Only the incident response process can provide details regarding the scope of this issue and how to best address it,” it added. “When generating a new cert care must be taken to ensure attackers have no foothold within the environment with which to compromise the new certificate. If true, the modus operandi of the hackers is reminiscent of the way 'NotPetya' was spread after attackers targeted popular Ukrainian accounting software at source.Ĭisco Talos also suggested that portions of the signing process for the certificate in question may have been compromised, and argued the certificate should be revoked and untrusted. “It is also possible that an insider with access to either the development or build environments within the organization intentionally included the malicious code or could have had an account (or similar) compromised which allowed an attacker to include the code.” “It is likely that an external attacker compromised a portion of development or build environment and leveraged that access to insert malware into the CCleaner build that was released and hosted by the organization,” the firm explained. Security researchers have urged users of a hugely popular performance optimization tool to upgrade to the latest version, after discovering a sophisticated supply chain attack which inserted malware into the software.ĭuring beta testing of new security tool, Cisco Talos discovered malicious code in the 32-bit version of the CCleaner 5.33 installer by London-headquartered Piriform, now part of Avast.įar from being a fake CCleaner app, the version spotted by Cisco was found to be legitimate and signed with a valid digital certificate.
0 kommentar(er)
