Recently, in cybersecurity news, Cisco’s Talos Research Division published the hack of “CCleaner.” CCLeaner is a popular software for cleaning users’ computers such as defragging user’s hard drives for more efficient use. The threat actors were able to sabotage the vendor’s product by installing a backdoor into several copies of “CCleaner,” which is usually distributed electronically over the web. CCleaner is considered to be a digital supply chain product. Unfortunately, the hack and sabotaged of the digital supply chain has become popular and has increased in the recent past months. Hackers have been able to hide malware inside of software distribution companies’ products prior to distributing updates, and new installation of their software products. According, to the security vendor who develops and distributes CCleaner named Avast, the infected CCleaner App had been downloaded and installed approximately 2.27 million times before discovering the infected code. The software was first hacked and infected this past August of 2017. According to Cisco’s Talos team, it was their beta version of a new networking monitoring tool that discovered Avast’s “CCleaner” app acting abnormal. Another cybersecurity research team, this one located in Israel, had previously alerted Avast to their sabotaged software issue prior to them disclosing the incident. The Israeli’s security research team was able to detect Avast’s problem because Avast always cryptographically signs its installations and updates for CCleaner and it was discovered to have been forged and not authentic. Security researchers at Redport Information Assurance, LLC have also been paying attention to these digital supply chain hack upticks and according to their research there are little to just a few options to be taken for mitigating these types of hacks. One proposed idea however, given by Wired Magazine is to research the vendor’s different security practices prior to downloading.

By Dr. Randall Sylvertooth
Reference:
https://www.wired.com/story/ccleaner-malware-supply-chain-software-security/


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA