In a highly ironic twist, one of the most popular products for IT security has temporarily become extremely insecure. With the tech world still reeling from the effects of the discovery, here's a look at everything you need to know about the CCleaner hack and how it could impact your business.
What Is CCleaner?
CCleaner is a cleaning utility application for Windows that's mainly used to delete unwanted and unnecessary data, such as temporary files, browser history, the contents of the Recycle Bin and more. The software can also uninstall programs and correct problems with the Windows registry. Piriform, the developer of CCleaner, was acquired by the major cybersecurity company Avast in July of this year.
So What Just Happened With CCleaner?
On Monday, September 18, Cisco's threat intelligence group Talos announced that two recent versions of the software -- CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191 -- contained a "backdoor," or an unanticipated means of access to the application. This major security flaw could allow malicious actors to compromise systems with the affected software and harvest information such as the computer's name and IP address.
What Are the Risks to Your Business?
Avast initially reported that there was little risk to end users, even though 2.27 million systems had downloaded the affected software. On Thursday, September 21, however, Avast announced that the attack was more serious than it initially appeared.
In particular, hackers had used this security hole to install malware on at least 20 machines at major technology firms. The targeted companies included Microsoft, Intel, Samsung, Sony, Akamai and Cisco, although it's not yet clear which of these companies played host to the infected systems. So far, smaller businesses seem to have escaped the hackers' attention during this particular exploit.
What Are the Implications of the CCleaner Incident?
If you're a CCleaner user who's downloaded the affected software version, the first thing to do is to update in order to patch this security flaw. All CCleaner users should immediately install version 5.34 or higher. Avast has already automatically updated the software for users of CCleaner Cloud.
However, the issues surrounding the CCleaner hack speak to the need for all organizations, small and large, to adopt a strong cybersecurity posture by partnering with companies like Todyl. Our security operations team goes far beyond commonplace antivirus solutions. We keep an eye out for the latest threats, flaws and malware in order to keep our clients safe from cyber attack.