Recently, the Czech cybersecurity company Avast’s internal network was being accessed by a hacker. It is believed that he was aiming for a supply chain attack targeting CCleaner. The attack was detected on September 25, however, intrusion attempts began on May 14. According to an internal investigation, Avast concluded that the attacker was using compromised credentials via a temporary VPN account.
Well Planned Attack on Avast!
According to Avast Chief Information Security Officer (CISO), Jaya Baloo, this attack is carried out in an extremely sophisticated manner. This is due to the fact that the attacker took extra effort not to cause any suspicion or leave behind any traces of their intention. The company is naming the attack as ‘Abiss.’
The attacker connected from a public IP address in the UK and then used a temporary VPN profile that shouldn’t be active and wasn’t protected by two-factor authentication. He logged in on May 14 and 15, on July 24, on September 11, and on October 4. The company came to know about the intrusion when they received an alert. Soon, after digging deep, they released someone was using multiple sets of user credentials via a VPN.
Updated release for CCleaner:
On September 25, Avast suspected CCleaner to be the target, so they stopped the upcoming update and decided to fix the security issue. They released an updated version and made it mandatory for everyone to update. This was done so that none of their users gets exposed to attackers. Furthermore, even the old certificate to access the internal directory was revoked. Avast wasn’t taking any chances.
A similar supply chain attack on CCleaner took place in 2017. But it is unclear if both of these attacks are related. The company has informed Law enforcement agencies about the attempts. Avast is keeping a close eye on its asset as the attackers didn’t leave any traces.