Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Skill or Knowledge Level: Low
Knowledge of common location methods and access methods to sensitive data
Skill or Knowledge Level: High
Ability to compromise systems containing sensitive data
Restrict access to private keys from non-supervisory accounts
Restrict access to administrative personnel and processes only
Ensure all remote methods are secured
Ensure all services are patched and up to date
Sigbjørn Vik. "Security breach stopped". http://my.opera.com/securitygroup/blog/2013/06/26/opera-infrastructure-attack. 2013-06-26.
Patrick Morley. "Bit9 and Our Customers’ Security". https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/. 2013-02-08.
Brad Arkin. "Inappropriate Use of Adobe Code Signing Certificate". http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html. 2012-09-27.
More information is available — Please select a different filter.