• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Gustuff Banking Trojan Uses New Tactics
October 22, 2019
Rewterz Threat Advisory – ICS: Schneider Electric ProClima Multiple Vulnerabilities
October 23, 2019

Rewterz Threat Alert – Hackers Leverage Insecure VPN Profile to Breach Avast Antivirus Network

October 22, 2019

Severity

Medium

Analysis Summary

Hackers accessed the internal network of Avast, likely aiming for a supply chain attack targeting CCleaner. The antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account. Avast refers to this attempt by the name ‘Abiss’ and says that the threat actor behind it exercised extreme caution to avoid being detected and hide the traces of their intention. The intruder connected from a public IP address in the U.K. and took advantage of a temporary VPN profile that should no longer have been active and was not protected with two-factor authentication (2FA). Researchers observed a malicious replication of directory services from an internal IP that belonged to Avast’s VPN address range.

 The exploited user account did not have the permissions of a domain administrator, indicating that the attacker achieved privilege escalation. The logs further showed that the temporary profile had been used by multiple sets of user credentials, probably obtained via credential theft. Suspecting CCleaner as the targeted asset, Avast on September 25 stopped the upcoming updates for the software and started to check prior releases for malicious modification. Avast has reset all employee credentials, with further steps planned to improve overall business security at Avast.

Impact

  • Privilege Escalation
  • Credential Theft

Affected Vendors

Avast

Affected Products

CCleaner versions 5.57 through 5.62

Remediation

To ensure that no risk comes to its users, the company re-signed an official CCleaner release 5.63 and pushed it as an automatic update on October 15.

Additionally:

  • Users should enable 2FA on VPN accounts.
  • Users should reset credentials from time to time.
  • As a security best practice, all software should be immediately updated to latest secure releases.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.