D7 The Modus Operandi of EV Certificate Fraudsters: Findings from the Field
Date & Time
Tuesday, June 23, 2020, 10:40 AM - 11:30 AM
David Maimon

New research results show the prevalence and value of SSL/TLS certificates on the dark web, including availability, packaging, pricing and purchasing process. Digital transformation has increased our reliance on encryption, but cybercriminals now use encryption SSL/TLS certificates in attacks.

To understand the availability of SSL/TLS certificates on the dark web, the Evidence-Based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey spearheaded a research program. The research demonstrates the existence of a dark web marketplace for SSL/TLS certificates and the results of responsible disclosure will hopefully shed light on where the EV certificate issuance process is being exploited.

  • Recognizing the different types of services packaged with certificates on the dark web—both crimeware and legitimate services used to further attacks
  • How dark web SSL/TLS certificate availability, packaging and pricing can impact attack usage
  • How EV certificates are purchased on the dark web for use with malicious or spoofed sites
  • Insights from the sales and the responsible disclosure process to understand weaknesses in the EV certificate issuance process

Technical Level: Medium

Session Type
Main Conference Session