Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Intrinsec has presented a report on the growing market for the use of Extended Validation (EV) certificates in cybercrime schemes. The report takes a closer look at the methods used by attackers to obtain and exploit these certificates, as well as the security threats they pose.
Digital signature technology, originally designed to confirm the authenticity and integrity of software, is increasingly being used by cybercriminals to circumvent security measures, gain administrative privileges, and mislead users with legitimate-looking certificates. EV certificates are especially in demand on the black market, the cost of which varies from $2000 to $6000.
Attackers can use a variety of methods to obtain such certificates, including registering new companies, imitating existing firms, or stealing certificates. The Intrinsec report provides examples of recent attacks that used stolen or spoofed EV certificates. For example, malware such as QakBot and Grandoreiro used certificates obtained by imitating companies or using data from closed organizations. Also mentioned is the case of NVIDIA, whose certificates were stolen by the Lapsus$ group and subsequently used to sign malicious code.
The Intrinsec report highlights that attackers can use digital signatures not only to bypass security mechanisms such as Microsoft SmartScreen, but also to increase user trust and reduce the likelihood of detection by antivirus software.
In addition, the report highlights services offered on the black market, such as the delivery of physical tokens required to use EV certificates, as well as the provision of remote access to these tokens. Such offers are distributed not only on specialized forums, but also through messengers such as Telegram.
Intrinsec recommends that organizations strengthen certificate authentication measures and implement stricter application control policies. The recommendations also include training employees to recognize potential threats and using reputation systems to detect malicious certificates.
This report highlights the need for continuous monitoring and adaptation of defenses to counter the increasingly sophisticated methods used in cybercrime.
• Source: https://www.intrinsec.com/wp-conten...CLEAR-20240828-The-EV-Signature-Market-EN.pdf
Digital signature technology, originally designed to confirm the authenticity and integrity of software, is increasingly being used by cybercriminals to circumvent security measures, gain administrative privileges, and mislead users with legitimate-looking certificates. EV certificates are especially in demand on the black market, the cost of which varies from $2000 to $6000.
Attackers can use a variety of methods to obtain such certificates, including registering new companies, imitating existing firms, or stealing certificates. The Intrinsec report provides examples of recent attacks that used stolen or spoofed EV certificates. For example, malware such as QakBot and Grandoreiro used certificates obtained by imitating companies or using data from closed organizations. Also mentioned is the case of NVIDIA, whose certificates were stolen by the Lapsus$ group and subsequently used to sign malicious code.
The Intrinsec report highlights that attackers can use digital signatures not only to bypass security mechanisms such as Microsoft SmartScreen, but also to increase user trust and reduce the likelihood of detection by antivirus software.
In addition, the report highlights services offered on the black market, such as the delivery of physical tokens required to use EV certificates, as well as the provision of remote access to these tokens. Such offers are distributed not only on specialized forums, but also through messengers such as Telegram.
Intrinsec recommends that organizations strengthen certificate authentication measures and implement stricter application control policies. The recommendations also include training employees to recognize potential threats and using reputation systems to detect malicious certificates.
This report highlights the need for continuous monitoring and adaptation of defenses to counter the increasingly sophisticated methods used in cybercrime.
• Source: https://www.intrinsec.com/wp-conten...CLEAR-20240828-The-EV-Signature-Market-EN.pdf
