Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information on how we use and manage cookies please take a look at our privacy and cookie policies. Some parts of the site may not work properly if you choose not to accept cookies.

sections
Home > DigiCert > Revealing the secret life of your Code Signing certificates
 

Revealing the secret life of your Code Signing certificates

White Paper Published By: DigiCert
DigiCert
Published:  Jun 19, 2018
Type:  White Paper
Length:  8 pages

Many security-minded organizations utilize code signing to provide an additional layer of security and authenticity for their software and files. Code signing is carried out using a type of digital certificate known as a code-signing certificate. The process of code signing validates the authenticity of legitimate software by confirming that an application is from the organization who signed it. While code-signing certificates can offer more security, they can also live an unintended secret life providing cover for attack groups, such as the Suckfly APT group.

In late 2015, Symantec identified suspicious activity involving a hacking tool used in a malicious manner against one of our customers. Normally, this is considered a low-level alert easily defeated by security software. In this case, however, the hacktool had an unusual characteristic not typically seen with this type of file; it was signed with a valid code-signing certificate.

Download this whitepaper to find out more about how you can protect your business from such threats.



Tags :