Wednesday, August 17, 2016

Managed Social Engineering Based Code Signing Generating Certificate Service Spotted in the Wild

Cybercriminals are masters of social engineering, potentially tricking, tens of thousands of users on a daily basis, into falling victims into fraudulent cybercrime-friendly campaigns, generating them, hundreds of thousands of fraudulent revenues, successfully, contributing to the growth of multiple underground market segments, within, the underground marketplace.

In this post, we'll discuss a newly launched service, empowering, both, novice, and experienced cybercriminals, with the necessary tools and know how, to further commit, fraudulent activities, in the form of socially engineered code signing certificates, obtained through the registration of bogus and non-existent companies.

Priced at $1,000 per certificate, the service is also offering discounts on a volume basis, including custom contacts based customization files, including detailed info about the rogue company, used in the code signing process. Relying on basic 'visual social engineering' concepts, cybercriminals are perfectly positioned, to execute a successful campaign on a mass scale, or in a targeted nature, successfully targeting tens of thousands of users.

We expect to continue observing relevant code signing as a service, type of cybercrime-friendly propositions, within the cybercrime ecosystem, with more market vendors, entering the market segment, further positioning themselves, as market leaders, through basic market segmentation, and efficient social engineering techniques.