Making sure that you are secure every time you surf the net is getting more challenging these days. No matter what type of high tech security system you may have installed, it seems hackers will inevitably find some creative way to breach it. Reportedly, hackers are now buying SSL certificates to make their malware appear legit and, as a result, make them easier to bypass security protocols.
This latest trend in cybercrime was discovered through research conducted by the Recorded Future’s Insikt Group. Apparently, there is an online market where anyone, including hackers, can just buy legitimate certificates from issuing authorities.
— RMK Consulting, LLC (@rmkconsulting) February 22, 2018
Of course, this is a jarring contrast to the common belief that SSL certificates used in illegal activities were only obtained through theft from companies and developers. According to researchers, these certificates were not stolen from their rightful owners but were purposely created for specific buyers and registered under stolen corporate identities. When malware is given this level of apparent legitimacy, it will be harder for traditional network security measures to detect them.
“It’s been generally accepted that security certificates circulating in the criminal underground were stolen from legitimate owners prior to being used in nefarious campaigns,” Recorded Future director of advanced collection Andrei Barysevich explained. “However, our most recent analysis indicates this is not the case. We have confirmed—with a high degree of certainty—that counterfeit certificates are created for specific buyers, per request only, and registered using stolen corporate identities.”
SSL certificates are used in a process known as code signing. The process identifies the author or developer of a particular code and is used to authenticate its trustworthiness. They can be considered an extra layer of defense against cyber threats. In fact, some companies like Apple will not allow a program to be executed if it is not code-signed.
Prices for these SSL certificates vary greatly in the underground digital market. According to the report, they can be purchased for as little as $299 while the pricier ones could cost up to $1,599. However, the Recorded Future team does not believe that the legitimate owners of these SSL certificates are aware that their corporate digital data is used for these activities.[Featured image via Pixabay]