Since the massive hack on Sony Pictures in November, Kaspersky Labs revealed that the malware”Destover,” is using a stolen digital certificate from Sony to possibly attack other computer systems.
In other words, since the certificate is trusted by default on many computers, the malware would have an easier time getting around defense mechanisms, like antivirus software. And due to the leak, a dump of files, which include Sony’s security certificates and signing keys, could be exploited.
“If digital certificates signed by SPE were leaked in the breach it could pose serious issues for other companies’ IT security teams,” says Trey Ford, global security strategist for Rapid7. “Cybercriminals can use stolen digital certs to sign the malware, allowing them to pass through many corporate IT security systems undetected.”
Adrian Sanabria, a cybersecurity analyst at 451 Research, told Mashable via email that while this isn’t particularly a big deal, Sony should revoke their security certificates immediately.
“Personally, I’m surprised the certificates weren’t revoked the moment Sony found out that they had been compromised and included in the leaked data,” says Sanabria. “Revoking compromised certificates is the equivalent to notifying your bank when you find out your wallet was stolen, so they can disable your credit cards.”
However, using certificates to help legitimize malicious software is something new. In the past, Adobe retracted its code-signing certificate after it was discovered to be used in malware.
While the motives behind the Sony Pictures hack remain inconclusive, all possibilities are being considered from an inside job to a possible North Korean link. The FBI however has indicated that they do not believe there are any ties to North Korea at this time.