Manoj Asnani provides an insight below that hackers are selling legitimate code-signing certificates to evade malware detection.
Manoj Asnani, VP Product and Design at Balbix:
“Hacked code-signing certificates certainly present an extended challenge to IT security teams, and are a potentially effective tactic to bypass traditional security appliances. For an enterprise security team, it’s imperative to consider different approaches to capture the incident before it reaches your organization. This includes leveraging the intelligence services that are largely available today to probe the dark web and find chatter about instances before the certificates are purchased. The challenge many organizations face, however, is connecting the dots between the intelligence captured, in the dark web for example, and prioritizing the potential threats to their specific ecosystem based on business criticality. Humans cannot keep pace with the number of threats and feeds out there, so flagging what appears to be legitimate risk becomes an impossible ask. This is where AI and deep learning can be leveraged to augment and enhance the capacity and ability of human threat analysts.”