While a cybercriminal may or may not be book smart, they are definitely cyber street smart. That is because more and more cybercriminals are targeting developers’ systems to steal the private keys used to sign software.
Operating systems and security software consider programs signed with a digital certificate safer.
To date, the most high-profile piece of malware to use digital certificates is Stuxnet. That worm infected industrial control systems in 2009 and 2010 and experts believe it was behind a nation-state attack on Iran’s nuclear processing facility. The first stage of the Stuxnet attack used code signed by certificates belonging to two Taiwanese companies to appear more innocuous to security software.
In 2010, a version of the Zeus banking Trojan used a digital signature belonging to software security firm Kaspersky Labs to lessen the chance of the program being identified as malware. And a third attack in the same year used an Adobe flaw signed with a certificate from a credit union.
“They are going right after the keys to the kingdom,” says Jeff Hudson, CEO at Venafi, a maker of enterprise key and certificate management software. “They are not trying to siphon off pennies; they are going right for the heart.”
Security firm Symantec has documented a piece of malicious software known as Infostealer.Nimkey designed to steal private keys and keystrokes.
Attackers stole thousands of certificates and they are going in malware, said Yuval Ben-Itzhak, chief technology officer for security firm AVG. In a quarterly security report, AVG said in the first half of 2011, three times as many certificates signed malware than the first half of 2010.