CCleaner violated: The hack is far more serious than expected
Not only the users’ computers, but also big companies in the technology sector with ad-hoc attacks, have been targeted with the attack on CCleaner.
According to various security researchers, the hack on CCleaner is much more serious than initially expected. The attackers did not intend to simply target the computers of unsuspecting users, confident of the origin of the software, but their goal was to gain the secrets of the most important signatures in the technology sector.
Researchers at Cisco’s Talos security division said more than 700,000 machines were involved in the attack on popular PC maintenance software. The hackers used the information gathered from the infected systems to identify at least 20 high-profile technology companies, including Cisco. The actual attack was then carried out against these companies.
According to the researchers this ” would suggest a performer looking for specific intellectual properties of value “. Besides Cisco, among the companies involved we find the likes of Google, Intel, Microsoft, Samsung, Sony, HTC and Linksys, as well as VMware, Akamai, Vodafone, D-Link and Singtel. The Talos researchers have naturally contacted all the potential victims of the attack, informing them of the possible compromise of their systems.
” What we have discovered certainly increases the level of concern we have about this phenomenon, given that the elements in our possession make us think of an unknown executor, but with advanced skills, ” reads the note. During the attack, the malware may periodically contact the server’s command and control servers, transmitting sensitive information to the latter, including IP addresses, uptime, hostnames, domain names, and more.
” This information was likely to have been used by attackers to determine which machines they could have targeted during the final stages of the campaign, and when combined, the information would allow the attacker to initiate an infection at a higher level so as to be unrecognizable and stable “. To protect yourself now, it is sufficient to install the latest versions of CCleaner available, among those released to the public.
However, the Talos researchers argue that removing the infected version of CCleaner or upgrading to the latest version is not enough for those caught up in the ” Stage 2 ” attack. In this case, it would be necessary to restore an eventual backup before the installation of the software versions involved, in order to delete not only CCleaner but also any other malware that the latter has taken root in the system.