The discovery of stolen code signing certificates used in a new malware campaign in Taiwan. Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi commented below.
Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi:
“These attacks are not new. As ESET points out, the attacker learned from the model established by Stuxnet: if you steal trusted machine identities from global technology companies, you can execute highly effective attacks that don’t raise any alarms.
This is just one more demonstration of how machine identities, in this case code signing certificates, are being abused by malicious actors. There’s no doubt we’re going to see a lot more of these attacks in the future.
Code signing certificates are often a core component of DevOps and cloud infrastructure; and because organizations are using a lot more machine identities, these risks will only grow. In fact, researchers are already seeing a dramatic rise in the trade of stolen code signing certificates on the Dark Web.”