Why edge and endpoint security matter in a zero-trust world

In February, Nvidia was hit with a cyberattack by Lapsus$, an international hacking group known for their cyberattacks on enterprises. The group was able to gain access to multiple systems and at least two code-signing certificates, giving the cyberattackers the option to digitally sign malicious code, bypass security defenses and compromise endpoints. Following the attack, at least two binaries not created by Nvidia were found online, signed with the stolen keys. The attack provides a sobering reminder of how machine identities are vulnerable to attack using stolen code-signing certificates. 

Stolen certs show edge and endpoint security’s widening gaps 

Developers use code-signing certificates to verify the authenticity of their apps’ code, endpoint security agents and integration points across networks. Cyberattackers, including Lapsus$ and others, put a high value on these certificates because they can use them to impersonate legitimate device drivers and code to take control of devices, endpoints and sensors. Cyberattackers use this growing technique to distribute malware across endpoints and enterprise networks. 

Modifying code-signing certificates is now one of the most sophisticated, popular approaches to controlling edge and endpoint security devices on a network while launching malware attacks. Cyberattackers continue using Nvidia’s stolen code-signing certificates to disguise malware code as legitimate while attempting to launch attacks. Last year, impersonating legitimate code was integral to the SolarWinds supply chain attack. 

Nvidia having terabytes of data exfiltrated and code-signing certificates stolen show how fragile edge and endpoint security can be. Using stolen code-signing certificates to make device drivers, executables and source code look legitimate is among the toughest endpoint breaches to stop. 

Longstanding gaps in endpoint security are getting wider, enabling more sophisticated breach attempts due to the following: