lolloj - Fotolia
Illicit code-signing certificates are more valuable than handguns on a flourishing market on the dark web, a six-month investigation has revealed.
Code-signing certificates are readily available to buy on the dark web, selling for up to $1,200, according to research by the Cyber Security Research Institute (CSRI).
The researchers said code-signing certificates are more expensive than counterfeit US passports, stolen credit cards and even handguns.
The certificates are used to verify the authenticity and integrity of computer applications and software and make up a vital element of internet and enterprise security.
The reason they are so valuable on dark web markets is that cyber criminals can take advantage of compromised certificates to install malware on enterprise networks and consumer devices.
This makes it almost impossible for organisations to detect malicious software, and because organisations rarely have full visibility of all the certificates they rely on, this lucrative trade presents a real risk.
“We have known for a number of years that cyber criminals actively seek code-signing certificates to distribute malware through computers,” said Peter Warren, chairman of the CSRI.
“The proof that there is now a significant criminal market for certificates throws our whole authentication system for the internet into doubt and points to an urgent need for the deployment of technology systems to counter the misuse of digital certificates.”
The investigation proves that code-signing certificates are lucrative targets for cyber criminals, said Kevin Bocek, chief security strategist for machine identity protection firm Venafi, which commissioned the research.
“Any cyber criminal can use code-signing certificates to make malware, ransomware and even kinetic attacks trusted and effective,” he said. “In addition, code-signing certificates can be sold many times over before their value begins to diminish, making them huge money-makers for hackers and dark web merchants. All of this is fuelling the demand for stolen code-signing certificates.”
According to Warren, despite uncovering a thriving trade in code-signing certificates, researchers were only able to scratch the surface of this market.
“In an ironic twist, our researchers were often limited from delving further because dark web traders didn’t trust them,” he said. “We suspect that TLS, VPN and SSH key and certificate trading is also rife, alongside the trade in code-signing certificates that we uncovered.”
The six-month investigation was carried out by the CSRI in partnership with the Cyber Security Centre at the University of Hertfordshire, dark web specialist Flashpoint and a team of freelance researchers.