As startling as it may sound but cybercriminals now have access to the most-secured data files used to facilitate confidential communication between organisations’ servers and clients’ computers on the Dark Web. Although Ransomware have been available in the dark web as a service for quite some time now but security certificates is a new phenomena.
According to the team from Georgia State University and the University of Surrey, a thriving marketplace for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates exists on a hidden part of the Internet. This means anyone can have access to security certificates to make a fake website and gain confidential information from users.
SSL and TLS are security technology (https protocol) that protects the transfer of data and information between computers and servers. Networked machines use keys and SSL/TLS certificates to identify and authenticate themselves when connecting to each other, much like humans employ usernames and passwords to go online. Another interesting addition to the research was the finding that these certificates are sold on the darknet, they are packaged with a wide range of crimeware that delivers machine identities to cybercriminals who use them to spoof websites, eavesdrop on encrypted traffic, perform attacks and steal sensitive data, among other activities. That means security breach package is being sold as a commodity and is a big reason for it to thrive.
“One very interesting aspect of this research was seeing TLS certificates packaged with wrap-around services — such as Web design services — to give attackers immediate access to high levels of online credibility and trust,” informed lead author David Maimon, Associate Professor in Georgia State. A search of five marketplaces in the darknet uncovered 2,943 mentions for SSL and 75 for TLS.
In comparison, there were just 531 mentions for ransomware. It was surprising to discover, he added, how easy and inexpensive it is to acquire extended validation certificates, along with all the documentation needed to create very credible shell companies without any verification information. “This study found clear evidence of the rampant sale of TLS certificates on the Dark Net,” said Kevin Bocek, Vice President of Security and Threat Intelligence for cybersecurity firm Venafi.
Since this is not a one person gets affected phenomena, every organisation should be concerned that the certificates used to establish and maintain trust and privacy on the Internet are being weaponized and sold as commodities to cybercriminals.