Just today, the cyber security giant Avast revealed in a blog post that they were hacked in May earlier this year in an attempt they have termed as “Abiss.”
Leveraging on the compromised VPN profile of an employee that did not require 2FA, the intruder was able to gain domain admin privileges through privilege escalation as the employee directly did not have any such access.
Although initially, Avast could not detect the attack, finally on September 23, the team started investigations collaborating with the Czech Republic’s intelligence service and police force cybersecurity division along with a third-party forensics team.
At this stage, it has not been confirmed by the company as to which of its products were targeted. However, they suspect that CCleaner was the “likely target of a supply chain attack.” It is noteworthy that CCleaner was hacked in 2017 after a Backdoor was found in its internal system affecting 2 Million Users.
To this, they stopped the upcoming releases of the software two days later on 25 September while simultaneously verifying that no prior versions had been compromised. With that done, Jaya Baloo – the Chief Security Information Officer stated in a blog post that,
We first re-signed a clean update of the product, pushed it out to users via an automatic update on October 15, and second, we revoked the previous certificate. Having taken all these precautions, we are confident to say that our CCleaner users are protected and unaffected.
Furthermore, CCleaner has also confirmed that their software is fully protected and secure in a series of tweets to HackRead:
(1/4) As a global software company, we rigorously monitor and test our systems, and cooperate with local, regional, and international agencies to actively track and verify malicious behavior.
— CCleaner (@CCleaner) October 22, 2019
Meanwhile, for the foreseeable future, Avast has reiterated its commitment to improving its security and response measures with a proposed action of further investigation both internally and with law enforcement agencies.
Furthermore, all employee credentials have been reset. On the other hand, looking at a snapshot of Avast’s stock does reveal a certain degree of volatility with it opening at £398.40, reaching a low of £383.40 during the day but finally ending it on a high note at £401. Nonetheless, no connection is confirmed between this hack and the fluctuations as seen.