Compromised Digital Certificates are Used to Deceive Security Scanners

Delaware, USA – November 6, 2017 – Researchers at the University of Maryland conducted a study on the leveraging of compromised digital certificates for signing malware. They managed to find 111 certificates that are used to bypass antivirus solutions. More than a third of them were issued for front companies that are not related to software development. Attackers use this technique as an auxiliary method to avoid detection by antivirus solutions: while checking the signed file, some antiviruses may mark a malicious file as benign. One of the devastating examples of the APT-attack using this technique is the outbreak of NotPetya Ransomware worm, in which attackers used fraudulent Microsoft certificates. Cyber ​​Security Research Institute reported that cost of compromised digital certificates is about $1200 and anyone can purchase them on the Darknet.

It is also worth noting that Malwarebytes Lab in their recent analysis of modern cyber threats landscape called traditional anti-virus protection inefficient. If your SIEM tool is properly configured, collects all the necessary data and up-to-date analytical content is implemented, it can notify the administrator in minutes about the start of the attack or malicious activity. Use Case Cloud is a regularly updated platform with SIEM content, where you can find Use Cases you need for your organization, get information about recent cyberattacks, and check the health status of your SIEM components.