Sign up for our weekly newsletter!
REGISTER NOW |
||
|
||
Attackers Sell Growing Number of Legitimate SSL Certificates![]() Sales of legitimate SSL certificates are on the rise on the Dark Web, as attackers find an effective means to trick network security applications into allowing their malicious payloads to come through, according to a recent report. A sharp spike in code signing certificates used as a layered obfuscation technique to distribute malicious payloads began making the rounds across the globe last year, security researchers at Recorded Future note in a report issued February 22. Attackers are stealing data from companies and submitting it to certificate authorities like Comodo, Thawte and Symantec and receiving legitimate SSL certificates for those particular companies, the report notes. "The certificates are created for a specific buyer per request only and are registered using stolen corporate identities, making traditional network security appliances less effective," states Andrei Barysevich, director of advanced collection at Recorded Future, in the report. He added that the legitimate business owners are often unaware their data was stolen and used for nefarious purposes. History and demand for legit SSL certificatesUse of legitimate SSL certificates are believed to have first appeared in 2011, when an attacker managed to pilfer 500 legitimate SSL certificates from certificate authority DigiNotar, according to the book Android Apps Security by Sheran Gunasekera. The attacker used the rogue SSL certificates to carry out man-in-the-middle attacks and because DigiNotar had its root certificate in all modern browsers the attacker was able to validate them with ease. According to Gunasekera's book, websites that accepted the rogue SSL certificates included *.google.com, *.android.com, *microsoft.com, and others. Eventually, web developers began to blacklist DigiNotar's certificate and the company later filed for bankruptcy, the book notes. Four groups of malicious attackers are well known in this area of code signing certificates and have been active since 2011, Barysevich notes in his report. But it wasn't until 2015 that these legitimate SSL certificates were first offered for sale on the Dark Web, he adds. In 2017, demand for legitimate SSL certificates jumped higher, he notes.
![]() Product listing advertised by a threat actor
(Source: Recorded Future) [email protected], one of the first attackers to offer rogue SSL certificates, claimed in advertisements on the Dark Web that payload installations using these SSL certificates would increase the buyer's success rate by 30% to 50%, Barysevich notes in his report. However, despite such claims, some threat actors note that success rates are lower with Google's Chrome browser because of some advanced security metrics it uses, whereas Internet Explorer, Firefox and Safari browsers may have higher success rates, Barysevich states in the report. Future use of rogue legitimate SSL certificatesDespite attackers increasingly purchasing rogue legitimate SSL certificates, this practice is not expected to become a common aspect of cybercrime. "Unlike ordinary crypting services readily available at $10 to $30 per each encryption, we do not anticipate counterfeit certificates to become a mainstream staple of cybercrime due to its prohibitive cost," Barysevich states. However, nation-state actors and more sophisticated cybercriminals who are interested in highly targeted attacks are more apt to use the rogue SSL certificates in their attacks, he adds. And just how expensive are fake SSL certificates? The most affordable version of these rogue SSL certificates costs $299. Meanwhile, the starting price for a domain name registration with an EV SSL certificate costs $349, and a comprehensive Extended Validation (EV) certificate with a rating for a SmartScreen reputation goes for $1,599. Related posts:
— Dawn Kawamoto is an award-winning technology and business journalist, whose work has appeared in CNET's News.com, Dark Reading, TheStreet.com, AOL's DailyFinance, and The Motley Fool. |
Only 38% of CISOs and IT security professionals are asked for their input when IoT projects are launched, despite frequent attacks against IoT devices, according to a recent Trend Micro report.
The Justice Department has charged North Korean national Park Jin Hyok with conspiracy to commit wire fraud and computer-related fraud in several high-profile cases, including the WannaCry ransomware virus attack and Sony Pictures Entertainment hack. Will cases like this temper future cyber attacks?
Researchers discover a new Mirai-variant IoT botnet that appears linked to IoTroop or Reaper botnet, allowing attackers to easily update malicious code on the fly.
Panera Bread, Hudson Bay and Under Armour all took it on the chin within the last two weeks, falling prey to a round of cyber attacks that have hit the retail industry hard.
A woman shot and wounded three people at YouTube's headquarters on Tuesday, a tragic event that shines a light on the industry's long-running debate over whether physical and IT security departments should be merged under one roof.
Information Resources
upcoming Webinars
ARCHIVED
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London Podcasts
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security. ![]() like us on facebook
|
|
![]() |
||
![]() |
Security Now
About Us
Contact Us
Help
Register
Events
Supporting Partners
Twitter
Facebook
RSS
Copyright © 2019 Light Reading, part of Informa Tech, a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use in partnership with
|