Emsisoft says hackers are spoofing its certs to breach networks

Gandalf_The_Grey

Level 79
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,840
A hacker is using fake code-signing certificates impersonating cybersecurity firm Emsisoft to target customers using its security products, hoping to bypass their defenses.

Code signing certificates are digital signatures used to sign an application so that users, software, and operating systems can verify that the software has not been tampered with since the publisher signed it.

Threat actors attempt to take advantage of this by creating fake certificates whose name appears to be associated with a trustworthy entity but, in reality, are not valid certificates.

In a new security advisory, Emsisoft warned that one of its customers was targeted by hackers using an executable signed by a spoofed Emsisoft certificate. The company believes this was done to trick the customer into thinking any detections were a false positive and to allow the program to run.

"We recently observed an incident in which a fake code-signing certificate supposedly belonging to Emsisoft was used in an attempt to obfuscate a targeted attack against one of our customers," said Emsisoft in the security advisory.

"The organization in question used our products and the attacker's aim was to get that organization to allow an application the threat actor installed and intended to use by making its detection appear to be a false-positive."

While the attack failed, and Emsisoft's security software blocked the file due to the invalid signature, the company is warning its customers to stay vigilant against similar attacks.
 

TairikuOkami

Level 36
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,561
This actually made the news? It is like saying not to click on phishing links in spam. Invalid certificates are as trustworthy as unsigned. No decent IT would even consider using them.
The company also suggests that system administrators set a password on their Emsisoft product to prevent it from being tampered with or disabled in case of a breach, such as this attempted one.
Company, that does not have protected systems, deserves/asks to be hacked, since users are the biggest security threat.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top