A tiny handful of firms, many of them technology firms, were hit with a “second stage” attack that was much more sophisticated and that was aimed at stealing Intellectual property, according to Cisco Systems. #Ccleaner malware threat report update#The change went unnoticed and Piriform signed the compiled software, putting the company’s stamp of approval on the compromised code.Īs many as 2 million copies of that update were shipped and 700,000 computers may have been hit with the first stage of the attack. #Ccleaner malware threat report software#Malicious software was inserted into an important Visual Studio runtime file that is bundled with the CCleaner application and that loads and runs on victim systems before the execution of the CCleaner software. The attackers who were behind the CCleaner attack compromised and modified the computers used to “build” the CCleaner application. He said the Morphisec customers hit with the CCleaner attack were in industries like manufacturing, services and technology. Still, Morphisec’s investigation did not begin until three weeks after the infect, but quickly led to the discovery that CCleaner’s maker, Piriform (now owned by the security firm Avast), had been hacked. Detail from the second stage of the CCleaner attack. The customer asked Morphisec to explain why its software was blocking a legitimate application, leading to the discovery that the application had been compromised prior to distribution to hundreds of thousands of individuals and companies globally. He said his firm became aware of the CCleaner attack only after a manufacturing firm located in Singapore that was a customer of Morphisec received a number of alerts that the firm’s software was blocking CCleaner from running. #Ccleaner malware threat report code#Morphisec makes an endpoint protection technology that prevents in-memory attacks, which puts it at a disadvantage for identifying new malicious software, as its technology doesn’t rely on malicious code “signatures” to work. He said he believed there were other so-called supply chain attacks like CCleaner, but declined to say whether his firm had uncovered evidence of other such attacks targeting its customers. “They’re very interesting events and when you go deeper they become more interesting,” he said. While Gorelik declined to say whether they had found evidence that other, similar attacks had taken place, he said the initial findings of the investigation were “very interesting.” We’re revalidating stuff that we caught within the last several months,” he said. The firm that discovered the CCleaner attack thinks there may be other common applications that, like CCleaner, have been secretly compromised and used to gain access to corporate networks.Įngineers at the firm Morphisec are reviewing historical reports that were considered “false positives” to determine if any of those reports may have been evidence of compromises of other common applications, Chief Technology Officer Michael Gorelik told The Security Ledger.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |