Windows Malware Carries Valid Digital Signatures

Researchers from Masaryk University in the Czech Republic and Maryland Cybersecurity Center (MCC) monitored suspicious organizations and identified four that sold Microsoft Authenticode certificates to anonymous buyers. The same research team also collected a trove of Windows-targeted malware carrying valid digital signatures. “Recent measurements of the Windows code signing certificate ecosystem have highlighted various forms of abuse that allow malware authors to produce malicious code carrying valid digital signatures,” researchers wrote. In their work, the researchers also discovered several cases of potentially unwanted programs (PUPs), revealing that along with their ability to sign malicious code, bad actors are also able to control a range of Authenticode certificates. Gaining this type of unauthorized access has traditionally been easy for attackers using drive-by downloads and phishing, according to Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies. “And while endpoint security achieved some increases in efficacy over the last five years with the evolution of end point protection platforms, we only ever treated the symptom – and the not cause – of permissive access," Gumbs said.

Spotlight

Industry 4.0 is transforming the manufacturing and industrial landscape by integrating advanced technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), and cloud computing. While these innovations provide immense benefits, they also ramp up the risk of cyberattacks due to increased connectivity and a lar

Spotlight

Industry 4.0 is transforming the manufacturing and industrial landscape by integrating advanced technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), and cloud computing. While these innovations provide immense benefits, they also ramp up the risk of cyberattacks due to increased connectivity and a lar

Related News