New research results show the prevalence and value of SSL/TLS certificates on the dark web, including availability, packaging, pricing and purchasing process. Digital transformation has increased our reliance on encryption, but cybercriminals now use encryption SSL/TLS certificates in attacks.
To understand the availability of SSL/TLS certificates on the dark web, the Evidence-Based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program. The research demonstrates the existence of a dark web marketplace for SSL/TLS certificates and the results of responsible disclosure will hopefully shed light on where the EV certificate issuance process is being exploited.
- Recognizing the different types of services packaged with certificates on the dark web—both crimeware and legitimate services used to further attacks
- How dark web SSL/TLS certificate availability, packaging and pricing can impact attack usage
- How EV certificates are purchased on the dark web for use with malicious or spoofed sites
- Insights from the sales and the responsible disclosure process to understand weaknesses in the EV certificate issuance process
Technical Level: Medium