Avast has stated that its internal systems had been breached by a hacker who used an employee’s compromised VPN profile to obtain domain admin privileges.
New Avast CISO Jaya Baloo - who joined in July from the Netherlands’ largest telecommunications carrier KPN – said that the attack had initially been flagged as a false positive, after unusual activity was identified on Microsoft’s Advanced Threat Analytics tool.
The company has involved the Czech intelligence services, police and third-party external forensics teams to try to trace the attackers’ moves.
The attack, first flagged in May 2019, was made via a staff member’s temporary VPN profile that had erroneously been kept enabled and which did not require 2FA.
The company believes the attack targeted its CCleaner product, which was also compromised in 2017 in an attack first identified by Cisco Talos. In that incident, hackers used their access to push malware through the tool, but then also used compromise to specifically target at least 20 key companies, including Cisco itself, through the delivery of a second-stage loader.
Cybersecurity companies are increasingly targets of malicious actors and Avast is not the only firm to have suffered such an attack recently. In May Trend Micro also admitted unauthorized access to testing lab network.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
