Une question ? Contactez notre standard : 01 41 91 58 61 - Un incident de sécurité ? Faites-vous assister : 01 47 28 38 39
ecrime

Key findings

  • Code Signing Technology allows developers to digitally sign their programs, ensuring authenticity and integrity.
  • This can be exploited by malicious actors to bypass security measures, gain privileges, and deceive users with seemingly legitimate certificates.
  • The cybercrime market for EV certificates offers a wide range of services, including various certificate authorities and delivery methods.
  • To obtain code signing certificates, resellers can register new companies, impersonate existing ones, or acquire then through theft.

Introduction

Code signing is a technology that allows software developers to attach a digital signature to their programs, proving that the code is authentic and has not been tampered with. Malicious actors exploit code signing to bypass security measures, gain administrative privileges, and enhance user trust by using legitimate-seeming certificates.

The cybercrime market for code signing certificates mainly focuses on EV certificates, with prices ranging from $2000 to $6000. The resellers can either register a new company or impersonate an existing company to get a valid certificate from a certificate authority.

Malware campaigns, such as QakBot and Grandoreiro, have used valid EV code signing certificates obtained through company impersonation or exploiting closed companies. Code signing certificates can also be obtained through theft, as seen in incidents like the theft of NVIDIA’s code signing certificates by the Lapsus$ extortion group in early 2022.

Intrinsec’s CTI services

Organisations are facing a rise in the sophistication of threat actors and intrusion sets. To address these evolving threats, it is now necessary to take a proactive approach in the detection and analysis of any element deemed malicious. Such a hands-on approach allows companies to anticipate, or at least react as quickly as possible to the compromises they face.

For this report, shared with our clients in July 2023, Intrinsec relied on its Cyber Threat Intelligence service, which provides its customers with high value-added, contextualized and actionable intelligence to understand and contain cyber threats. Our CTI team consolidates data & information gathered from our security monitoring services (SOC, MDR …), our incident response team (CERT-Intrinsec) and custom cyber intelligence generated by our analysts using custom heuristics, honeypots, hunting, reverse-engineering & pivots.

Intrinsec also offers various services around Cyber Threat Intelligence:

  • Risk anticipation: which can be leveraged to continuously adapt the detection & response capabilities of our clients’ existing tools (EDR, XDR, SIEM, …) through:
      • an operational feed of IOCs based on our exclusive activities.
      • threat intel notes & reports, TIP-compliant.
  • Digital risk monitoring:
      • data leak detection & remediation
      • external asset security monitoring (EASM)
      • brand protection

For more information, go to www.intrinsec.com/en/cyber-threat-intelligence/.

Follow us on Linkedin and X

Verified by MonsterInsights