2017 saw a sudden increase in code signing certificates being used as a layered obfuscation technique to deliver malicious payloads. Recorded Future's Insikt Group has been investigating the criminal underground and has identified a number of vendors currently offering both code signing certificates and domain name registration with accompanying SSL certificates. Particularly interesting is that researchers have found that certificates available on the digital underground are not stolen from legitimate owners, but are created for a specific buyer on request and are registered using stolen corporate identities, making traditional network security appliances less effective at detecting them. "It's been generally…
[Continue Reading]