Anyone who has access to a code signing key can abuse this to create nefarious code that looks legitimate but contains malicious software that can steal sensitive information from users. Here are several ways code signing can be misused by both insiders and cybercriminals to abuse the trust that signed software invokes.
Attacks early in the software delivery process
If your pipeline doesn’t require digital signatures of all artifacts used to build your products, anyone could slip in a malicious change and the automation will incorporate that change and produce a malware-infected executable that you deliver to your customers.
Distributing malware in your company’s name
Cybercriminals steal code signing private keys from legitimate companies to sign their malicious code. When signed with a private key and certificate from a legitimate company, the malware bears the identity of that company. Trusting users will believe that the infected application is from your company and that it’s therefore safe to install and use.
Selling code signing certificates on the dark web
Cybercriminals can steal code signing certificates and resell them on the dark web for as little as $1,000 each. For organized cybercriminals with more compute power, weak code signing certificates can be forged to look like they’ve been issued by a trusted authority. Whether cybercriminals sign their own malicious code through a stolen or forged certificate themselves or use a signing service, most systems today will trust any code that’s signed if the signature cryptographically checks out to come from a certificate rooted by one of the many CAs in the system’s trust store.
Code signing helps verify that an application is coming from a specific source but if someone inside your organization — a disgruntled employee, for example — gets ahold of these code signing certificates and decides to use them for malicious purposes (or sell them on the dark web!), your users may still think that they’re downloading trusted content, but the code may have been altered or tampered.
And it doesn’t just take a disgruntled employee to do harm. An uninformed employee could make an inadvertent change to a critical software resource that disrupts operations. To avoid innocent errors, implement a strong code signing approval process with carefully delineated roles that control who can sign which code.
Conclusion
Because code signing machine identities generate such high levels of trustworthiness, they’re a valuable target for cybercriminals, who steal code signing credentials from legitimate companies to sign their malicious code. When signed with a legitimate certificate, malware doesn’t trigger any warnings and unsuspecting users will trust that the application is safe to install and use. This is why code signing is a vital part of any cybersecurity strategy.
