Software code signing certificates worth more than guns on the Dark Web

Haythem Elmir

Researchers have discovered that digital code signing certificates are being sold for more than is required to buy a gun in the web’s underground markets.

On Tuesday, security researchers from Venafi said there is a flourishing trade in the sale of digital code signing certificates, which can be used to verify software applications.

These certificates are a fundamental way of ensuring software and apps are legitimate, but if compromised, can be used to install malware on networks and devices while avoiding detection.

A single certificate can fetch up to $1,200. Credit cards can go for as little as a few dollars, while US passports can be picked up for roughly $850 — and a handgun may only set buyers back $600.

« We’ve known for a number of years that cybercriminals actively seek code signing certificates to distribute malware through computers, » said Peter Warren, chairman of the CSRI. « The proof that there is now a significant criminal market for certificates throws our whole authentication system for the internet into doubt and points to an urgent need for the deployment of technology systems to counter the misuse of digital certificates. »

The six-month investigation was carried out by the CSRI in partnership with the Cyber Security Centre at the University of Hertfordshire.

To read the original article:

Laisser un commentaire

Next Post

Undetectable ATM “Shimmers” Hacker’s Latest Tool for Steal your Chip Based Card Details from POS Terminal

Latest warning coming out from Canada about sophisticated ATM skimming called “Shimmers”  targeted chip-based credit and Debit cards to steal your entire card information form POS(Point-of-sale) terminal. Basically many skimming devices record your card information in plain text on the magnetic stripe on the backs of cards. Last Year November ATM based Skimmer has […]