![]() ![]() “The key thing is to realize that the build environment is critical, especially the signing certificate,” Vlcek said. While Avast has a process in place to check the final code for security issues and potential compromise, Piriform did not yet have that infrastructure in place, he said.Īs part of its response, Avast has expedited the move of Piriform’s development to Avast’s infrastructure. In the CCleaner incident, the attacker was able to insert themselves into the build process, most likely on the server used to compile, link, and sign the software, Ondrej Vlcek, chief technology officer of Avast, told eWEEK. ![]() ![]() Digital signatures are only as good as the process they are verifying, Wysopal said. Yet, Avast’s Piriform did, highlighting that a digital signature is not proof against software supply-chain attacks. “Whenever you have a supply chain problem, each consumer has to be able push back at any point in the chain and say, I need a process to make sure that I’m getting what I think I’m getting,” Chris Wysopal, chief technology officer and co-founder of security firm Veracode, told eWEEK.Ĭustomers of MEDoc, for example, could not even do that, because the company did not sign its updates. pharmaceutical maker Merck, and the world’s largest advertising firm WPP of Britain. In June, for example, after online attackers compromised Ukrainian MEDoc tax software firm’s update server to distribute NotPetya ransomware, the program infected many large companies, disrupting operations at businesses such as Danish shipper A.P. Too many companies have not adequately secured their software supply chain. The attack underscores advice stressed by many software-security professionals: The software development process needs to be better secured to stop potentially devastating attacks. “Once the attacker has all the certificates and all the keys and all the passwords, there is not a lot you can do.” “The fact of the matter is, when it comes down to supply chain attacks, if the attacker is in your build system already, you’ve lost,” Craig Williams, senior technical leader with Cisco’s Talos research group, told eWEEK. Underscoring the effectiveness of inserting code during development, only one of the 64 antivirus scanners run by VirusTotal detected the malicious behavior, in large part because the CCleaner binary had a legitimate digital signature, according to an investigation by enterprise-technology giant Cisco, which detected the attack before Avast’s Piriform publicly announced the incident. 12-more than 2.27 million users-effectively installed a backdoor onto their systems as well. On Monday, security-software firm Avast announced that its popular system-cleaning program CCleaner-developed by Piriform, a company acquired by Avast in July-had been compromised during development and infected users’ system with malicious code for almost a month.Īnyone who installed the then-current 32-bit Windows version of CCleaner and CCleaner Cloud between Aug. The similarities in the code were also spotted by the threat intelligence group inside Cisco.The software supply chain is increasingly under threat by attackers who seek to turn legitimate software programs into Trojan horses that can compromise millions of computers. The Missl backdoor trojan was used by a hacking group known as Axiom.Īxiom hacker group is assumed to be based out of China and the hacker group was also known by many other names like Group 72, APT17, DeputyDog and more. Recently, Kaspersky Lab’s Costin Raul made a tweet in which he claimed that the malware stuffed inside CCleaner v5.33 shared the code with the Missl backdoor trojan. ![]() Hackers have applied a malicious code in CCleaner version and the version was downloaded by more than 2.27 million users. CCleaner Malware Targeted 20 Tech Giants Including Intel, Microsoft, Samsung And MoreĪ few days ago we have seen, the popular cleaning application, CCleaner was infected by a malware. Hackers wanted to exploit around 20 tech firms through the malware. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |