Avast says hackers breached internal network through compromised VPN profile
Czech cyber-security software maker Avast disclosed this week a security breach that impacted its internal network.
In a statement published this week, the company said it believed the attack's purpose was to insert malware into the CCleaner software, similar to the infamous CCleaner 2017 incident.
Avast said the breach occurred because the attacker compromised an employee's VPN credentials, gaining access to an account that was not protected using a multi-factor authentication solution.
The intrusion was detected on September 23, but Avast said it found evidence of the attacker targeting its infrastructure going as far back as May 14, this year.
"The user, whose credentials were apparently compromised [...], did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges," said Jaya Baloo, Avast Chief Information Security Officer (CISO).
Staff eventually tracked down other security alerts inside Avast's ATA dashboard, alerts that engineers previously ignored, thinking they were false positives. ATA stands for Microsoft Advanced Threat Analytics, an on-premise network parsing engine and traffic analysis system that Microsoft sells to enterprises in order to protect internal networks from malicious attacks triggered from inside.
- Contractor SC Cyber Security. £400.
SC Cleared contractor for a 3 month engagement. Public sector. Currently looking at remote / flexible working. The client is in London so there may well be travel involved at some stage.. Initial scoping, gap analysis, business impact analysis etc to understanding their current posture. To expand to formulate best practice recommendations. Broad info sec and technical awareness. Current SC clearance critical.