TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Avast Antivirus Network breached through insecure VPN Profile

It looks like a VPN as a service is not having a good day. NordVPN is already under fire about its Private keys being leaked, and data decrypted on one of its servers, and now Avast Antivirus network has been confirmed to be breached through an insecure VPN profile. Avast has confirmed that instruction was detected on September 25, 2019, and the hackers were able to gain access using a compromised VPN account.

Avast Network Breached VPN

Avast Antivirus Network breached

According to Jaya Baloo, Avast Chief Information Security Officer, this hack wasn’t easy. The hackers started working on it from May, and they used an extremely sophisticated attempt. They also made sure to cover all their tracks, but logs were found for May, July, September, and October.

The primary reason hacker was able to get in using the VPN was the missing 2FA factor for that VPN. They used a public IP address and made a malicious replication of directory services from an internal IP that belonged to their VPN address range. The only good thing about the hack was that they did not have enough permission to act as a domain administrator.

The real plan was to put a malicious payload on CCleaner

Avast doubts that the real intention was to put a malicious payload in the CCleaner, which was coming out with an update. However, it was proactively taken down and stopped to check on any malicious modification. Not only this, but Avast has also resigned the clean update of the product, pushed it out to users via automatic update on October 15. Also, the previous certificate was revoked.

Microsoft has recently blacklisted CCleaner links for interfering with the utility with Microsoft Security policy that might have prompted its removal. One of the Primary reason Microsoft has rolled out Tamper Protection.

Coming back to the VPN, the profile was closed, and all internal user credentials have been reset. Avast will continue to monitor and investigate further to find if they had missed anything.

It is not easy for any company to manage security, and mistakes like this always send a reminder that Security needs to be continually updated, and validated.

Related read: NordVPN confirms that one of the data centers in Finland was hacked.

Updated on Tags:

AshishMohta@TWC

Ashish is a veteran Windows, and Xbox user who excels in writing tips, tricks, and features on it to improve your day to day experience with your devices.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap