The Top Software Supply Chain Attacks: Code Signing at Risk

Reading Time : 5 minutes

In an era dominated by interconnected software systems and widespread dependency on third-party libraries, software supply chain attacks have become a significant threat to organizations and individuals. These attacks exploit software development and distribution vulnerabilities, aiming to compromise the integrity and security of applications. Among the various techniques attackers employ, one particularly alarming avenue is the compromise of code-signing mechanisms. Code signing, a trusted method developers use to verify software authenticity, is now under increased scrutiny due to its susceptibility to sophisticated supply chain attacks.

The Role of Code Signing in Software Security

Code signing plays a crucial role in maintaining the security and trustworthiness of software applications. It involves digitally signing software binaries or components using a cryptographic key, thus associating them with a known entity, such as a developer or organization. The primary purposes of code signing include:

• Authenticity Verification

  Code signing allows users to verify the origin and integrity of software. Users can ensure that malicious actors have not tampered with or modified the software by checking the digital signature.

• Trust Establishment

  When software bears a valid code signature, it establishes trust between the developer and the end-user. Users are more likely to trust and install signed software, believing it to be from a reputable source.

• Mitigating Malware Risks

  Code signing helps identify and prevent the installation of malware or unauthorized software. Operating systems and security software often treat unsigned or improperly signed applications as potential security risks, raising warnings or blocking their execution.

Notable Software Supply Chain Attacks

• SolarWinds Attack

  The SolarWinds attack, discovered in late 2020, exposed the vulnerabilities in software supply chains. The attackers compromised the build process of SolarWinds’ Orion software, injecting a malicious backdoor into the distributed software updates. As the software was signed with a valid digital certificate, it bypassed traditional security measures, allowing the attackers to gain unauthorized access to numerous high-profile organizations and government agencies.

• ASUS Live Update Attack

  In 2019, attackers compromised the ASUS Live Update utility by distributing a compromised software update to many users. The attackers delivered malware-infected binaries to unsuspecting users by impersonating a legitimate update. The compromised update was signed with a valid code signing certificate stolen from ASUS, making it difficult for antivirus software to detect the threat.

Code Signing Vulnerabilities and Mitigation Measures:

• Certificate Theft

  Attackers target code-signing certificates through various means, including social engineering, phishing, or compromising the certificate authorities (CAs). Once in possession of a stolen certificate, attackers can sign malicious software, making it appear legitimate to unsuspecting users. Developers should adopt strong certificate management practices to mitigate this risk, including secure storage, two-factor authentication, and regular certificate audits.

• Weak Certificate Verification

  Developers should enforce stringent certificate validation processes, promptly verifying the chain of trust and revoking compromised or expired certificates. In some cases, developers fail to implement strict verification mechanisms, allowing weak or expired certificates to be used. Attackers can exploit this oversight by signing malware with self-signed or fraudulent certificates.

• Compromised Build Environments

  Supply chain attacks often target the built environments of software development organizations. By compromising the build systems, attackers can inject malicious code into the final product. Developers must adopt robust security measures for build environments, including secure access controls, continuous monitoring, and vulnerability assessments.

Recent Trends in Code Signing Attacks

Code-signing attacks have witnessed notable trends in recent years as cybercriminals continually evolve their tactics. Understanding these trends can help organizations stay vigilant and implement effective security measures. Here are a few key subheadings to explore:

• Supply Chain Poisoning

  Attackers have increasingly targeted the software supply chain by injecting malicious code into legitimate software packages during the build or distribution process. This poisoning technique allows them to bypass traditional security measures and distribute compromised software to unsuspecting users.

• Certificate Abuse and Forgery

  Cybercriminals have exploited vulnerabilities in the certificate infrastructure to abuse and forge code-signing certificates. They either steal legitimate certificates from developers or create fraudulent certificates that appear authentic. These tactics enable them to sign malicious software and deceive users into believing it is from a trusted source.

• Targeted Attacks on High-Value Software

  Hackers have shifted their focus towards high-value software targets, such as widely used operating systems, enterprise applications, or critical infrastructure software. Compromising the code signing process for such software can have far-reaching consequences, allowing attackers to infiltrate numerous organizations and cause significant damage.

• Sophisticated Certificate Spoofing

  Attackers have employed advanced techniques to spoof code signing certificates, making their malicious software appear more convincing. This includes creating certificates with similar names or manipulating certificate metadata to match legitimate entities closely. Such tactics make it challenging for users and security software to differentiate between genuine and malicious software.

Best Practices for Secure Code Signing

To mitigate the risks associated with code signing and protect against software supply chain attacks, organizations should implement the following best practices:

• Secure Key Management

  Safeguard the private keys used for code signing, ensuring they are stored securely and accessible only to authorized personnel. Employ strong encryption, hardware security modules (HSMs), and regular key rotation to minimize the impact of key compromise.

• Certificate Lifecycle Management

  Establish robust certificate issuance, renewal, and revocation procedures. Implement stringent verification processes when requesting or renewing certificates. Regularly audit and monitor certificates in use, promptly revoking any compromised or expired certificates.

• Build System Security

  Strengthen security measures around the built environment, including secure access controls, intrusion detection systems, and continuous monitoring. Regularly update and patch build tools and dependencies to mitigate known vulnerabilities.

• Supply Chain Integrity

  Implement strict controls throughout the software development lifecycle, including secure code repositories, continuous integration and deployment (CI/CD) pipelines, and regular security audits. Validate the integrity of third-party components and libraries before incorporating them into software projects.

• User Education and Awareness

  Educate users about the importance of code signing and how to verify the authenticity of the software. Promote awareness of potential risks and common attack vectors, such as social engineering or phishing attempts impersonating legitimate software updates.

Conclusion

Code signing, once a trusted method for software authenticity verification, has become a prime target for sophisticated supply chain attacks.

Organizations must proactively address code-signing vulnerabilities, adopt robust security measures, and stay updated on emerging attack trends to protect their software supply chains and maintain user trust in an increasingly interconnected digital landscape.