Nvidia’s breach might help cybercriminals run malware campaigns

2022-03-08 00:40

Code-signing certificate theft - more common than you might think.

The compromise of signing certificates is an old technique that's been used in the past by several cybercriminals to sign their malware.

On the cyber espionage side of things, digital certificate theft for signing malware is also relatively common.

Stealing digital signing certificates from software companies seems to be juicy enough for some threat actors who have shown the ability to quickly deploy malware signed with certificates from different legitimate companies.

The reason for this lies in Microsoft's driver-signing policy, which states that the operating system will run drivers "Signed with an end-entity certificate issued prior to July 29th 2015 that chains to a supported cross-signed CA.".

Microsoft will probably provide user updates to revoke the stolen certificates, but it might be problematic, since some older legitimate Nvidia drivers are also signed with these certificates and might trigger errors.

News URL

https://www.techrepublic.com/article/nvidias-breach-might-help-cybercriminals-run-malware-campaigns/

#breach #cybercriminal #malware #nvidia

News URL

Related news