Microsoft disrupts malware code-signing service used by ransomware gangs
Summary
Microsoft has disrupted Fox Tempest, a large malware code-signing service used by ransomware gangs to make malicious software harder to detect on Windows. The service, which charged between $5,000 and $9,000, utilized stolen identities and impersonated legitimate organizations to obtain over 1,000 code-signing certificates. This operation allowed cybercriminals to distribute malicious installers for common enterprise software, ultimately deploying various types of malware.
IFF Assessment
This disruption is bad news for defenders as it targeted a service that enabled cybercriminals to bypass security measures and distribute malware more effectively.
Defender Context
The disruption of this code-signing service highlights the evolving modularity of cybercrime, where specialized services are bought and sold to facilitate attacks. Defenders should be aware of this trend and the increasing sophistication of malware delivery mechanisms, even those that appear legitimate due to digital signatures.