Selling of Fake Digital Certificates Becoming Extremely Profitable - InfoArmor
Infosecurity-magazine.com published news on 4th November, 2015, quoting threat intelligence enterprise InfoArmor as saying, hackers are selling digital certificates which allow code-signing of malicious files, and they are making a whole cottage-industry business out of it.
InfoArmor says that a malware innovation tool, GovRAT, which is coupled with digital certificates for code signature is used by hackers. This is mainly an APT (Advanced Persistent Threat) tool, active from the beginning of year 2014. The firm said that diplomatic, political, and military personnel of more than 15 governments worldwide are among the GovRAT victims till date along with over 100 other corporation, 30 defense contractors and seven banks.
Infosecurity-magazine.com published news on 4th November, 2015 quoting Travis Smith, Senior Security Research Engineer of Tripwire, as saying "Code-signing provides the assurance to users and the operating system that the software is from a genuine source. It is expensive and complex to obtain and correctly apply the certificate to genuine software. Several mechanisms for protection check for the digital certificate correctly. However, it is possible that additional security measures stop investigating the software beyond this."
InfoArmor captured posts, which are promoting code-signing certificates in different underground marketplaces. The price fixed by hackers of these certificates is in the range of $600-$900 depending upon the issuing firm. Certificates of code-signing issued by GoDaddy, Thawte DigiCert and Comodo firms, which are popular for supplying digital information to genuine developers of software - are amongst the ones on offer.
Theregister.co.uk published news on 4th November, 2015 quoting an explanation by Andrew Komarov, President and Chief Intelligence Officer with InfoArmor, that these traders are supporting hackers and cyberspies searching to support targeted attacks.
Komarov said: "The buyers are blackhats (mostly state-sponsored) and malware developers. It is quite professional audience, as usual script kiddies and online criminals don't require such stuff. The presence of such services in the underground-market allows [hackers] to perform them much more simply, somewhat like Stuxnet."
Fake or stolen certificates were found in the Sony hack and the Stuxnet worm, both of which are high profile attacks. InfoArmor research reveals that this technique is being made accessible to a broader range of cyber attackers.
However, Komarov noted: "It cannot be very vast, as the amount of certificates is quite limited, and it is not simple to buy them, but as per our statistics, the amount of such services is extensively growing."
» SPAMfighter News - 11/12/2015