Certificates-as-a-Service? Code Signing Certs Become Popular Cybercrime Commodity
The
fraud underground is a vivid dark market replete with services, commodities and
information sharing, providing cybercriminals with just about any help they may
need for their misdoings.
Alongside
the usual malware vendors and fraud scam chatter, one recent phenomenon IBM
Security X-Force researchers have been tracking is certificates-as-a-service
(CaaS). Cybercriminals obtain high-grade code signing certificates from trusted
cert authorities and then sell them on demand through Dark Web e-commerce sites
to anyone who will pay.
IBM
Security X-Force researchers note seeing a considerable hike in the sale of
code signing certificates in the underground in the past few months. Further
investigation of this phenomenon reveals findings that add to the understanding
of why the use of signed malware has increased threefold in the past four years
alone. They also provide some best practices on how to check that certificates
can be trusted at a time when trust is increasingly fragile.
A Bit About Certificates
Code
signing certificates are files containing a digital signature that can be used
to sign files such as executables and scripts. Certificates were created to
generate trust and validation in software or code that you run on your machine.
They are there to indicate:
·
This file came from a trusted source.
·
This file was not tampered with before you received
it.
·
This file’s origin is openly known to you, and you
can validate its creator.
Certificates
are issued by certification authorities (CAs) and come in different grades
according to the entity that issues them. They are granted to identifiable
entities, or companies, that generate code, protocols or software, allowing
them to sign their code and indicate it is legitimate and original.
While in
the past certificates were issued only to large software vendors, today smaller
firms and individual application developers use them, as well. Reports on the
subject show that the sheer number of certificates in circulation has increased
from about 20,000 in 2007 to over 150,000 certificates in 2015.
Some
examples of the most well-known CAs that issue certificates are Symantec and
WebTrust. These authorities issue Class 1 certificates, which are considered
the most trusted. There are also Class 2 CAs that issue certificates for
commercial purposes, such as GoDaddy, DigiCert, Comodo, Entrust and others.
Beyond
basic certification, in cases where a heightened level of security is needed, a
digital certificate issued by one CA is used to sign the public key for the
root certificate of another CA. This is termed cross-certification, and it
provides a means to create a chain of trust from a single trusted root CA to
multiple other CAs.
Why Do Certificates Matter?
Read our research and more of this article here
Comments
Post a Comment