Key Takeaways:
- Cybercriminals are abusing short-lived certificates to sign malware, making it appear legitimate and bypass security measures.
- These three-day certificates allow attackers to quickly deploy malware before expiration.
- IT admins are advised to strengthen verification processes and implement advanced security solutions.
Cybercriminals have discovered a way to exploit Microsoft’s Trusted Signing Platform by acquiring short-lived certificates. This allows them to disguise malware as legitimate software, helping malicious programs evade security measures and gain user trust.
Microsoft’s Trusted Signing Platform is a service that allows software developers to sign their applications and executables digitally. The signature verifies that the software is from a verified source and hasn’t been tampered with. A signed software is less likely to be flagged as malicious by antivirus programs. Users are more likely to download and install software that is signed, as it reduces the risk of malware and other security threats.
Microsoft’s trusted signing platform offers two options: Basic and Premium. The basic option is more affordable, and it provides a limited number of signatures per month. On the other hand, the premium option is more comprehensive and offers a higher quota of signatures and other features.
Cybersecurity researchers have discovered that threat actors are abusing this service to sign their malware with three-day certificates. The hackers use “Microsoft ID Verified CS EOC CA 01” to sign these malware samples, and the certificate is valid for only three days. Even after the certificate expires, the malware remains trusted by systems until it is officially revoked.
Why cybercriminals are targeting Microsoft’s Trusted Signing Platform?
Microsoft’s Trusted Signing platform is an attractive target for cyber criminals for several reasons. It issues digital certificates that make software appear legitimate and trusted. These certificates help malware bypass security filters and antivirus programs, which increases the chances of successful deployment.
Additionally, the platform’s three-day certificates allow cybercriminals to quickly sign and distribute malware before the certificate expires. The ease of obtaining these certificates makes the platform an attractive tool for distributing malware.
How to protect your organization against code-sign malware?
It’s highly recommended to implement stricter verification for issuing certificates to ensure that they are only granted to legitimate developers. Moreover, organizations should deploy advanced security solutions that can detect and block malware, even if it’s signed with a legitimate certificate. Administrators must also educate end users about the risks of signed malware and encourage them to verify the source of software before installation.
Furthermore, organizations should implement mulifactor authentication (MFA) to make it harder for attackers to gain unauthorized access to systems and data. It’s also advised to develop an incident response plan to address and mitigate the impact of any security breaches.