15
Feb
This form of attack is not novel by any means and has been successfully leveraged by many groups in the past. Perhaps the best form of prevention is to ensure that all security analysts are aware of this form of attack. Apart from spreading awareness, an organization could also ensure that their security controls are set to block files with invalid signatures from running. Additionally, ensure that RDP ports are only open on devices where it is absolutely necessary, and employ rules that would detect attacks such as network brute force or port scanning/sweeping.
https://www.bleepingcomputer.com/news/security/emsisoft-says-hackers-are-spoofing-its-certs-to-breach-networks/
