“Destover” Malware Results from Sony Hack

Since the massive hack on Sony Pictures in November, Kaspersky Labs revealed that the malware”Destover,” is using a stolen digital certificate from Sony to possibly attack other computer systems.

In other words, since the certificate is trusted by default on many computers, the malware would have an easier time getting around defense mechanisms, like antivirus software. And due to the leak, a dump of files, which include Sony’s security certificates and signing keys, could be exploited.

“If digital certificates signed by SPE were leaked in the breach it could pose serious issues for other companies’ IT security teams,” says Trey Ford, global security strategist for Rapid7. “Cybercriminals can use stolen digital certs to sign the malware, allowing them to pass through many corporate IT security systems undetected.”

Adrian Sanabria, a cybersecurity analyst at 451 Research, told Mashable via email that while this isn’t particularly a big deal, Sony should revoke their security certificates immediately.

“Personally, I’m surprised the certificates weren’t revoked the moment Sony found out that they had been compromised and included in the leaked data,” says Sanabria. “Revoking compromised certificates is the equivalent to notifying your bank when you find out your wallet was stolen, so they can disable your credit cards.”

However, using certificates to help legitimize malicious software is something new. In the past, Adobe retracted its code-signing certificate after it was discovered to be used in malware.

While the motives behind the Sony Pictures hack remain inconclusive, all possibilities are being considered from an inside job to a possible North Korean link. The FBI however has indicated that they do not believe there are any ties to North Korea at this time.



Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.

Click to comment