Microsoft warns on its Threat Research & Response Blog for a recent increase in the use of stolen certificates to various types of malware legitimate seem. System administrators would have their private lwa keys to better shielding.
In the blogposting designate the security researchers from Microsoft, including the Win32/Winwebsec malware. This scarewarevariant has recently returned in a new form and presents itself as a antivirustool. Winwebsec has been signed with several certificates to make the malware to a legitimate app to look like. According to Microsoft, the creators this use of the certificates of a total of twelve software developers. Also the malware with the names FakePav and Ursnif, has recently of this aanvalstactiek use, increasing the likelihood of success for the attackers is greater.
According to Microsoft, there was after the discovery of Stuxnet, the malware that with plenty of stolen certificates worked, relatively little use of stolen certificates; in most cases, would malwaremakers itself against payment certificates have purchased at certificaatverstrekkers. In the last few months, there seems to be according to the software giant, however, there is a resurgence of the use of stolen certificates. Dutch software developers have to deal with theft; previous month, were see the certificate of engineering from Enschede in the hands.
Microsoft emphasises that software developers extra precautions should be taken to the private keys that are required for the signing of a certificate to protect. As such keys should be stored in hardware-secured storage systems, such as smart cards or usb tokens. Not only is a company that keys are lose, according to Microsoft, a lot of money lost to the immediate damage, also the image of a company can be a blow up.