SECURITY
SECURITY
SECURITY
Cybersecurity company Avast hacked via employee virtual private network
Czech cybersecurity firm Avast Software s.r.o., the owner of popular antivirus software provider AVG Technologies N.V., has been hacked, but the company managed to fight off the attack.
Those behind the hack managed to gain access by compromising an employee’s virtual private network credentials that were not protected using two-factor authentication. Having gained access, the hacker managed eventually to obtain domain administrator privileges and attempted to insert malware onto Avast’s network.
The attack was first detected Sept. 23, the hacker gaining domain admin privileges triggering an internal system alert, though Avast noted that the hacker had been trying to gain access since May 14.
The hacker was traced back to a public IP address in the U.K. The hacker was specifically targeting Avast’s CCleaner software with malware that allowed those behind it to spy on users. CCleaner was previously hacked in 2017 in what is believed to have been a state-sponsored attack targeting tech companies.
In a surprising twist, having already detected the hacker in its network, Avast let the hacker attempt to proceed for weeks, locking down potential targets in the meantime both to study the hacker and to try to locate the person or group behind the hack.
Software being hacked is normal, but Avast’s game of cat-and-mouse with the hacker was unusual. Avast stopped issuing updates for CCleaner Sept. 25 to be sure that none of its updates were compromised while checking previous releases for compromise as well.
Fast forward to Oct. 15 and Avast started pushing out CCleaner updates with a re-signed security certificate confident that its software was safe from compromise.
“It was clear that as soon as we released the newly signed build of CCleaner, we would be tipping our hand to the malicious actors, so at that moment, we closed the temporary VPN profile,” Avast’s Chief Information Security Officer Jaya Baloo said in a blog post. “At the same time, we disabled and reset all internal user credentials. Simultaneously, effective immediately, we have implemented additional scrutiny to all releases.”
In addition, she said, the company continued to harden and further secure its environments for Avast’s business operations and product builds. A cybersecurity company being hacked is never a good look, but to its transparency was seen as commendable.
Image: Cuneopost
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
