By Kevin Bocek Posted on 11/21/2014
The misuse of keys and certificates is not exotic or hypothetical. It's a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
There are always surprises in the field of cyber security. But this past week, something different seemed to happen that is really disconcerting. We saw four major news stories about how adversaries’ campaigns and methods hit the web with one common theme: The trust established by cryptographic keys and digital certificates is being misused everywhere.
What actually happened?
First, Kaspersky released a report on DarkHotel -- a very effective APT campaign enabled by dozens of misused digital certificates used to target traveling executives using hotel WiFi networks. These executives thought they were transmitting data privately, in an authenticated way, but the malware operators used compromised certificates to get in between unsuspecting executives and their businesses.
full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.