• All
  • Cloud
    • Solutions
    • Virtualization
  • Data
    • Analytics
    • Big Data
    • Customer Data Platform
  • Digital
    • Digital Marketing
    • Social Media Marketing
  • Finance
    • Cost Management
    • Risk & Compliance
  • Human Resources
    • HR Solutions
    • Talent Management
  • IT Infra
    • App Management Solutions
    • Best Practices
    • Datacenter Solutions
    • Infra Solutions
    • Networking
    • Storage
    • Unified Communication
  • Mobility
  • Sales & Marketing
    • Customer Relationship Management
    • Sales Enablement
  • Security
  • Tech
    • Artificial Intelligence
    • Augmented Reality
    • Blockchain
    • Chatbots
    • Internet of Things
    • Machine Learning
    • Virtual Reality
Abusing Code Signing for Profit

Abusing Code Signing for Profit

Chronicle
Published by: Research Desk Released: Nov 19, 2019

Signing a Windows executable file was originally conceived as a mechanism to guarantee the authenticity and integrity of a file published on the internet. Since its inception, the process of cryptographically signing a piece of code was designed to give the Operating System a way to discriminate between legitimate and potentially malicious software. Unfortunately, this system is built on a problematic core tenet: Trust. The chain of trust is relatively straight-forward: certificates are signed (issued) by trusted certificate authorities (CAs) , which have the backing of a trusted parent CA. This inherited trust model is taken advantage of by malware authors who purchase certificates directly or via resellers. Whether purchased directly or indirectly, due diligence into customers appears to be lacking. Revoking a certificate, the process by which a CA says the certificate is no longer trustworthy, is unfortunately the only real tool available to combat certificate abuse. This process introduces a delay in which malware with a certificate may be considered “trusted”.