Slashdot Mirror

← Back to Stories (view on slashdot.org)

The CCleaner Malware Fiasco Targeted at Least 20 Specific Tech Firms (wired.com)

Posted by msmash on from the security-woes dept.

An anonymous reader shares a report: Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be. Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms Morphisec and Cisco revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks. It wound up installed on more than 700,000 computers. On Wednesday, researchers at Cisco's Talos security division revealed that they've now analyzed the hackers' "command-and-control" server to which those malicious versions of CCleaner connected. On that server, they found evidence that the hackers had attempted to filter their collection of backdoored victim machines to find computers inside the networks of 20 tech firms, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself. In about half of those cases, says Talos research manager Craig Williams, the hackers successfully found a machine they'd compromised within the company's network, and used their backdoor to infect it with another piece of malware intended to serve as a deeper foothold, one that Cisco now believes was likely intended for industrial espionage.

3 of 151 comments (clear)

  1. Reflections On trusting trust by goombah99 · · Score: 5, Interesting

    If you never read this essay here it is
    https://www.ece.cmu.edu/~gange...

    Malware is slowly moving up the software chain to where this is becoming increasingly plausible.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  2. Re:Why would those companies use CCleaner? by TWX · · Score: 4, Insightful

    If it's simply a hop-off point, all you need is one engineer who operates outside of his IT department whose specific software needs mandate he has local admin rights on his computer. He runs the tool he uses at home instead of calling IT, and suddenly his box is now the initial penetration point to access the company network.

    --
    Do not look into laser with remaining eye.
  3. Re:Don't trust foreign sources for apps by Vlad_the_Inhaler · · Score: 4, Insightful

    All I have learned from Kaspersky is that some politician alleged Kaspersky may possibly be spying. No evidence, nothing. Nothing to indicate the politician knows anything above the Internet consisting of virtual tubes either. Everything else followed on from there.
    I actually trust Kaspersky to do the job more than I trust a lot of the competition, they have discovered some serious state-sponsored malware in the past. I don't know if Symantec still make virus scanners but when Google, Mozilla et al start initiating the process to "untrust" their certificates, I wouldn't run one of their scanners in a sandbox.

    --
    Mielipiteet omiani - Opinions personal, facts suspect.