sb-nz logo
Story image

Illicit code signing certificates more valuable than handguns

04 Nov 2017

Venafi has released its findings of a six month investigation into the lucrative sale of digital code signing certificates on the dark web.

Conducted on behalf of Venafi by the Cyber Security Research Institute (CSRI), the study delved into code signing certificates readily available for purchase on the dark web that were selling for up to $1,200 – this makes them more expensive than counterfeit US passports, stolen credit cards and even handguns.

So what are code signing certificates specifically used for? Venafi says they can verify the authenticity and integrity of computer applications and software, making up a vital element of Internet and enterprise security.

Cybercriminals have been exploiting compromised code signing certificates to install malware on enterprise network and consumer devices in a lucrative market.

“We’ve known for a number of years that cyber criminals actively seek code signing certificates to distribute malware through computers,” says Peter Warren, chairman of the CSRI.

“The proof that there is now a significant criminal market for certificates throws our whole authentication system for the internet into doubt and points to an urgent need for the deployment of technology systems to counter the misuse of digital certificates.”

Chief security strategist at Venafi, Kevin Bocek says their research proves that code signing certificates are lucrative targets for cyber criminals.

“With stolen code signing certificates, it’s nearly impossible for organizations to detect malicious software. Any cyber criminal can use them to make malware, ransomware, and even kinetic attacks trusted and effective,” says Bocek.

“In addition, code signing certificates can be sold many times over before their value begins to diminish, making them huge money makers for hackers and dark web merchants. All of this is fuelling the demand for stolen code signing certificates.”

Warren says the size of the market is immense.

“Although our research uncovered a thriving trade in code signing certificates, we were only able to scratch the surface of this market,” says Warren.

“In an ironic twist, our researchers were often limited from delving further as dark web traders didn’t trust them. We suspect that TLS, VPN, and SSH key and certificate trading is also rife, alongside the trade in code signing certificates we uncovered.”

Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More
Story image
Video: 10 Minute IT Jams - Who is LogRhythm?
LogRhythm VP of sales for Asia Pacific Simon Howe, who discusses the company's primary offerings and services, what products the company is focused on for the future, and the infrastructure it has in the A/NZ market.More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More