CP
cyberpings
Malware & RansomwareHIGH

Malware Uses Stolen Certificate to Bypass Security

MSMicrosoft Security Blog
malwareRMMEV certificatecybersecurity
🎯

Basically, hackers used fake software with a real digital signature to sneak into companies.

Quick Summary

A new signed malware is impersonating workplace apps to gain unauthorized access to company networks. This poses serious risks to sensitive data and operations. Organizations must enhance their certificate controls and monitor RMM activities to protect against these threats.

What Happened

In a concerning development, signed malware has been discovered that impersonates legitimate workplace applications. This malware, which is backed by a stolen Extended Validation (EV) certificate, deploys Remote Monitoring and Management (RMM) tools to maintain ongoing access to enterprise networks. This means that attackers can effectively operate undetected, posing a significant threat to organizations.

The use of a stolen EV certificate allows the malware to appear trustworthy, making it easier for it to infiltrate systems. Once inside, the RMM tools enable hackers to control systems remotely, monitor activities, and potentially steal sensitive information. This tactic highlights a growing trend where cybercriminals are leveraging legitimate tools to execute their malicious plans, increasing the complexity of detection and response efforts.

Why Should You Care

Imagine your home security system being tricked by someone who looks like a trusted repairman. That’s what this malware does to company networks. If you work for a business, your sensitive data, financial information, and even customer details could be at risk. The longer this malware goes undetected, the more damage it can inflict.

The key takeaway here is that organizations must be vigilant. Just because software appears legitimate doesn’t mean it is safe. You need to ensure that your company’s digital environment is protected against these sophisticated threats. Regular monitoring and strict controls on software installations are essential to safeguard your data.

What's Being Done

In response to this alarming situation, cybersecurity experts are urging organizations to tighten their certificate controls. This includes:

  • Regularly auditing and validating the certificates in use.
  • Monitoring RMM activity closely to detect any unauthorized access.
  • Educating employees about the risks of installing unverified applications.

Experts are closely watching for further developments and potential new variants of this malware. They emphasize that proactive measures are crucial to prevent similar attacks in the future. As the threat landscape evolves, staying informed and prepared is your best defense.

🔒 Pro insight: The use of stolen EV certificates indicates a shift in tactics; expect increased sophistication in malware deployment strategies.

Original article from

Microsoft Security Blog · Microsoft Defender Security Research Team

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Medusa Ransomware - Attacks Mississippi Hospital and County

A major ransomware attack has struck a Mississippi hospital and a New Jersey county, demanding $800,000 in ransom. The incident disrupted vital healthcare services and exposed sensitive data risks. Authorities are investigating the attacks and working on recovery efforts.

The Record·
HIGHMalware & Ransomware

Ransomware - Google Warns of Shifting Tactics and Data Theft

Ransomware actors are changing their tactics as profits decline. Google warns that data theft is on the rise, impacting many organizations. It's crucial to adapt security measures to counter these evolving threats.

Cyber Security News·
HIGHMalware & Ransomware

Malware - Glassworm Targets Popular React Native Packages

A serious supply chain attack has hit popular React Native packages, allowing hackers to steal credentials and cryptocurrency. Developers are at risk, especially those using the affected packages. Immediate action is required to secure systems and prevent further theft.

Cyber Security News·
HIGHMalware & Ransomware

Malware - Android OS Attack Bypasses Mobile Payment Security

A new Android attack technique is hijacking payment apps and bypassing security. Users are at risk of unauthorized transactions and fraud. Experts recommend stronger verification methods to combat this threat.

Infosecurity Magazine·
HIGHMalware & Ransomware

Warlock Ransomware - New Post-Exploitation Techniques Revealed

The Warlock Ransomware Group has ramped up its tactics with new post-exploitation techniques. This poses a serious threat to organizations, especially those with weak security. Awareness and proactive measures are crucial to combat these evolving threats.

Dark Reading·
HIGHMalware & Ransomware

RondoDox Botnet - Expands Targets to 174 Vulnerabilities

RondoDox botnet is ramping up attacks, targeting 174 vulnerabilities with 15,000 daily exploit attempts. This surge poses significant risks to various devices globally. Organizations must act quickly to defend against these threats.

Security Affairs·