Temporary VPN profile without 2FA enabled used to escalate privileges
Avast hacked in May. Intruder left almost no trace. Security firm ramps up security for its product build and release environments.
Avast, the cybersecurity company with over 400 million users, today admitted its internal systems had been breached by a hacker who used an employee’s compromised VPN profile to obtain domain admin privileges.
New Avast CISO Jaya Baloo – who joined the Czech Republic-based firm in July from the Netherlands’ largest telecommunications carrier KPN – said that the attack had initially been flagged as a false positive, after unusual activity was identified on Microsoft’s Advanced Threat Analytics tool.
The company has involved the Czech intelligence services, police and third-party external forensics teams to try to trace the attackers’ moves.