Avast CTO Explains What Went Wrong in CCleaner Attack

SAN FRANCISCO—The importance of doing cyber-security due diligence prior to acquiring a company is something that security vendor Avast learned the hard way.

In September 2017 the CCleaner tool that is widely used by consumers was found to have been injected with malware by hackers. The malware discovery came months after Avast acquired Pirifom, the company that makes CCleaner.  

In a video interview with eWEEK at the RSA Conference here, Ondrej Vlcek CTO of Avast provided insight into what happened in that incident and best practices so others can avoid the same issue.

According to Avast's analysis, the Piriform compromise was a supply-chain attack that likely started as early as March of 2017 and wasn't detected until September 2017.

"We bought the company while it was being hacked," Vlcek told eWEEK.  

Lessons Learned

"When doing M&A (mergers and acquisitions) cyber-due diligence is a no brainer, " Vlcek said. 

He noted that most companies focus just on the financial and legal aspects of a company they plan to acquire, but that's not enough in the modern threat landscape. 

Another key lesson is that in a supply chain attack, relying on digital signatures might not be the best approach to guaranteeing code integrity. Vlcek said that many endpoint security products whitelist technologies that have been digitally signed by a software developer. In the CCleaner attack, that hackers were able to inject themselves in the supply chain and the the maliciously modified code was still signed by the original certificate.

Vlceck said that Avast has added additional capabilities to its products to address the CCleaner type of attack in the future.

Watch the video interview with Vlcek above.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.