This is the second time the CCleaner app has been the victim of an attempt or even a cyberattack.
Its current owner, Avast, the cybersecurity firm, faces a very delicate dilemma. When questioned by journalists, information systems security manager Jaya Baloo did not hesitate to note that the computer problem remains.
This article will also interest you: What software to secure my Windows? Here are 7 Best-Performing Security Suites of the moment
She made the case of the private virtual network, without any security authentication to protect a potential user: "It was in principle a temporary account, the kind of account created for a particular task such as a backup or an administration operation. It was the only VPN account for which strong authentication was not enabled and it should have been deleted, but it was not.
He hid at the bottom of the VPN account directory, and the attacker used it after he managed to steal the ID and password. But we don't know yet how he did it," she said. However, this is not a false positive because if there was a black spot that should have resulted from a misinterpretation, the technicians had security alerts that caused them to lose a lot of time.
Indeed, on September 23, the team of experts of the cybersecurity firm had noticed that there were inconsistencies in the login. This is where they saw a user connected to a VPN network from a Mac terminal, even though the user had no permission to be there. Unfortunately this irregular action was passed off as a false positive, thus an error in the logs: "However, an investigation has been launched for verification. At the beginning of October, it turned out that the logs were perfectly correct. This is because the attacker was using a Mac virtual machine and he had an elevation of privileges to gain access to the domain controller," explained Jaya Baloo.
It was from that moment a general alert was triggered and production software has stopped. just time to do some verification of to ensure that others are not corrupted: "All software versions of the last six months have been checked. But the priority software for business, because that is where the impact of a business infection is the highest," the official said.
To parify on time, new certificates have been produced for replacement of the old ones, and an emergency update has also been made available to CCleaner users, so it was automatic, allowing you to take ahead of any latent attack. In addition, the VPN account Temporary service was put into service: "It was the right thing to do in not to attract the striker's attention,"
The first manager assured that the teams are in the process of verifying all the logs they have, and that the identifiers have already been reset. "Imagine you have a house and in a room you have seen termites. Are they also in another room? Did they infest the whole house? We don't know. I preferred to assume that all the infrastructure is compromised and that we had to start from scratch," explained Baloo.
Now access an unlimited number of passwords: