Don’t take vulnerability for granted
According to Bloomberg news, hackers compromised the FBI email system and sent thousands of emails from an account. More cyberattacks have been threatened.
Hackers compromised the Federal Bureau of Investigation’s external email system on November 13, 2021. Thousands of emails were sent out from an FBI email account warning about a possible cyberattack. The FBI said it, along with the Cybersecurity and Infrastructure Security Agency, is “aware of the incident this morning involving fake emails from an @ic.fbi.gov email account.”
Among numerous email systems that belong to the FBI, the hacked one is supposed to be public-facing. This means that FBI agents and employees use this email system to send across emails to the public. According to Austin Berglas, head of professional services at the cybersecurity company BlueVoyant, there is a separate email system that agents are required to use when transmitting classified information.
Spamhaus Project, a non-profit organization based in Andorra and Switzerland, confirmed that the attacks started in the wee hours in New York. It has been roughly estimated that the spam messages ultimately reached at least 100,000 mailboxes.
The emails had the subject line: “Urgent: threat actor in systems.” Signed by the U.S. Department of Homeland Security, the email warned recipients that the threat actor appeared to be cybersecurity expert Vinny Troia, who last year penned an investigation of the hacking group, “The Dark Overlord.”
Although there was no malware attached to the emails, the hackers could have tried to smear Troia or planned a campaign to spam the FBI with calls, as mentioned by Spamhaus.
Preventing cyberattacks from the ground-up
When evading cyberattacks, it all comes down to how well the identities of both humans and machines are managed. From the SolarWinds hack to the Equifax breach to the current FBI attack, almost every episode starts with a threat actor gaining access to the organization’s critical infrastructure by breaking or stealing a device or user’s credentials.
With digital transformation in full bloom, manual processes are continuously being automated. This means more devices are getting added to networks and these endpoints need to be protected by installing certificates on them.
How do you take control of your digital certificates?
X.509 certificates are digital certificates that use the X.509 public key infrastructure (PKI) specification to derive private and public key pairs for various applications. They are used by web-application systems and mobile and IoT devices for authentication and encryption purposes. The most common application of this specification is SSL/TLS certificates and are used to authenticate the identity of the web-application owner and secure communication between the application and the end-user online. Accepted by operating systems and browsers worldwide, these certificates represent the foundation of digital trust.
Certificate-related outages usually stem from a few persistent cases of mismanagement, like expiration or invalidity. It is important to note that such events can be prevented by using a robust certificate management system. By streamlining and automating the certificate lifecycle process, the possibility of error is almost eliminated, rendering businesses safe from PKI-related anomalies.
How can organizations go about implementing a robust certificate lifecycle management system?
An excellent way to start would be by:
- identifying the manual, error-prone certificate processes
- determining if automation is a viable alternative to those processes
- deploying certificate management systems to automate
Manage your digital certificates the smart way
Here are five best practices for certificate management if you would like a quick overview of the fundamental guiding principles for managing digital certificates.
Discover certificates from various devices and applications. Perform unauthenticated network scan as well as an authenticated scan of devices, certificate authority (CA) accounts, and cloud accounts to discover as many certificates as possible.
Central Inventory and Analytics
The central inventory provides insights into certificate expiry timelines and crypto standards (e.g., cipher strength, key size, TLS protocol version) and helps avoid application outages by renewing on time.
Protect private keys
Use a central key escrow like an encrypted software vault or a hardware security module (HSM) to ensure maximum protection. Automate certificate lifecycle processes to eliminate the need for human access to the key and avoid key roaming.
Granular access control
Employ a granular, multi-layer access control approach where access to each functionality in the certificate lifecycle (discovery, monitoring, renewal, issuance, provisioning) can be configured based on a person’s role.
Save time and effort, avoid manual errors and potential compromises by automating the entire certificate lifecycle process right from issuance/renewal of certificates to provisioning/binding of the certificate to the application using the certificate.
AppViewX certificate lifecycle management provides extensive visibility into the multi-vendor certificate and encryption key infrastructure to prevent threats. Application, network, and security engineers may self-service and initiate automation workflows that deliver compliance and true business agility.