Security Market Segment LS
Wednesday, 06 March 2019 18:56

TLS/SSL certificates regularly traded on the 'dark web'

By

Recent research sponsored by Venafi has uncovered thriving marketplaces for TLS certificates sold individually and packaged with a wide range of crimeware.

Any time people make a secure Web connection (the "s" in HTTPS), the browser establishes that connection by way of an SSL certificate. Alternately, if one is connecting to one's corporate office via VPN, one is most likely protecting that connection with TLS (Transport Layer Security).

As Venafi, a global 5000 security company, notes, "TLS/SSL certificates provide machines — everything from applications, websites, devices and even algorithms — with a digital identity. In the wrong hands, they can be powerful weapons, giving hackers the appearance of legitimacy, allowing them to set up convincing spoofing websites for phishing attacks, or to bypass security controls to carry out man-in-the-middle attacks, putting them in high demand by hackers. "

Resent research sponsored by Venafi and undertaken by researchers at the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey, found that:

  • TLS/SSL certificates are being sold with cyber crime "bundles": TLS/SSL certificates are being sold as part of hacker "toolkits", alongside malicious websites and ransomware. Some markets even specialised in the sale of TLS/SSL machine identities "as-a-service", bundled in with aged Web domains, after-sale support, website design, and even integration with popular payment processors like Stripe, PayPal and Square. In fact, five of the Tor network markets observed offer a steady supply of SSL/TLS certificates, along with a range of related services and products.
  • TLS/SSL certificates are more widely available on some sites than ransomware or zero days: One representative search of the five marketplaces uncovered 2943 mentions for "SSL", compared with only 531 mentions for "ransomware" and just 161 for "zero days", highlighting the scale of vulnerability to machine identity-based attacks.

DarkWeb search counts

  • Legitimate certificate authorities are being tricked into issuing questionable certificates: Vendors are issuing certificates from reputable certificate authorities, such as GoDaddy and Digicert, allowing hackers to present themselves as trusted US or UK companies for less than US$2000.
  • Prices for certificates vary from US$260 to US$1600, depending on the type of certificate and additional services sought.
  • Researchers found extended validation certificates packaged with services to support malicious websites such as Google-indexed "aged" domains, after-sale support, Web design services, and integration with a range of payment processors – including Stripe, PayPal and Square.

An "aged domain" is one that has been established for some considerable time and has been deeply embedded in Google's search databases.

The authors conclude: "This project provides evidence of the existence of an online underground market for TLS certificates, specifically the presence of vendors on online underground markets that are promising to issue EV certificates for US and UK companies for less than US$2000. At this point, we are not sure how large this market is, whether the quality of goods offered matches vendor listings, or which parties are interested in purchasing these commodities. However, we plan to continue our research and keep investigating this issue."

Read 2618 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments