Cyber criminals are using stolen digital certificates to mask malicious programs, according to information revealed by Symantec yesterday.
Stolen code-signing certificates can make hacking tools and malware look like legitimate applications.
Symantec first uncovered a China-based hacker group using a digitally signed hacking tool late last year.
The tool used by the China-based group raised suspicion because it was signed with a digital certificate that belonged to a South Korean mobile software developer. Further investigation led to three additional hacking tools signed with the same certificate and had been used in other attacks.
Eventually, additional hacking programs and malware signed with nine stolen digital certificates belonging to companies from Seoul, South Korea were discovered.
"While we do not know the exact circumstances of how the certificates were stolen, the most likely scenario was that the companies were breached with malware that had the ability to search for and extract certificates from within the organization," Symantec researchers said in a blog post Tuesday.
Many businesses view encryption as the ultimate protection. But a compromised, stolen or forged digital key and certificate can enable attackers to impersonate, surveil and monitor websites, infrastructure clouds and mobile devices.
According to a recent Ponemon report, 54% of security professionals surveyed said they do not know where all of their digital keys and certificates are located, who owns them or how they are used.