Avast was yet again subject to an attack from threat actors, though the company maintains that users of the service are safe and protected.
Security company Avast revealed today (21 October) that it was hacked. A company statement detailed how a threat actor accessed the company’s systems through a compromised VPN profile that “had erroneously been kept enabled and did not require 2FA
It said that the threat actor successfully used the credentials to access Avast’s internal network. Though the associated account did not initially have domain privileges, the actor was able to obtain them through successful privilege escalation. Avast ascertained through analysis of its external IPs that the actor had been trying to access the VPN since May.
“Global software companies are increasingly being targeted for disruptive attacks, cyberespionage and even nation-state level sabotage, as evidenced by the many reports of data breaches and supply chain attacks over the last few years,” the statement said.
“At Avast, we constantly work hard to stay ahead of the bad guys and to fight off attacks on our users. It is therefore not so surprising that we ourselves could be a target.”
- TikTok removed nearly 90 million videos globally in the second half of 2020
- Mastercard, MTN partner To enable payments on global platforms with Mobile Money
- Using lessons learnt in 2020 to combat the security threats in 2021
- Cybercrime and the pandemic – Read Now!
- Here is why enterprise security isn’t just an IT problem
‘Extremely sophisticated attempt’
The company believes that the hackers were attempting to install malware in its CCleaner software. However, it stated that users of the service are protected and unaffected.
Avast, a Czech company, is partnering with the state’s intelligence agency, along with the local police force’s cybersecurity division and an external forensics team to further investigate the crime.
Comparisons have already been drawn between the most recent attack and a previous assault on CCleaner in 2017, which saw threat actors illegally modify a version of the software before it was released to the public.
“It is clear that this was an extremely sophisticated attempt against us that had the intention to leave no traces of the intruder or their purpose, and that the actor was progressing with exceptional caution in order to not be detected,” the company added.