CCleaner Compromise

By   ISBuzz Team
Writer , Information Security Buzz | Sep 19, 2017 12:00 pm PST

CCLearner, a utility program used to clean unwanted files including temporary internet files and invalid Windows Registry entries from a computer, has been hijacked and used by hackers to relay information about users. IT security experts commented below.

Michael Patterson, CEO at Plixer:

“Any and all software developed for Internet use can be hacked and compromised.  Due to the behavior of approved software, it has made the detection of unwanted software and malware difficult to track down.  The industry is in dire need of laws which specify how data can be collected from customers and where it can go and how it must behave (e.g. interacting with the DNS).  Without these laws, it becomes nearly impossible to uncover traffic anomalies and network traffic analytics is the only fall back for investigating odd communication patterns.”

Ofer Maor, Director of Enterprise Solutions at Synopsys: 

“The recent incident with Avast’s platform CCleaner shows how attackers are stepping up their game to attack more allegedly secure customers. While recent ransomware attacks mostly affected random users with minimal consideration to the maintenance of their computer (such as installing updates), this attack targets the very users who follow best practices and regularly maintain their computer. And they do it by taking advantage of the very vendor the users expect to trust.

Attacks like this are likely the result of insufficient security and quality controls by the vendor, allowing attackers to maliciously inject code while the software is being created. These insufficient controls, however, are not the result of extreme negligence. They are, indeed, the standard for many vendors. These types of attacks just demonstrate the need for the software industry to mature itself the way other engineering disciplines have been in the past. We no longer accept lack of such controls in our cars or our bridges, and as the customers, we should no longer accepts such oversights with software.”

Javvad Malik, Security Advocate at AlienVault: 

Javvad Malik“The attack mirrors the NotPetya ransomware technique of compromising a software provider that is trusted by consumers. A technique that is being used more often, even targeting security companies. It is therefore important that companies deploy effective threat detection and integrity controls to be able to identify where unauthorised access has been attempted or code has been changed.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x