Networks targeted via spoofed Emsisoft certificates

BleepingComputer reports that organizations leveraging Emsisoft security products are being targeted by fraudulent code-signing certificates spoofing the company. "We recently observed an incident in which a fake code-signing certificate supposedly belonging to Emsisoft was used in an attempt to obfuscate a targeted attack against one of our customers. The organization in question used our products and the attacker's aim was to get that organization to allow an application the threat actor installed and intended to use by making its detection appear to be a false-positive," noted Emsisoft in a security advisory. Either brute-force attacks against remote desktop protocol or stolen credential use was performed by attackers to achieve initial access, from which they sought to install the open-source remote access app MeshCentral with a fake Emsisoft certificate. Such an attack indicates the importance of multi-layered protection in organizations, according to Emsisoft, which also recommended the use of admin passwords on security systems.