Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday October 23 2019, @01:21AM   Printer-friendly
from the out-cybered-by-outsiders dept.

Submitted via IRC for SoyCow9088

Avast says hackers breached internal network through compromised VPN profile

Czech cyber-security software maker Avast disclosed today a security breach that impacted its internal network.

In a statement published today, the company said it believed the attack's purpose was to insert malware into the CCleaner software, similar to the infamous CCleaner 2017 incident.

Avast said the breach occurred because the attacker compromised an employee's VPN credentials, gaining access to an account that was not protected using a multi-factor authentication solution.

The intrusion was detected on September 23, but Avast said it found evidence of the attacker targeting its infrastructure going as far back as May 14, this year.

"The user, whose credentials were apparently compromised [...], did not have domain admin privileges. However, through a successful privilege escalation, the actor managed to obtain domain admin privileges," said Jaya Baloo, Avast Chief Information Security Officer (CISO).

This sudden access rights elevation prompted the company to investigate, Baloo told ZDNet in an email today.

Staff eventually tracked down other security alerts inside Avast's ATA dashboard, alerts that engineers previously ignored, thinking they were false positives. ATA stands for Microsoft Advanced Threat Analytics, an on-premise network parsing engine and traffic analysis system that Microsoft sells to enterprises in order to protect internal networks from malicious attacks triggered from inside.

The alert showed that the compromised user account replicated Avast's Active Directory service, an effective digital map of the company's internal network.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by c0lo on Wednesday October 23 2019, @02:48AM (2 children)

    by c0lo (156) Subscriber Badge on Wednesday October 23 2019, @02:48AM (#910645) Journal

    Just be careful what you wish for, will ye?

    Buzzard's cock may want to be free (or maybe not), but even if so this doesn't make "information" from it.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday October 23 2019, @03:07AM (1 child)

    by Anonymous Coward on Wednesday October 23 2019, @03:07AM (#910650)

    The information is CCleaner can't clean Buzzard's cock.

    • (Score: 2) by c0lo on Wednesday October 23 2019, @06:14AM

      by c0lo (156) Subscriber Badge on Wednesday October 23 2019, @06:14AM (#910679) Journal

      <pedantic hat="on">That's data, not information</pedantic>

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford