CCleaner attack targeted 'intellectual property' of top tech firms including Microsoft, Cisco
- Cisco Systems confirmed it was one of the tech companies targeted by this week's CCleaner cyberattack, according to an announcement Wednesday. Researchers said the hack targeted and intended to compromise companies' intellectual property.
- The Talos report was published Monday, prompting Cisco to further investigate its C2 servers. While the files were verified as "genuine," Cisco uncovered a list of major tech organizations in the delivery code, including Samsung, VMware, Sony and Microsoft. Researchers confirmed at least 20 companies and their data were targeted.
- Researchers recommend any consumer who was attacked should not just remove or update their CCleaner software. Instead, computers should be backed-up and restored to remove the backdoor version of CCleaner and its accompanying malware.
CCleaner is a popular maintenance software for Windows and Android PCs. The attack is said to have affected about 2.27 million users who installed version 5.33 for Windows devices.
Avast, the parent company to Piriform-owned CCleaner, said the attack was unknown for four weeks before its discovery, bypassing all security firms during that time. Due to the length of time it went undetected and its list of high-profile targets, researchers say the attack shows a high level of sophistication.
The supply chain style attack is particularly threatening as it undercuts customer/vendor trust. There is still no evidence of major damage, but Cisco's report highlights the potential severity of the attack's intent.
Cyberattacks vary in purpose, as evidenced by this year's slew of attacks. Malware often just serves up destruction, but a hacker attempting to access classified company data is another threat for organizations to be aware of.
Follow Samantha Ann Schwartz on Twitter