Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyberespionage groups are stealing digital certificates to sign malware

Lucian Constantin | March 17, 2016
The China-based Suckfly group has used nine stolen digital certificates to sign its malicious programs since 2014.

"Attackers are taking the time and effort to steal certificates because it is becoming necessary to gain a foothold on a targeted computer," the Symantec researchers said. "Attempts to sign malware with code-signing certificates have become more common as the Internet and security systems have moved towards a more trust and reputation oriented model. This means that untrusted software may not be allowed to run unless it is signed."

By default, the latest versions of Apple's Mac OS X only allow applications to run if they have been downloaded from the Mac App Store or if they have been signed with a developer certificate obtained from Apple. Windows will display User Account Control (UAC) warnings for unsigned executable files that try to gain administrator privileges.

Some security and application whitelisting products can also treat files differently based on whether they are digitally signed with a trusted certificate or not.

It's clear that digital certificates, especially those used for code signing, have become valuable targets for cybercriminals, so it is very important for organizations who own such certificates to maintain strong cybersecurity practices and store them in secure environments.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.