Backdoor Found in CCleaner: Reinforces the Need for Better Data Protection

CCleaner Malware


Users of CCleaner for Windows, a maintenance and file clean-up tool developed by Avast Piriform, are being told to update their software immediately, since it’s been discovered that hackers had installed a backdoor in the official application that would allow additional malware to be added to the infected system.

On September 13, researchers at Cisco Talos found that downloads of CCleaner 5.33 and CCleaner Cloud 1.07.3191 contained more than just the official free versions – a domain generation algorithm (DGA) and hardcoded Command and Control function was incorporated into the software. That means hackers somehow gained access to the official development process and implanted malware designed to steal data from the product’s two million users.

While Avast Piriform acted quickly to fix the problem once the malware was detected, Cisco Talos’ investigation found the compromised version of CCleaner was released on August 15 – so the malware was spreading inside trusted, legitimate security software for weeks undetected.

"This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world," said Cisco Talos in its blog about the attack. “By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates."

The ability and tenacity of hackers to develop new attack vectors is definitely concerning. After all, you should be able to rely on updates from a trusted utility vendor like Avast. Updates to those kind of tools are vital for your system’s well-being, but if their automatic updates can be compromised, how are you supposed to keep your system safe?

Reliable backup defeats malware

Every new malware incident illustrates that having reliable backup is the only way to absolutely counter these attacks. Regardless of the kind of malware that is introduced to your system – from keyloggers to ransomware to wipers – only regular, reliable backup gives you the ability to revert to a clean, safe version of your data.

Cybercriminals recognize that backup is a threat to their plans, so they are increasingly using ransomware to target the backup files that provide users a safe harbor. That means users must evolve their defenses at the same time.

Protecting your backup

Some traditional methods of protecting your backup are still critical. Keeping a three copies of your backup, using two types of storage media, and storing one of those off-site is still the gold standard. The 3-2-1 Rule of Backup guarantees you’ll have a safe, secure way to restore your system.

But an important new step is to complement signature-based anti-malware – which looks for computer code that’s known to be malicious – with technology that detects infections based on suspicious activity and process behavior. Behavior-based solutions are the only ones capable of intercepting the next generation of malware.

The need to defend backup files is why we developed Acronis Active Protection, our artificial intelligence-based anti-ransomware technology, which is incorporated in both our consumer and business backup products. Since launching earlier this year, our technology has stopped more than 15,000 ransomware attacks for 10,000 customers, including consumers using Acronis True Image and businesses that have deployed Acronis Backup 12.5.

 

Final Thought

In covering the incident, PCWorld’s Michael Simon ended by observing, “Ransomware is becoming a troubling trend, and if hackers are able to infect update servers they can spread malware to as many machines as possible.” Thankfully generating and securing reliable backup with Acronis can protect both businesses and families from losing data or being locked out of their system – regardless of how creative cybercriminals become.