News

"Destover” Malware Results from Sony Hack

Since the massive hack on Sony Pictures in November, Kaspersky Labs revealed that the malware"Destover,” is using a stolen digital certificate from Sony to possibly attack other computer systems.

In other words, since the certificate is trusted by default on many computers, the malware would have an easier time getting around defense mechanisms, like antivirus software. And due to the leak, a dump of files, which include Sony's security certificates and signing keys, could be exploited.

“If digital certificates signed by SPE were leaked in the breach it could pose serious issues for other companies’ IT security teams," says Trey Ford, global security strategist for Rapid7. "Cybercriminals can use stolen digital certs to sign the malware, allowing them to pass through many corporate IT security systems undetected."

Adrian Sanabria, a cybersecurity analyst at 451 Research, told Mashable via email that while this isn’t particularly a big deal, Sony should revoke their security certificates immediately.

"Personally, I’m surprised the certificates weren't revoked the moment Sony found out that they had been compromised and included in the leaked data," says Sanabria. "Revoking compromised certificates is the equivalent to notifying your bank when you find out your wallet was stolen, so they can disable your credit cards."

However, using certificates to help legitimize malicious software is something new. In the past, Adobe retracted its code-signing certificate after it was discovered to be used in malware.

While the motives behind the Sony Pictures hack remain inconclusive, all possibilities are being considered from an inside job to a possible North Korean link. The FBI however has indicated that they do not believe there are any ties to North Korea at this time.

 

——————————

LIVE PYMNTS TV OCTOBER SERIES: POWERING THE DIGITAL SHIFT – B2B PAYMENTS 2021 

Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment

TRENDING RIGHT NOW