Alarmingly, hackers are quite adept at stealing code signing machine identities, inserting their malware into legitimate software, signing it with the stolen keys, and then distributing it. To the rest of the world, the malware-infected software update looks legit because it has a valid signature.
When properly protected, code signing is an effective tool to stop the spread of malware, and nearly every organization relies on code signing to confirm their code is authentic and hasn’t been corrupted with malware. Code signing your software has significant implications for several areas of your organization.
Liability
If legitimate software provided by your organization is tampered with—such as malware being added—and then signed with your organization’s legitimate code signing keys, your organization may experience a liability situation from your customers who are the ones who will suffer from that malware attack.
The same is true if your private code signing keys are stolen and used to sign standalone malware. In addition, if a critical IT function was compromised by modifying a script, sensitive corporate, customer, or personal data could be jeopardized. This creates significant liability for your organization with not only your customers but also with regulatory agencies.
Damage to Brand, Revenue and Stock Value
Code signing attacks can also damage your brand reputation which impacts your revenue, market share, and stock price because customers will associate your brand with risky or unsafe software that has harmed them. This has been demonstrated in multiple types of attacks over the past few years.
Changes to Critical Software Infrastructure
Your critical software infrastructure includes enterprise-wide applications such as accounting systems, customer relationship systems, invoicing systems, network or database maintenance scripts and any other software that’s critical to the efficient functioning of your business. Compromise, misuse or disruption of this software can jeopardize your business, not to mention financial damage, loss of trust and widespread societal consequences. Similarly, intrusions into development systems or the code signing infrastructure itself could result in malicious code being signed.
Think of the amount of software and scripts that are used to maintain your business infrastructure. These applications often have access to sensitive company secrets, sensitive customer information or personal and confidential information of your users. A modification to an IT script such as one responsible for backups could put all this sensitive data at risk.
Code signing your critical software infrastructure prevents cybercriminals from accessing and modifying your unprotected internal software, including critical IT shell scripts.
But code signing software infrastructure alone may no longer be enough to prevent cybercriminals from their work as they now target the theft or misuse of private code signing keys and strike earlier in the software development process. They use these unprotected private keys to either sign malware or tamper with your software. Tens of millions of code signing keys have been reported stolen or forged from legitimate businesses. This should be a concern to all businesses.
Unauthorized changes to Software Artifacts Used for Software Development
An intermediate artifact is an item (document, file, script, library, and so on) that’s used during the development of software. Signing these artifacts throughout the development cycle ensures they aren’t modified except by the authorized author. If changes to a file or script are required, developers can do that within the development environment, code sign it, and then store the signed artifact in their repository for later use. Code signing these intermediate artifacts helps to guard against infiltrators inserting undesired elements during the build process.
Modern software development methodologies utilize many different components, such as the ones shown below. If any of these components are compromised with malware, it could result in a serious breach. Because of this, it’s imperative that your software development teams code sign all the intermediate artifacts they use to build software.
Unsafe IT Automation Scripts and Business Macros
Digitally signing your IT automation scripts and macros binds your identity to the code. Users of your automation scripts or macros then can trust that the script or macro really did come from you and hasn’t been modified by a third party. This can alleviate an end-user’s concern about running unsafe code. Any changes to the script or macro made after the signature has been applied, such as insertion of a virus, will invalidate the signature, protecting your name and reputation.
Conclusion
Code signing is a critical security control that provides software with a machine identity used to verify its legitimacy. For code signing, these machine identities manifest as digital certificates and private keys, both of which must be secured.
Organizations protect software with the help of code signing—ensuring that software receives a digital signature that guarantees the identity of the author and the integrity of the code. When your company’s code is signed with a private key and an accompanying certificate, it’s supposed to confirm your company is the author and the code is trustworthy, assuring the software’s integrity.
Your customers expect products signed with your code signing certificates to be secure, and that’s how they rely on your brand to deliver safe products.
