Following the take-down of the CnC server and getting access to its data, the Avast Security Threat Labs team has been working around the clock to investigate the source and other details of the recent Piriform CCleaner attack. To recap, the attack affected a total of 2.27M computers between August 15, 2017 and September 15, 2017 and used the popular PC cleaning software CCleaner version 5.33.6162 as a distribution vehicle. Today, we would like to report on the progress so far.
As the company that pioneered easy, affordable, and strong security protection for consumers, we know a few things about security. This month, we had the chance to show how we are bringing this expertise to a market we believe is underserved when it comes to security—small and mid-sized businesses (SMBs).
There has been quite a bit of press coverage today about our announcement that the Piriform CCleaner product was illegally modified during the build process to include a backdoor component. Our first priority is our commitment to the safety and security of our millions of users, and supporting our new partner Piriform as they manage this situation. We understand that given the late disclosure of the massive Equifax data breach 10 days ago, consumers and media are very sensitive, as they should be. As such, as soon as we became aware of this issue, we engaged and solved it. Within approximately 72 hours of discovery, the issue was resolved by Avast with no known harm to our Piriform customers. The purpose of this article is to clarify what actually happened, correct some misleading information that is currently circulating, recap what actions Avast took, and outline next steps.
In July 2017, independent test lab AV-Comparatives ran a string of cybersecurity tests on leading brands, and Avast has emerged from each of them with high marks. First we earned its anti-phishing certificate for our protective solutions, then we received 100% in a real-world, real-time malware defense test. And now, we are proud to announce that Avast Mobile Security has qualified for the AV-Comparatives Approved Mobile Product award, scoring a 99.9% protection rate against present-day malware.
For decades, Avast has been successful in providing top-rated, endpoint security for small and medium-sized businesses, including institutions of healthcare, education, retail, manufacturing and real estate, keeping their data and employees safe. Avast has enjoyed an exciting ride, including incredible growth organically and through acquisition. We’ve had a lot going on to keep us strong, but unfortunately, a lot of that growth has complicated the portfolio of brands we offered our business customers.
The catalyst for change
The acquisition of AVG Technologies last October gave Avast an SMB Security Business that was suddenly bigger than ever. Along with that came multiple brand names serving the same business market which—while creating an amazing opportunity for us—also created complexity for our customers. It became clear that it was the right time to put together a plan to unify our brands into one Avast business brand, which we unveiled this month.
1 + 1 = 5
Like all good brand strategies, ours follows business and product strategy. Our goal for the SMB business unit was to take the best technology from both AVG and Avast and create one unified line of products that best serves our customers. By focusing our attention on the Avast master brand, we leveraged its global recognition and strength, and also highlighted “business” in the logo to reinforce our commitment to our business customers.
Here’s what we know: consumer credit report giant Equifax announced today that hackers have exploited a vulnerability in the Equifax website, gaining access to names, addresses, birth dates, social security numbers, and in some cases, driver’s license info. This breach is among the largest on record in the U.S., affecting 44% of the entire population.