Skip to main content
banner image
venafi logo

Code Signing Certificates: A Dark Web Best Seller

Code Signing Certificates: A Dark Web Best Seller

code signing certificate
March 14, 2018 | Eva Hanscom

According to new research from Recorded Future, Dark Web vendors are creating and selling code signing certificates that mis-use machine identities stolen from corporations. Prices for the certificates range from $299 to $1,599 and each one is unique to the buyer. These certificates are typically delivered within two - to four days.

Code signing certificates are used to verify the authenticity and integrity of computer applications and software. They make up a vital element of internet and enterprise security. Cyber criminals can take advantage of compromised code signing certificates to install malware on enterprise networks and consumer devices.

“All certificates are issued by reputable companies, such as Comodo, Thawte, and Symantec, and have proved to be extremely effective in malware obfuscation,” writes Andrei Barysevich, security researcher for Recorded Future. “We believe that legitimate business owners are unaware that their data was used in the illicit activities.”

Recorded Future notes that the malicious use of stolen code-sign certificates become noticeable in 2011, however, it took until 2015 for them to become widely available on the Dark Web. As time progresses, Barysevich fears that well-funded, actors, such as nation-states, may use fake certificates for more sophisticated and targeted attacks.

Last year, Venafi released a report on a six-month investigation into the sale of code signing certificates on the Dark Web. Like Recorded Future, we found that certificates were readily available for purchase, but expensive, selling for higher prices than counterfeit U.S. passports, stolen credit cards and even handguns.

“Our research proved that code signing certificates are lucrative targets for cyber criminals,” said Kevin Bocek, chief security strategist for Venafi. “With stolen code signing certificates, it’s nearly impossible for organizations to detect malicious software. Any cyber criminal can use them to sign malware, ransomware, and even launch kinetic attacks that are blindly trusted.”

In addition, Bocek points out these assets are used in multiple occurrences. "Code signing certificates can be sold many times over before their value begins to diminish, making them huge money makers for hackers and dark web merchants. All of this is fueling the demand for stolen code signing certificates.”

Want to learn more? Take a look at our infographic to see how much a certificate is worth on the Dark Web, and what else you could buy for the same amount.

Are your certificates on the Dark Web?

Related posts

Like this blog? We think you will love this.
woman touching a floating glass screen in the middle of a city at night
Featured Blog

Venafi Study: How Much Do Global Consumers Worry About Private Data Protection?

According to the survey, consumers do not trust major cyber security talking points pushed by the

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies

Machine Identity Protection for Dummies

About the author

Eva Hanscom
Eva Hanscom

Eva is Public Relations Manager at Venafi. She is passionate about educating the global marketplace about infosec and machine-identity issues, and in 2018 grew Venafi's global coverage by 45%.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more