InfoArmor is reporting that hackers are selling digital certificates that allow code signing of malicious instructions and making a whole business out of it. Travis Smith, senior security research engineer for Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Travis Smith, Senior Security Research Engineer for Tripwire :
“Code signing provides the assurance to users and the operating system that the software is from a legitimate source. Both obtaining and correctly applying the certificates to legitimate software is expensive and complex. Many protection mechanisms, rightfully so, check for the digital certificate. However, it’s possible that additional security measures stop investigating the software beyond this. Attackers can exploit this lapse in security by obtaining certificates and signing their malware. This decreases the ability for attacker automation, but will increase the value of potential loot. For organizations which have valuable data, attackers are going to sacrifice automation for stealthier attacks such as code signed malware.
“Organizations should rely on a defense-in-depth security posture so if one defensive mechanism fails, another is in line to detect the attack. For attacks such as this, monitoring the list of both signed and unsigned in the environment will give security administrators an early indication of compromise.”[/su_note]
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.