Many security-minded organizations utilize code signing to provide an additional layer of security and authenticity for their software and files. Code signing is carried out using a type of digital certificate known as a code-signing certificate. The process of code signing validates the authenticity of legitimate software by confirming that an application is from the organization who signed it. While code-signing certificates can offer more security, they can also live an unintended secret life providing cover for attack groups, such as the Suckfly APT group.
In late 2015, Symantec identified suspicious activity involving a hacking tool used in a malicious manner against one of our customers. Normally, this is considered a low-level alert easily defeated by security software. In this case, however, the hacktool had an unusual characteristic not typically seen with this type of file; it was signed with a valid code-signing certificate.
Download this whitepaper to find out more about how you can protect your business from such threats.