- #When was the to the ccleaner malware down loaded update
- #When was the to the ccleaner malware down loaded code
Two months earlier, hackers hijacked the update mechanism of the Ukrainian accounting software MeDoc to deliver a destructive piece of software known as NotPetya, causing massive damage to companies in Ukraine as well as in Europe and the United States. But it already represents another serious example in the string of software supply-chain attacks that have recently rocked the internet. The exact dimensions of the CCleaner attack will likely continue to be redrawn, as analysis continues. "If you didn’t restore your system from backup, you’re at high risk of not having cleaned this up," Williams says. Instead, the researchers recommend that anyone affected fully restore their machines from backup versions prior to the installation of Avast's tainted security program. Supply Chain Woesįor any company that may have had computers running the corrupted version of CCleaner on their network, Cisco warns that its findings mean merely deleting that application is no guarantee the CCleaner backdoor wasn't used to plant a secondary piece of malware on their network, one with its own, still-active command and control server. But it also notes that one configuration file on the attackers' server was set for China's time zone-while still acknowledging that's not enough for attribution.
#When was the to the ccleaner malware down loaded code
Cisco and security firm Kaspersky have both pointed out that the malware element in the tainted version of CCleaner shares some code with a sophisticated hacking group known as Group 72, or Axiom, which security firm Novetta named a Chinese government operation in 2015.Ĭisco concedes that code reuse alone doesn't represent a definitive link between the CCleaner attack and Axiom, not to mention China. That target list presents a new wrinkle in the unfolding analysis of the CCleaner attack, one that shifts it from what might have otherwise been a run-of-the-mill mass cybercrime scheme to a potentially state-sponsored spying operation that cast a wide net, and then filtered it for specific tech-industry victims.
But it also wrote that the total number of victim firms "was likely at least in the order of hundreds." 1 In an update post Thursday morning, Avast backed Cisco's findings, and confirmed that eight of the 18 known target companies had been breached by the hackers. "It’s very likely they modified this through the monthlong campaign, and it’s almost certain that they changed the list around as they progressed and probably targeted even more companies," says Williams. It may have included evidence of other targets, successfully breached or not, that the hackers had sought to infect with their secondary payload earlier in the month-long period when the corrupted version of CCleaner was being distributed. Williams also notes the target list Cisco found likely isn't comprehensive it appears to have been "trimmed," he says. Security firm Kaspersky says the ransomware was the third attack in the last year that hijacked innocent updates to spread malware. The Petya Plague Exposes the Threat of Evil Software Updates "Now we know this was being used as a dragnet to target these worldwide.to get footholds in companies that have valuable things to steal, including Cisco unfortunately." "When we found this initially, we knew it had infected a lot of companies," says Williams. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage. On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 18 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected. It wound up installed on more than 700,000 computers. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 18 tech firms.Įarlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well.
0 kommentar(er)
