On February 15, Australian antivirus manufacturer Emsisoft announced that a security incident had occurred in which a fake code-signing certificate was used to disguise a targeted attack against an organization.
The attacker's goal was to trick the affected organization into allowing an application that the threat actor had installed and intended to use by making its detection appear as false positives. The attack failed, the antivirus software detected and blocked it. The method used to gain initial access is still unclear, but most likely either a brute force attack on RDP or the use of compromised credentials was performed.
spoofing
Spoofing has long been a problem, but more in the context of website spoofing and phishing. It is therefore interesting that the same approach, namely changing a letter, is also applied to code-signing machine identities. The fact that threat actors use fake code-signing certificates to impersonate companies is well known. Threat actors know that trusted access to an organization's system via fake machine identities is something of a digital front door. In this case, the fake identity was detected and flagged, but could easily have been overlooked.
It's harder than ever for security departments to make decisions about what can and cannot be trusted, especially given the speed of software development environments. As the number of machine identities in an organization grows exponentially, they need a control plane to automate the management of machine identities. This provides IT security professionals with the visibility, consistency and reliability they need to effectively manage their machine identities and prevent malicious actors from sneaking in.
More at Venafi.com
About Venafi
Venafi is the cybersecurity leader in identity management for machines. From on-premises to the cloud, Venafi solutions manage and protect identities for all types of machines - from physical and IoT devices to software applications, APIs and containers. Venafi provides global visibility, lifecycle automation, and actionable intelligence for all types of machine identities and their associated security and reliability risks.