The certificates thus bought, are sold on the black market to potential buyers.
Bad actors impersonate company executives to deceive certificate authorities into selling them legitimate digital certificates.
Researchers have identified a new kind of certificate fraud that involves the purchasing of legitimate digital certificates that could be used to spread malware. The certificates thus bought, are sold on the black market to potential buyers.
What are the aspects?
Security firm ReversingLabs has discovered that bad actors are impersonating company executives to deceive certificate authorities into selling them legitimate digital certificates.
Once purchased, theses digital certificates are sold on the black market for digitally signing malicious files, mainly adware.
Researchers note that certificates are valuable resources as they reduce the chance of early malware detection. This can be beneficial for financially motivated actors.
How does it happen?
The fraud attack begins with the reconnaissance phase in which threat actors select the right target to impersonate. For this, they have to trawl through publicly available information.
“A person well-established in their industry, with easily verifiable history is a preferred target. Since the goal is to acquire a code signing certificate, the perfect victim is someone working in the software industry,” note the researchers in a blog post.
Social media sites such as LinkedIn are a viable place to search these targets. Once identified, threat actors, scrap the details from their public LinkedIn profile page in order to pass their identity validation process.
Validating a domain
Researchers note that the attackers aim to use the top-level domain to mislead the certificate authority during their identity validation process.
“The gamble is that the person verifying the certificate issuance request will assume that the same compan ..
Support the originator by clicking the read the rest link below.
