On October 14th, 2020, malicious actors once again took advantage of Microsoft digital certificates to sign dangerous malware. According to security research firm Morphisec, the attackers abused trusted certificates issued by Microsoft to sign malware in order to circumvent security measures.
The malicious code was signed with a certificate issued by Microsoft Office and the certificate was connected to a legitimate Microsoft-owned domain. The certificate was used to sign two binaries, the first of which was used to download a remote access Trojan (RAT) and execute it on the victim’s system. The second binary was used to deploy an information stealing utility which compromised user credentials and stored them on an external server.
This kind of attack has become increasingly common, as digital certificates are widely available and can be abused by cybercriminals to bypass security protocols. Additionally, these sorts of attacks have become even more insidious due to their ability to take advantage of trustful relationships on systems that don’t run timely security update patches. As such, organizations should take extra precaution to ensure that their systems are consistently updated, as outdated software could be more vulnerable to this kind of attack.
It is important for organizations to not only monitor their systems for malicious activity, but also that users are aware of malicious emails, website URLs, and other malicious attachments. No matter how trusted the source, organizations should never install any software without properly verifying it first to ensure that it is not malicious code. Organizations should also deploy appropriate endpoint security solutions, such as firewalls and virus scanners, to help detect and prevent malicious activity.
When it comes to digital certificates, organizations should think twice before clicking on any links or downloading any certificates. It is also important to ensure that the certificates have been issued by a reputable provider. Furthermore, they should ensure that they are properly audited and monitored to ensure they are not being used to sign malicious code.
Microsoft digital certificates have again been abused by malicious actors to sign malware code, and as such it is important for organizations to take the necessary steps to ensure their systems are secure.Updating systems with the latest patches, deploying appropriate endpoint security solutions, and being wary of suspicious emails and website links are all key elements in staying safe from cyberattacks. Proper verification of software and digital certificates before installation and regular monitoring of the environment should help to protect against these malicious activities.