase of developer Piriform in July—argued earlier that the shutdown of the malware’s command-and-control (C&C) server and the defensive registration of 11 backup domains had blocked the malware from installing itself on victims’ systems, an analysis of the files on the C&C server has revealed that the malware infected 700,000 systems in four days, between 15th August and 12th September and explicitly targeted at least 20 companies with additional malware.
The scheme goes like this: Hackers compromise a trusted software vendor, subvert its products with their own malicious versions, and then use the tainted formulation to infect customers — thereby bypassing internal security controls and easily spreading malware far and wide. Customers, careful to keep their software up to date, don't think twice about downloading the latest iterations.
Newest detail related to the hack revealed that infected CCleaner software attack is part of a wide-scale state-sponsored cyber-espionage campaign while mainstream tech giants are the real targets of hackers.
Originally downplayed as an averted attack on a popular Windows utility program, the CCleaner compromise specifically targeted networking-equipment manufacturers and enterprise-software makers, according to evidence uncovered by investigators and published on September 20.
The malware inserted into CCleaner, a popular system utility downloaded by at least 2.3 million users, is far more serious than originally thought.
An initial investigation carried out by security researchers at Cisco Talos revealed that with this attack, hackers managed to compromise Czech anti-virus maker firm Avast’s CCleaner software servers as well as embed a backdoor and a multi-stage malware payload in two of the software’s versions namely CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (both are 32-bit versions), which got installed automatically whenever CCleaner was installed. Morphisec, an Israeli cybersecurity startup, had discovered the compromise too.
While Avast—the security firm that acquired CCleaner with its purchase of developer Piriform in July—argued earlier that the shutdown of the malware’s command-and-control (C&C) server and the defensive registration of 11 backup domains had blocked the malware from installing itself on victims’ systems, an analysis of the files on the C&C server has revealed that the malware infected 700,000 systems in four days, between 15th August and 12th September and explicitly targeted at least 20 companies with additional malware.
The scheme goes like this: Hackers compromise a trusted software vendor, subvert its products with their own malicious versions, and then use the tainted formulation to infect customers — thereby bypassing internal security controls and easily spreading malware far and wide. Customers, careful to keep their software up to date, don't think twice about downloading the latest iterations.
Newest detail related to the hack revealed that infected CCleaner software attack is part of a wide-scale state-sponsored cyber-espionage campaign while mainstream tech giants are the real targets of hackers.