Banner Default Image

Avast says hackers breached internal network through compromised VPN profile

over 4 years ago by Lucy Cinder

Avast says hackers breached internal network through compromised VPN profile

Cyber Security

Czech cyber-security software maker Avast disclosed this week a security breach that impacted its internal network.

In a statement published this week, the company said it believed the attack's purpose was to insert malware into the CCleaner software, similar to the infamous CCleaner 2017 incident.

Avast said the breach occurred because the attacker compromised an employee's VPN credentials, gaining access to an account that was not protected using a multi-factor authentication solution.

The intrusion was detected on September 23, but Avast said it found evidence of the attacker targeting its infrastructure going as far back as May 14, this year.

"The user, whose credentials were apparently compromised [...], did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges," said Jaya Baloo, Avast Chief Information Security Officer (CISO).

Staff eventually tracked down other security alerts inside Avast's ATA dashboard, alerts that engineers previously ignored, thinking they were false positives. ATA stands for Microsoft Advanced Threat Analytics, an on-premise network parsing engine and traffic analysis system that Microsoft sells to enterprises in order to protect internal networks from malicious attacks triggered from inside.

Banner Default Image

Latest Jobs