Destover Attack on PCs by Using Stolen Security Certificates from Sony

Kaspersky Labs has found that the huge breach carried out against Sony Pictures Entertainment has led to a seemingly side effect wherein the 'Destover' malicious program is currently wreaking havoc by utilizing one embezzled digital certificate that belonged to SPE for probably hacking PC-systems.

The implication of this is that since there's a trust factor associated with the certificate deployed on certain PCs, the malware possibly has little difficulty in bypassing defense technologies such as default-deny policies and/or anti-virus programs. The entire provisions is allegedly for exploitation as certain folders accessed through the Sony hack contained an assortment of SPE's signing keys and security certificates.

Global Security Strategist Trey Ford with Rapid7 explains that suppose SPE-signed digital certificates got exposed during the hack, there could be serious problems confronting the IT security departments of other organizations. For, crooks may utilize embezzled digital certificates for authorizing Destover thus letting them circumvent the IT security solutions of several businesses without getting noticed, he analyzes. Mashable published this, December 9, 2014.

According to Vice-President of Security Strategy and Threat Intelligence Kevin Bocek at Venafi a security company, with further news coming in gradually about the SPE breach, it is little astonishing to know about Destover malware's latest variant, which the hackers employed, actually got signed with an authentic cert from Sony. Repeatedly, hacked companies like Sony are being seen carelessly enabling attackers by not sufficiently safeguarding the faith which cryptographic keys and digital certificates provide, Bocek bemoans. SecurityWeek published this, December 9, 2014.

Bocek continues that cyber-crooks have discovered how easily, quickly and successfully they can insert malicious software into corporate networks without getting detected via authenticating the malware with signature using filched/compromised e-certificates. They're aware how organizations usually can't recognize atypical certificates which nevertheless validate machines along with their operators on company networks, software programs as well as devices; consequently, they abuse the items.

It's typical of global organizations to use innumerable certificates/keys, while most don't maintain a proper stock of them, don't have an idea about the places they're deployed, the person(s) utilizing them as also don't maintain the proper security mechanisms for the same, Bocek tells.

ยป SPAMfighter News - 12/18/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next