Reports are emerging that the CCleaner outbreak targeted computers at some specific companies. Evidence procured from data on a command-and-control server shows that 20 of the 700,000 affected computers belonged to companies such as Samsung, Cisco, Sony and Microsoft.
The initial infection was launched after Avast was hit by hackers that infected their CCLeaner application. The attack had a second stage that used a different set of command and control servers.
Craig Williams, a senior technology leader and global outreach manager at Talos, was interviewed by Ars Technica and said “When you look at this software package, it’s very well developed. This is someone who spent a lot of money with a lot of developers perfecting it. It’s clear that whoever made this has used it before and is likely going to use it again”.
With security professionals picking up their game and becoming more adept and protecting against traditional threats, detecting incursions and reacting effectively if a beach occurs, hackers are turning to more sophisticated means to infiltrate targets. By infecting the software supply chain, threat actors can enter business through the front door.
This puts the onus on companies to ensure they have effective detection methods and monitor networks from any unusual network traffic, particularly outbound traffic to unexpected or unusual destinations.