By Maximilian Clarke
Malware that uses fraudulently acquired government digital certificates to bypass security systems has been detected, causing alarm to businesses and individuals.
The malware is spread through corrupted PDF files obtained through exploiting Adobe Acrobat Reader. Tal Be’ery, Web Security Research Team Leader at Imperva discusses the threat, forecasting a rapid increase in more sophisticated forms of malware:
“Once more we are seeing an example of the growing trend in the theft of issued certificates by cyber-criminals. This time, F-Secure published an analysis of a widespread malware strain which used a stolen certificate belonging to the Malaysian Agricultural Research and Development. By using the stolen certificate, the malware appears to the operating system as a legitimate application and thus evades detection.
“We can expect to see more stories of stolen certificates in the upcoming year, as hackers have come to understand that the weakest link in SSL is the Public Key Infrastructure (PKI). PKI deals with all aspects of digital certificates — and hackers are launching a brutal attack against it.
“Attackers have compromised repeatedly various Certificate Authorities (CA) organizations this year including DigiNotar and GlobalSign. This is a direct consequence of the commoditization of certificates as smaller; less competent organizations are taking larger pieces of the certificate market. At the same time, any CA can issue a digital certificate for any application not having to receive consent from application owner. When hackers gain control on any CA they can use it to issue fraudulent certificates and masquerade any website.
“The same is true for code signing certificates - Stealing the organization's code signing certificate is like stealing its rubber stamp. A stolen rubber stamp enables the attacker to sign on cheques and fill in an arbitrary amount and beneficiary. The bank will trust the cheque since it's signed. A stolen code signing certificate enables the attacker to sign on whatever code they like. The browser will trust the downloaded code since it is properly signed. Therefore, code signing certificate is, and will continue to be, a prime target for malware distributers.”
Join us on