To stay updated on latest cyber threats, subscribe to our newsletters.If we’ve learned anything in Productive Corporation’s seventeen years as a company, it’s that we not all products are made equal. To know more about AISS 2017 and registration visit Join us at DSCI-NASSCOM Annual Information Security Summit (AISS) 2017 for an extensive discussion on supply-chain attacks. Customers would even feel wary of installing updates and patches from firms which have not been affected by such attacks. The popularity of supply-chain attacks would affect the software industry at large. It also hinders the trust relationship between the software developer firm and its customers. Though beneficial for attackers, supply-chain attacks often have a devastating reputational impact on the organization whose servers were compromised.
It also provides stealth by hiding the malware payload in a genuine software. It provides wider reach and requires relatively less efforts to attain similar impact. This attack vector is increasing in popularity. These attacks are known as supply chain attacks. Organisations, using an application backlisting solution, can block the installation of affected versions of CCleaner and CCleaner Cloud.It is also advised, though not mandatory, to format and re-install the affected endpoints.Download the latest stable release from Piriform website.Remove the affected versions of CCleaner and CCleaner Cloud.The disk-wiper payload was camouflaged as ransomware. They then injected the updated binaries of the firm’s software with disk-wiper payload.
In this attack, malicious hackers broke into a Ukraine-based software developer firm’s update servers. Similar mechanism was used to spread the Petwrap disk wiper. Such code can also be used to download and execute another malware on the system. Additional information whether the process is running with administrator privileges, whether it is a 64-bit system, etc.MAC addresses of first three network adapters.List of installed software, including Windows updates.It collected the following information about the local system:.NID: IP address of secondary CnC server.TCID: timer value used for checking whether to perform certain actions (communication, etc.).Possibly also to be used as communication encryption key. MUID: randomly generated number identifying a particular system.It stored certain information in the Windows registry key HKLM\SOFTWARE\Piriform\Agomo:.The rogue server has been taken down now.Īs per the security notification, issued by Piriform, the suspicious code was storing and collecting the following information: It was reported to target top technology companies. This backdoor is capable of remotely executing code on the affected systems.
The attackers had penetrated into one of the update servers of Piriform and injected a two-staged backdoor in the executable binaries of CCleaner and CCleaner Cloud. Piriform confirmed that CCleaner version and CCleaner Cloud version, on 32-bit Windows systems, were illegally modified before they were released to public. It was reported that approximately 2.27 million users were affected by the malware-laden version of CCleaner. This is of concern because CCleaner is used by over 75 million users worldwide. It enables the management of CCleaner, on multiple PCs, from a single interface. CCleaner Cloud is a cloud-based control center for CCleaner. It removes potentially unwanted files, such as temporary internet files, and invalid Windows Registry entries. Recently security researchers at Cisco Talos discovered that malicious hackers had injected a malware into Piriform CCleaner and CCleaner Cloud.
0 kommentar(er)
