The discovery of stolen code signing certificates used in a new malware campaign in Taiwan. Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi commented below.
Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi:
This is just one more demonstration of how machine identities, in this case code signing certificates, are being abused by malicious actors. There’s no doubt we’re going to see a lot more of these attacks in the future.
Code signing certificates are often a core component of DevOps and cloud infrastructure; and because organizations are using a lot more machine identities, these risks will only grow. In fact, researchers are already seeing a dramatic rise in the trade of stolen code signing certificates on the Dark Web.”
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.