In addition to being installed on more than 2 million systems, the CCleaner malware is dangerous because it can place a backdoor on infected systems that appears legitimate because it is signed with one of Piriform's own digital certificates. The similarities in the code were also spotted and mentioned in a report published by Cisco Talos a threat. However, enterprises that didn't have the software auto-updated needed to manually remove it from the impacted systems. The existence of the malware in the CCleaner 5.33 executable was reported on Monday. AMP Threat Grid helps identify malicious binaries and build protection into all Cisco Security products. CWS or WSA web scanning prevents access to malicious websites and detects malware used in these attacks. From the nearly 2.27 million systems that installed the impacted CCleaner, only 40 systems were infected, and most of the systems that installed the impacted CCleaner got an auto-update from Avast that removed the malicious version - showing one perk of auto-updates. Advanced Malware Protection is ideally suited to prevent the execution of the malware used by these threat actors. Morphisec notified Avast of suspicious connections from CCleaner, prompting an investigation.Īny time an enterprise is notified of an attack that it didn't internally detect, it is a bit concerning, but not surprising. In addition to being installed on more than 2 million systems, the CCleaner malware is dangerous because it can place a backdoor on infected systems that appears legitimate because it is signed with one of Piriform's own digital certificates. The malware that attackers sought to spread through infecting the popular CCleaner utility appears to have been targeting high-profile tech targets, according to analysis by Ciscos Talos Intellig. Malware that piggybacked on CCleaner, a popular free software tool for optimizing system performance on PCs, appears to have specifically targeted high profile technology companies and may have. Given that CCleaner is used so widely, it's a target for a watering hole attack.Ī recent watering hole attack was disclosed in detail by Avast Software, Morphisec and Cisco, and it described how an attacker was able to gain access to Piriform Software Ltd.'s software development environment to add malware to the legitimate CCleaner software - Avast acquired Piriform last summer. CCleaner software is usually only installed on a few endpoints in an enterprise, but the organization could lose track of the software. Sometimes, the help desk will use tools to investigate an endpoint that may have been infected with malware, and one of those tools is CCleaner. Some software may be managed by the enterprise, some may be used by the help desk to fix systems, and some may be used by employees without the knowledge or approval of the enterprise IT department. One common security recommendation is to know what software or systems your enterprise is using so that you know what needs to be secured. Software and supply chain security are critical parts of an enterprise's information security program.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |