Just announced today by Avast, they detected a data breach on September 23rd. Avast is a Czech security company with 435+ million customers. There is evidence to show that the hacker was targeting them since May 14th, 2019. Right now, the likely reason for the hack was to compromise Avast’s CCleaner and infect it with malicious software.
How Was Avast Hacked?
Hackers were able to get access to Avast through an employee’s VPN login credentials. The account was not protected by multi-factor authentication security protocols. The attackers were able to obtain domain admin privileges, even though the employee’s account didn’t have such access. This left not only Avast’s CCleaner exposed, but customers’ accounts as well.
What Has Been Done To Protect Avast and Its Customers From This Recent Hack?
Once the hack was uncovered, Avast left the VPN open in order to track the attacker and learn more about them. When this analysis was complete, Avast immediately shut down the compromised VPN.
Here are some of the other actions Avast has taken to protect their products and customers:
- Audited previous CCleaner releases to ensure they weren’t compromised.
- Released a new CCleaners update.
- They changed the digital certificate needed for CCleaner updates.
- Revoked the access of the digital certificate previously used for CCleaner updates.
These security measures aren’t the end of Avast’s efforts to make sure their products are secure. According to Jaya Baloo, Avast’s Chief Information Security Officer.
We are continuing with an extensive review of monitoring and visibility across our networks and systems to improve our detection and response times. Also, we will further investigate our logs to reveal the threat actor’s movements and modus operandi together with the wider security and law enforcement community.
If you have an Avast account, make sure you change your login credentials to ensure your account is secure.
Recent Post: Can You Trust Your Home Security Camera?