Digital certificates are the only true representation of trust online, and now hackers are using this trust against us. In fact, selling digital certificates has become quite a lucrative job. Cybercriminals steal these certificates and in turn, gain access to valuable data. Some even sell for up to $1,200 each on the dark web, making them more expensive than handguns, counterfeit passports, and stolen credit cards, according to research by the Cyber Security Research Institute.1
How valuable are stolen digital certificates?
Unlike humans, machines cannot visually identify, validate and establish trust with other machines. They need a system that can help them establish trust on their behalf anywhere in the world. This makes these certificates perhaps the most valuable assets a hacker attempting to infiltrate an enterprise could acquire.
There are different types of digital certificates that are used for different purposes. For example, a stolen SSL/TLS certificate can impersonate a legitimate website and capture valuable data from its customers. Every month, more than 1.4 million websites are added using stolen SSL/TLS certificates.2 Even the most well-known websites (like Facebook and Google) are spoofed every day.
Apart from just SSL/TLS certificates, cyber criminals can also use stolen client certificates to impersonate a client for successful man-in-the-middle attacks. These attacks became more common after the infamous Stuxnet attack was uncovered. An enterprise’s end-point protection is usually the last line of defense against hackers. Attackers can compromise that protection either by disabling it and blocking its digital certificate (as seen with CertLock3) or by tricking the system into installing malware with a trusted certificate.
Making enterprises even more vulnerable to these attacks is the fact that the compromised certificates do not necessarily need to be valid. Hackers can utilize expired certificates, too. This is due to the way many products authenticate resource-intensive signature checks. By focusing on reducing the stress on a user’s resources, hackers take the opportunity to evade detection using a simple and inexpensive method.
With rising numbers of phishing, malware and ransomware schemes plaguing enterprises worldwide, are we willingly putting ourselves at risk by blindly trusting digital certificates?
In many circumstances, the answer is most certainly “yes.”
The technology itself is not the blame here. Instead, we must take the necessary steps to counter the misuse of this technology.
Like it or not, digital certificates are the face of an enterprise online. Therefore, it is the user’s responsibility to take the security measures necessary to protect them.
Conclusion
There are two major things that drive the value of any entity. One is – rarity, and the other is – usefulness. For hackers, the value of a digital certificate is currently driven by its usefulness in spoofing trusted sites and installing malware worldwide. However, with the deployment of competent technology to counter the misuse of digital certificates, their value will soon be driven by their rarity. This, in turn, will drive up the cost of stolen certificates and will make it nearly impossible and much too expensive to launch a certificate-based attack.
However, until we get there, enterprises must maintain complete control over their digital certificates. As the rate of digital certificate adoption increases4, using cumbersome, manual processes (like spreadsheets) for managing these certificates immediately places them on the hacker’s radar. Instead, enterprises can remain diligent in managing and tracking them by adopting specialized tools like AppViewX’s Certificate Lifecycle Automation Solution to help manage and automate the entire certificate lifecycle, extinguishing threats before it is too late.
3 https://www.appviewx.com/blogs/hackers-striking-heart-machine-identities-digital-certificates/
4 https://letsencrypt.org/stats/