Czech cybersecurity firm Avast Software s.r.o., the owner of popular antivirus software provider AVG Technologies N.V., has been hacked, but the company managed to fight off the attack.
Those behind the hack managed to gain access by compromising an employee’s virtual private network credentials that were not protected using two-factor authentication. Having gained access, the hacker managed eventually to obtain domain administrator privileges and attempted to insert malware onto Avast’s network.
The attack was first detected Sept. 23, the hacker gaining domain admin privileges triggering an internal system alert, though Avast noted that the hacker had been trying to gain access since May 14.
The hacker was traced back to a public IP address in the U.K. The hacker was specifically targeting Avast’s CCleaner software with malware that allowed those behind it to spy on users. CCleaner was previously hacked in 2017 in what is believed to have been a state-sponsored attack targeting tech companies.
In a surprising twist, having already detected the hacker in its network, Avast let the hacker attempt to proceed for weeks, locking down potential targets in the meantime both to study the hacker and to try to locate the person or group behind the hack.
Software being hacked is normal, but Avast’s game of cat-and-mouse with the hacker was unusual. Avast stopped issuing updates for CCleaner Sept. 25 to be sure that none of its updates were compromised while checking previous releases for compromise as well.
Fast forward to Oct. 15 and Avast started pushing out CCleaner updates with a re-signed security certificate confident that its software was safe from compromise.
“It was clear that as soon as we released the newly signed build of CCleaner, we would be tipping our hand to the malicious actors, so at that moment, we closed the temporary VPN profile,” Avast’s Chief Information Security Officer Jaya Baloo said in a blog post. “At the same time, we disabled and reset all internal user credentials. Simultaneously, effective immediately, we have implemented additional scrutiny to all releases.”
In addition, she said, the company continued to harden and further secure its environments for Avast’s business operations and product builds. A cybersecurity company being hacked is never a good look, but to its transparency was seen as commendable.
Image: Cuneopost
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.