InfoArmor is reporting that hackers are selling digital certificates that allow code signing of malicious instructions and making a whole business out of it. Travis Smith, senior security research engineer for Tripwire have the following comments on it.
Travis Smith, Senior Security Research Engineer forTripwire :
“Code signing provides the assurance to users and the operating system that the software is from a legitimate source. Both obtaining and correctly applying the certificates to legitimate software is expensive and complex. Many protection mechanisms, rightfully so, check for the digital certificate. However, it’s possible that additional security measures stop investigating the software beyond this. Attackers can exploit this lapse in security by obtaining certificates and signing their malware. This decreases the ability for attacker automation, but will increase the value of potential loot. For organizations which have valuable data, attackers are going to sacrifice automation for stealthier attacks such as code signed malware.
“Organizations should rely on a defense-in-depth security posture so if one defensive mechanism fails, another is in line to detect the attack. For attacks such as this, monitoring the list of both signed and unsigned in the environment will give security administrators an early indication of compromise.”
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.