CCleaner attack targeted specific companies

CCleaner attack targeted specific companies

Talos researcher Craig Williams told the Reuters news agency the attack had been "sophisticated" because it had targeted a trusted server and sought to make the booby-trapped version look legitimate. In a blog post Tuesday, Avast executives Vince Steckler and Ondřej Vlček wrote that while about 730,000 CCleaner users still have the infected version of the software on their computers, the malicious software has been disabled, so no one is at risk anymore. The code overlap was backed up by researchers at Cisco Talos, who said this was "important information" but refrained from confirming attribution.

According to Cisco's Talos, the hackers had apparently planned to use the CCleaner backdoor as a dragnet to filter computers on the networks of major companies like Google., Microsoft and Intel, in order to potentially hijack their own networks.

Cisco said the new findings supported and reinforced its previous recommendation that those impacted by the supply chain attack should not simply remove the affected version of CCleaner or update to the latest version, but should restore from backups or reimage systems to ensure that they completely remove not only the backdoored version of CCleaner but also any other malware that may be resident on the system. As of yet, there's very little evidence to attribute the attack to any particular organisation.

He also outlined that the user could have noticed nothing.

The company following the revelation was quick to assure users that no damage was done to their devices but urged them to check for the version of the software installed just a precautionary measure.

The threat faced by CCleaner users is serious, said Nathan Wenzler, chief security strategist at AsTech Consulting. Further investigation revealed that the loophole which allowed for the download of Virus be it a keylogger or a ransomware had been in the system already as the infected version was launched on August 15.

Fortunately, Piniform addressed the problem before it escalated.

The impact of the infection had been limited, said Mr Yung, because relatively few people automatically updated the CCleaner software.

"We're seeing more of these types of attacks", said Neil Wetzel, director of security research at Cygilant. "We regret the inconvenience experienced by Piriform's customers".

But researchers at Cisco claimed that a control server that had been seized by USA law enforcement showed that the hackers had installed additional malicious software on at least 20 machines.

They found the names of around 20 tech firms, including Cisco, whom attackers wanted to exploit through the malware.