Cybercriminals
are masters of social engineering, potentially tricking, tens of
thousands of users on a daily basis, into falling victims into
fraudulent cybercrime-friendly campaigns, generating them, hundreds
of thousands of fraudulent revenues, successfully, contributing to
the growth of multiple underground market segments, within, the
underground marketplace.
In
this post, we'll discuss a newly launched service, empowering, both,
novice, and experienced cybercriminals, with the necessary tools and
know how, to further commit, fraudulent activities, in the form of
socially engineered code signing certificates, obtained through the
registration of bogus and non-existent companies.
Priced at $1,000 per certificate, the service is also offering discounts on a volume basis, including custom contacts based customization files, including detailed info about the rogue company, used in the code signing process. Relying on basic 'visual social engineering' concepts, cybercriminals are perfectly positioned, to execute a successful campaign on a mass scale, or in a targeted nature, successfully targeting tens of thousands of users.
We
expect to continue observing relevant code signing as a service, type
of cybercrime-friendly propositions, within the cybercrime ecosystem,
with more market vendors, entering the market segment, further
positioning themselves, as market leaders, through basic market
segmentation, and efficient social engineering techniques.