Search This Blog

Showing posts with label SSL Hacks. Show all posts

Hackers Use SSL Certificates to Launch Malware Attack


The latest report published by Meno Security indicates that 52% of the top one million websites have "HTTPS" in their URL, not traditional "HTTP." 

Despite this, the data says that these organizations that don't conduct satisfactory SSL reviews are more vulnerable to breaches and cyberattacks. According to recent research, hackers, while creating phishing websites, now use SSL as well, which endangers the organization's effort to keep its workers safe. In 96.7% of all user-initiated website visits that work over HTTPS, a mere 58% (approx) of the URL connections are HTTPs in the email, which indicates that firewalls and proxies are unaware of the threat until the organizations conduct an SSL investigation.


If the users are in the illusion that the green lock sign of HTTPS means they are safe, they might want to consider it again, for the hackers use the encryption too. Many people still think that as long as they have an SSL certificate, their webspace is secure, which, unfortunately, is not valid. Recent cyberattacks show that the malware is prone to these types of SSL certificate, and is now hiding behind this sign, which was once a symbol of safety. Many organizations from the beginning have relied upon firewalls and proxies to ensure the safety of web access.

But many organizations in the present time ignore the decryption and inspection SSL certificates, which has become very crucial. Point to be noted is that when the SSL decryption is enabled, the operations of these devices are down by a factor of five, which is why these enterprises refrain from conducting SSL inspection. Since 2014, even Google started giving priority in rankings to HTTPS websites on its Search Engine Result Page, considering they are safer.

According to Kowsik Goswami, chief technology officer at Menlo Security, there are many reasons why many enterprises don't turn SSL inspection. The main reason is privacy, as many organizations are concerned about their employees' privacy when they investigate the links the employees have visited. The other reason is performance, as the operations turn down by a factor of 5 when SSL inspection is on.

SSL Certificate Authority KPN stopped issuing certificates

SSL(Secure Socket Layer) Certificate Authority , KPN stopped issuing certificates after the detection of DDOS Tool on Server.  KPN is Netherlands based SSL certificated provider.  They found DDOS tool on their server during the Security Audit, the tool may have been there for as long as four years.
"Although there is no evidence that the production of the certificate is compromised, can not be completely excluded that this did happen. Therefore, KPN Corporate Market (formerly Getronics) decided the application and issuance of new certificates temporarily discontinued, pending further investigation. This is to ensure that the certificates be issued optimal procedure is safe and reliable.

KPN has replaced the web servers. An additional, independent investigation takes place to ensure that KPN complies with the required safeguards, procedures and rules applicable to the issue of Internet safety certificates. Interior Ministry and Logius, agency e-government, are closely involved in the processA."  Said in official statement,translate to english.

Previously, Another Dutch Based Certificate authority, DigiNotar compromised by unknown attacker,issuing a huge number of fraudulent, but valid, certificates for high-value domains, including some belonging to Google, Yahoo, the CIA and others. This results in DigiNotar went out of Business and KPN get new customers from DigiNotar. But now KPN Server is Breached.

KPN has replaced the web servers. An additional, independent investigation takes place to ensure that KPN complies with the required safeguards, procedures and rules applicable to the issue of Internet safety certificates. Interior Ministry and Logius, agency e-government, are closely involved in the process.