The Ivanti Threat Thursday Update for September 21, 2017: Malware Masquerade

Greetings. This week, popular PC cleaner software gets dirty, hackers reveal their favorite data theft methods, and tech companies resemble shoemakers’ children. As always, your opinions, reactions, and suggestions are welcome – feel free to share, and thanks in advance.

Avast There, Matey – Yer PC Cleaner May be Malware-Infected, Savvy?

(September 19 was International Talk Like a Pirate Day.) Software supplier Avast recently acquired Piriform Ltd., makers of the popular PC cleaner and maintenance offering, CCleaner. According to a blog post by researchers on Cisco’s Talos threat intelligence team, recent CCleaner releases from Avast were infected with malware by hackers.

  • “For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner.” Piriform later reported that CCleaner Cloud version 1.07.3191 is also “affected.” Talos researchers inferred that malefactors “compromised a portion of [the] development or build environment and leveraged that access to insert malware into the [infected] CCleaner build.”
  • Talos said the infected version of CCleaner, 5.33, “was signed using a valid certificate that was issued to Piriform Ltd by Symantec and is valid through 10/10/2018.” It was distributed from its August 15 release date until a subsequent version was released on September 12, Talos added. Pre-infection versions are still available for download, but the infected version has been removed from the CCleaner download site.
  • As of November 2016, according to Talos, CCleaner had been downloaded 2 billion times, “with a growth rate of 5 million additional users per week.” Such numbers make it seem highly likely that there are many PCs within or with access to enterprise networks running the software, whether authorized or not.

What We Say: Malefactors will target any and all potential entry points into enterprise networks. Phishing is only one of many ways ransomware and other malware can enter those networks. And there are arguably few entry points able to spread chaos and disruption as widely and quickly as the download servers that distribute popular software. Such threats make it imperative to include comprehensive discovery, granular application control, and rapid remediation features in your multi-layered defense efforts. You and your colleagues need to know what’s on your enterprise’s network, identify actual and potential threats, prevent all you can, and recover as quickly and completely as possible from those that succeed. Such an approach is the only adequate response to the large and growing number of attack types threatening your enterprise. (See “Your Threats Are Evolving. Are Your Defenses?”)

Hackers Confirm It: Phishing Works – Even Better Than Malware

At the Black Hat 2017 cybersecurity conference, data protection solution provider Bitglass surveyed 129 “white hat” (legitimate) and “black hat” (disruptive or criminal) hackers. The resulting report, “Data Games: Security Blind Spots According to Experts,” offers an interesting take on what works in cybersecurity – and what doesn’t.

  • According to the announcement of the report, almost 60 percent of respondents “ranked phishing as the number one method of data exfiltration, followed by malware and ransomware (27 percent).”
  • The top three “data security blind spots” cited by respondents were unmanaged devices (61 percent), “not-up-to-date systems, applications and programs (55 percent),” and mobile devices (36 percent).
  • “Password-protected documents (33 percent) were ranked as the least effective security tool, followed by facial recognition (19 percent). Facial recognition was rated as the worst tool six times more often than fingerprint authentication – an interesting insight in light of the new iPhone X’s shift to face-recognition security.”

What We Say: Phishing is just one form of social engineering, which is often a faster, easier, and more effective way than hacking for illegitimate actors to gain access to enterprise networks. Your cybersecurity efforts must combine technologies that manage your fixed and mobile devices, protect your data, and keep your operating systems and applications up to date with effective user engagement and education. Technologies cannot guarantee that none of your users will ever open a phishing email or click on a bogus web link. User education helps to reduce the attack surface enough to make it possible to remediate the attacks that succeed. (See “User Education for Cybersecurity: Yes, It’s Worth It” and “Three Things You Can Do Now to Increase User Contributions to Cybersecurity at Your Enterprise.”)

Survey: Tech Firms Need Cybersecurity Help, Too

During the summer of 2017, executive search and organizational advisory firm Korn Ferry surveyed “more than 60 C-Suite, VP and top HR professionals at top tech firms.” The announced results indicate that providing technology doesn’t guarantee that a company is exemplary at using technology.

  • More than half the respondents (51 percent) cited “application modernization and more digital transformation” as the top challenge facing their organizations. And while 75 percent of respondents “agree their organization has the talent needed for their current business strategy,” only 36 percent “agree that their organization has the talent needed to deliver their future business strategy.”
  • Regarding cybersecurity, a positive: “77 percent of respondents agree that their organization has programs in place to increase employee awareness of the role they play in helping ensure enterprise wide security.” Another: “66 percent agree that ensuring holistic risk management and every employee doing their part to maintain enterprise wide security is part of their company culture.”
  • However, “only 43 percent agree their organization has the cyber security talent needed to support their digital and business transformation needs.” Further, “less than one-third agree they have the right cyber-security infrastructure in place to support their data analytics, business process automation, artificial intelligence, and related services.”

What We Say: Tech companies are not the only enterprises pursuing big data, analytics, artificial intelligence, or other highly IT-dependent, growth-oriented business initiatives. To succeed with such initiatives, tech companies, like companies in every other industry, must modernize their IT and cybersecurity infrastructures and processes. Only modern technologies and processes can enable defense in depth, support advanced initiatives effectively, and move enterprises closer to achieving truly unified IT. (See “The Ivanti Way: A Secure and Productive First Day,” “IT Security & Service Management: The Intersection of Safe and Supported,” and “The Power of Unified IT™: IT. Together. Strong.”)

Improve Your Cybersecurity and Bring IT Closer Together with Ivanti

Ivanti cybersecurity solutions can help your enterprise to combat and remediate malware attacks more effectively, control user applications, devices, and admin rights, patch your client and server systems faster and more consistently, and improve IT reporting and analytics. And through September, you can get select combinations of Ivanti cybersecurity offerings at discounts of up to 30 percent. Check out the offer details, and get free trials of our patch management solutions. Then, explore our solutions for modern, advanced asset, endpoint, IT service, and business service management. Let Ivanti help you to deliver the best possible cybersecurity to your users, and help your enterprise get closer to unified IT, whatever your starting point. (And stay current on cybersecurity threats and developments – keep reading and sharing our Patch Tuesday and Threat Thursday updates.)