The Week When Attackers Started Winning The War On Trust

  • 22 November 2014
  • 0 replies
  • 240 views

Userlevel 7
By Kevin Bocek  Posted on 11/21/2014
 
The misuse of keys and certificates is not exotic or hypothetical. It's a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
 There are always surprises in the field of cyber security. But this past week, something different seemed to happen that is really disconcerting. We saw four major news stories about how adversaries’ campaigns and methods hit the web with one common theme: The trust established by cryptographic keys and digital certificates is being misused everywhere.
What actually happened?
First, Kaspersky released a report on DarkHotel -- a very effective APT campaign enabled by dozens of misused digital certificates used to target traveling executives using hotel WiFi networks. These executives thought they were transmitting data privately, in an authenticated way, but the malware operators used compromised certificates to get in between unsuspecting executives and their businesses.
 
full article

0 replies

Be the first to reply!

Reply