New research results show the prevalence and value of SSL/TLS certificates on the dark web, including availability, packaging, pricing and purchasing process. Digital transformation has increased our reliance on encryption, but cybercriminals now use encryption SSL/TLS certificates in attacks.
To understand the availability of SSL/TLS certificates on the dark web, the Evidence-Based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program. The research demonstrates the existence of a dark web marketplace for SSL/TLS certificates and the results of responsible disclosure will hopefully shed light on where the EV certificate issuance process is being exploited.
Technical Level: Medium