The details of a massive data breach impacting Piriform, the company that created the popular system cleanup software CCleaner and was acquired by Avast in July 2017, indicate that the first point of compromise occurred using stolen credentials.  The malware attack infected over 2.3 million users who downloaded or updated the CCleaner app from the official website with the compromised version of the software in August and September last year.

While the specific details are unknown of how exactly the credentials were obtained, Piriform believes attackers reused legitimate employee credentials obtained from previous data breaches.  These valid credentials were used by hackers to access an unattended workstation of one of the CCleaner developers using TeamViewer.

Using Stolen Credentials

Once the breach was initiated, the hackers began to infiltrate other computers on the internal network by installing a keylogger on already compromised systems to steal more credentials, and logging in with administrative privileges through RDP.  Within a few short months, the attackers replaced the original version of CCleaner software from its official website with their backdoored version of CCleaner, which was distributed to millions of users at some of the world’s leading technology companies.

The CCleaner breach is yet another example of why remote access and use of stolen credentials continue to be named leading attack vectors for cyber breaches. Bomgar recommends the following steps to prevent or reduce the impact of a breach of this nature:

  • Consolidate all remote access to one tool
  • Require the use of MFA for all privileged users
  • Randomize and rotate credentials frequently

Implement a true ‘security by design’ methodology with Bomgar

Bomgar also knows that implementing these kinds of security practices can impact your IT users.  Bomgar’s Secure Access solutions enable businesses to control, monitor, and manage access to critical systems and data, while ensuring that people remain productive and are not impeded in their day to day job tasks. Bomgar allows users to access systems quickly and securely, while defending access credentials and protecting endpoints from threats.