Flame and Stuxnet are notable examples of what cyber technique?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the SANS Advanced Incident Response, Threat Hunting, and Digital Forensics (FOR508) Test. Prepare with comprehensive materials, flashcards, and multiple choice questions with hints and explanations. Ace your exam with confidence!

Multiple Choice

Flame and Stuxnet are notable examples of what cyber technique?

Explanation:
Using stolen code signing certificates exploits trust in software publishers. Digital code signing binds software to a publisher and helps systems trust that the code hasn’t been tampered with. Security tools and operating systems often treat signed binaries as legitimate, which is why attackers prize stolen signing keys. Flame and Stuxnet carried malware that was signed with certificates stolen from real vendors. Because the payload appeared to come from a trusted source, it could execute with less friction, load as drivers or components, and operate covertly within targeted networks. That stealth is what made these campaigns so effective, allowing the malware to bypass many defenses that focus on unsigned or untrusted code. This approach is different from credential stuffing, phishing campaigns, or ransomware deployment. It attacks the trust model itself—what the system accepts as legitimate—by misusing valid signatures rather than merely trying to obtain credentials, trick users, or encrypt data for ransom. Defensive takeaways include protecting private signing keys (prefer hardware security modules), monitoring for unusual or new code signing activity, validating certificates and revocation status, practicing strict application whitelisting, and scrutinizing drivers and binaries loaded on critical systems for unexpected signatures.

Using stolen code signing certificates exploits trust in software publishers. Digital code signing binds software to a publisher and helps systems trust that the code hasn’t been tampered with. Security tools and operating systems often treat signed binaries as legitimate, which is why attackers prize stolen signing keys.

Flame and Stuxnet carried malware that was signed with certificates stolen from real vendors. Because the payload appeared to come from a trusted source, it could execute with less friction, load as drivers or components, and operate covertly within targeted networks. That stealth is what made these campaigns so effective, allowing the malware to bypass many defenses that focus on unsigned or untrusted code.

This approach is different from credential stuffing, phishing campaigns, or ransomware deployment. It attacks the trust model itself—what the system accepts as legitimate—by misusing valid signatures rather than merely trying to obtain credentials, trick users, or encrypt data for ransom.

Defensive takeaways include protecting private signing keys (prefer hardware security modules), monitoring for unusual or new code signing activity, validating certificates and revocation status, practicing strict application whitelisting, and scrutinizing drivers and binaries loaded on critical systems for unexpected signatures.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy