aidarrow-end-inversearrow-endWhy choose AvectoAchieve complianceOperational efficiencycompliancedefendpoint-coloureddefendpoint-thin-2DesktopScaleResources.iconsAsset 21insider-threatsavecto-logo-smallquotation-marksransomwareResources.iconsResources.iconsResources.iconsResources.iconsResources.iconsResources.iconssafePrevent attacksAsset 19social-engineeringTrustedtriangleStop insider attacksAsset 20Resources.iconsResources.iconszero-days

Backdoored CCleaner could compromise millions of users

Contributor:
James Maude
Date published
9/18/2017 3:11:25 PM

The popular PC cleanup tool, CCleaner has been hijacked by hackers in the latest widespread malware attack. The hack, identified by security researchers at Cisco Talos, found that anyone who downloaded or updated the CCleaner app between mid-August to mid-September also potentially downloaded malware without realising.

The malware, known as Floxif, leverages admin rights to allow hackers access the user's computer, and other connected systems, to steal personal data or credentials. Antivirus firm, Avast, which owns CCleaner is now investigating the incident.

The CCleaner hack is another reminder of how vulnerable organisations are to the software supply chain and users accidentally introducing malicious software. In this case, the hacked applications code was even signed indicating widespread issues with security at CCleaner.

Time after time we’re seeing instances of cyber crime where admin rights play a critical role in breaches and compromise. In the case of the Floxif malware, it relies on the user having admin rights and will stop running if the user has a standard account. It is critical that organisations regain control of their applications through application whitelisting, and limit the ability to inflict damage by removing admin rights.

It’s now fundamental that organisations address these critical gaps in their security and ensure that whitelisting and a least privilege model is rolled out.

For more information about privilege management and application whitelisting click here.