This Google, Microsoft, Samsung-Targeting ‘CCleaner’ Attack Sets an Insidious Trend

An insidious attack trend has been catching my eye lately. It’s called the software supply chain attack.

The scheme goes like this: Hackers compromise a trusted software vendor, subvert its products with their own malicious versions, and then use the tainted formulation to infect customers — thereby bypassing internal security controls and easily spreading malware far and wide. Customers, careful to keep their software up to date, don’t think twice about downloading the latest iterations. That’s good digital hygiene, after all.

At least that’s what we’ve been trained to think. Cisco researchers exposed one of these sneaky incursions earlier this week. The hacking operation sabotaged CCleaner, a popular piece of computer cleaning software distributed by Avast, a Czech antivirus firm. (Morphisec, an Israeli cybersecurity startup, had discovered the compromise too.)

Here’s what happened: In August, some unknown hacking group inserted a backdoor into the CCleaner software, which was then dutifully installed on more than 700,000 machines. With that foothold, the attackers then attempted to drill down deeper into the networks of at least 18 big tech company targets, including Google, Intel, Microsoft, Samsung, HTC, and Cisco. Presumably, the intruders sought trade secrets.

This article first appeared in the Cyber Saturday edition of Data Sheet, Fortune’s daily newsletter on the top tech news. Sign up here.

This is only the most recent example of such an attack. Earlier this year hackers compromised MeDoc, a piece of accounting software developed by a Ukrainian tech firm, in order to spread a destructive strain of ransomware, dubbed NotPetya, through its update mechanism. The attack crippled operations at big companies, ranging from Danish shipping giant Maersk to U.S. pharma company Merck. Similarly, Kaspersky Labs, the lately besieged Russian cybersecurity firm, found a backdoor in server management software from the U.S. and South Korean tech firm NetSarang that infected hundreds of banks and other companies over the summer.

These supply chain attacks fly in the face of commonly accepted principles of computer security—i.e., patch your systems early and often—and they undermine everyone’s trust in the software ecosystem. As the Cisco researchers note in their analysis, a product from an established vendor “rarely receives the same level of scrutiny” as one from an untrusted source. And as they warn in a follow-up post, these types of attacks now “seem to be increasing in velocity and complexity.”

The proliferation is cause for alarm. It’s hard to see how the situation will improve until everyone — even small-fry software vendors — takes responsibility and ups their digital defenses.

Tech

Microsoft, Salesforce in Process to Collaborate in Running Cloud Computing Service

Two arch rivals in the domain of cloud computing and software applications – Microsoft Corporation and Salesforce – are joining hands to create a collaborative business ecosystem.

salesforceTwo arch rivals in the domain of cloud computing and software applications – Microsoft Corporation and Salesforce – are joining hands to create a collaborative business ecosystem.

This has been learnt through the reliable sources that both of the companies are in a long process of negotiation to reach the conclusion of establishing a possible partnership for running software as a service SaaS on Azure cloud computing platform. Although, both of the companies have not officially announced this breaking news as yet – but, the short statement from both of the companies to have agreed that some software products would work better in collaboration between the two platforms signals something big is in making between these two giants.

It was also officially announced that the customer relationship management (CRM) software would be available for different operating systems of Microsoft devices – mobile and computers. The Salesforce CRM would run in integration with the Office 365 cloud computing service of Microsoft Corporation on both the windows based mobiles and computers. This announcement is big news in the domain of information technology and especially in the fiercely competitive cloud computing marketplace.

MicrosoftSalesforce and Microsoft Corporation share a very hostile business history during the past 10 years – during that hostile period – both of the companies aggressively termed each other the enemy to each other through different marketing and legal pursuits.

During a conference call, while talking about this new progress in between the two cloud computing companies, the CEO of Salesforce Mr. Marc Benioff said, “This announcement is really about putting our customers first.” Many analysts believe that Marc Benioff is considered to have good relationship with the newly appointed CEO of Microsoft Mr. Satya Nadella; and, due to the joint efforts of the CEOs of both companies, they are inching towards a large scale collaboration not only in cloud computing domain but also in the software development field. This announcement was made via a short official statement issued to the media. There were no more details of the agreement or any other information pertaining to technicalities or commercial understanding.

Like many analysts, the senior analyst with Bernstein Research, Mr. Mark Moerdler suggests that, “It’s possible any deal would be limited to Salesforce.com’s Sales Cloud, Service Cloud and possibly Force.com as these are the most synergistic to Microsoft cloud offerings (Office 365, Azure, Skype and possibly even Microsoft Dynamics CRM).”