Avast Shares Details on Last Year’s CCleaner Hack

CCleaner suffered a major breach last year.

Now, I don’t know if you ever used CCleaner or not, but remember when we told you about the software’s major breach last year? Avast, who purchased the software’s maker, Piriform, showed some restraint at the time. However, it looks like more information regarding the hack has just surfaced, so we just had to follow up. Basically, hackers managed to compromise a specific version of CCleaner, which they injected with a malware backdoor.

Data suggests that 2.27 million users downloaded the compromised installation fire. According to chief technology officer, Ondrej Vlcek, the attackers accessed Piriform’s network on March 11, 2017. This was a few months before Avast’s acquisition, mind you.

How could this happen in the first place?

Oddly enough, the attacker managed to gain access to a TeamViewer remote desktop account on a developer PC. Needless to say, this was a major breach. And yet, nobody knows how the TeamViewer credentials were obtained.

“While we don’t know how the attackers got their hands on the credentials, we can only speculate that the threat actors used credentials the Piriform workstation user utilized for another service, which may have been leaked, to access the TeamViewer account.”

The one responsible for the attack managed to inject ShadowPad into two of the company’s systems. The first corrupted CCleaner download appeared on August 2. At the end of the investigation, it looks like Avast drew two important conclusions:

“First, M&A due diligence has to go beyond just legal and financial matters. Companies need to strongly focus on cybersecurity, and for us, this has now become one of the key areas that require attention during an acquisition process.”

“Second, the supply chain hasn’t been a key priority for businesses, but this needs to change. Attackers will always try to find the weakest link, and if a product is downloaded by millions of users it is an attractive target for them. Companies need to increase their attention and investment in keeping the supply chain secure.”

Clearly, the attack was an eye-opener for both Avast and Piriform. Hopefully, other companies will further improve the security of their platforms as a result. At the end of the day, the breach affected more than two million users, and that’s no small number even by today’s standards.