Stolen Code Signing Certificates Are the Hottest Dark Web Trend

Security News ThreatsCybercrime Uncategorized

Dark Web news flash – digital code signing certificates cost way more than guns in underground markets. Apparently, a single certificate may cost up to $1,200, whereas a handgun is sold for about $600.

According to researchers at Venafi, the trade of digital code signing certificates is currently blooming. The certificates are mostly used to verify software products, proving their status as legitimate. If compromised, these certificates can be deployed to install malware on devices and networks without being detected.

Stolen Certificates Make Detection Nearly Impossible

With stolen code signing certificates, it’s nearly impossible for organizations to detect malicious software. Any cybercriminal can use them to make malware, ransomware, and even kinetic attacks trusted and effective.” Kevin Bocek, chief security strategist at Venfai, recently said.

Researchers have known for quite some time that cybercriminals actively seek code signing certificates to distribute malware through computers, Peter Warren, chairman of the Cyber Security Research Institute, explained. The CSRI, in partnership with the Cyber Security Centre at the University of Hertfordshire, carried out a six-month investigation reaching the following conclusion:

The proof that there is now a significant criminal market for certificates throws our whole authentication system for the internet into doubt and points to an urgent need for the deployment of technology systems to counter the misuse of digital certificates.

The worst thing is that code signing certificates can be re-sold over and over before their value decreases. This way cybercriminals and Dark Web dealers can make huge money. This fact alone is enough to keep on driving the demand for stolen certificates.

This is not the only troublesome trend discovered in the Dark Web. Flashpoint researchers recently revealed that access to Windows XP desktop computers is being offered for only $3, whereas access to Windows 10 systems costs $9.

These two Dark Web trends combined can lead to various malicious outcomes compromising both consumers and enterprises.