itb-nz logo
Story image

SSL/TLS certificate marketplaces thriving on dark web - study

07 Mar 2019

Machine identity protection solutions provider Venafi has today announced the first set of findings from an academic study of the availability of SSL/TLS certificates on the dark web and their role in the cybercrime economy.

The research, sponsored by Venafi and undertaken by researchers at the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies at Georgia State University and the University of Surrey uncovered thriving marketplaces for TLS certificates sold individually and packaged with a wide range of crimeware.

Together, these services deliver machine-identities-as-a-service to cybercriminals who wish to spoof websites, eavesdrop on encrypted traffic, perform man-in-the-middle attacks and steal sensitive data.

“This study found clear evidence of the rampant sale of TLS certificates on the dark net,” says Venafi security and threat intelligence vice president Kevin Bocek.

“TLS certificates that act as trusted machine identities are a key part of cybercriminal toolkits – just like bots, ransomware and spyware. There is a lot more research to do in this area, but every organisation should be concerned that the certificates used to establish, and maintain, trust and privacy on the internet are being weaponised and sold as commodities to cybercriminals.”

Key study findings include:

  • Five of the Tor network markets observed offer a steady supply of SSL/TLS certificates, along with a range of related services and products.

  • Prices for certificates vary from $260 to $1,600, depending on the type of certificate offered and the scope of additional services.

  • Researchers found extended validation certificates packaged with services to support malicious websites such as Google-indexed “aged” domains, after-sale support, web design services, and integration with a range of payment processors – including Stripe, PayPal and Square.

  • At least one vendor on BlockBooth promises to issue certificates from reputable Certificate Authorities along with forged company documentation – including DUNS numbers. This package of products and services allows attackers to credibly present themselves as a trusted US or UK company for less than $2,000. 

One representative search of these five marketplaces uncovered 2,943 mentions for “SSL” and 75 for “TLS.”

In comparison, there were just 531 mentions for “ransomware” and 161 for “zero days.”

It was also evident that some marketplaces – such as Dream Market – appear to specialise in the sale of TLS certificates, effectively providing machine-identity-as-a-service products.

In addition, researchers found that certificates are often packaged with other crimeware, including ransomware.  

“One very interesting aspect of this research was seeing TLS certificates packaged with wrap-around services – such as web design services – in order to give attackers immediate access to high levels of online credibility and trust,” says Evidence-based Cybersecurity Research Group director, security researcher and report author Dr David Maimon.

“It was surprising to discover how easy and inexpensive it is to acquire extended validation certificates, along with all the documentation needed to create very credible shell companies without any verification information.”

Download image
Why VPNs need more than a username and password
VPNs aren’t just used by a handful of users any more – now, contractors, vendors, partners, employees, and sometimes even customers will need to access your business VPN.More
Story image
Latest Micro Focus release empowers organisations with greater data insights
Micro Focus has released the Vertica 10 Analytics Platform, delivering a range of updates to enable machine learning and unified predictive analytics at scale.More
Story image
PMT Security launches body-temp scanning solution for enterprise, Seadan to distribute
"It was a no-brainer for us to choose our trusted partners Seadan. We engaged and took advice from them during the decision-making process to find the best UNV product to bring to market."More
Story image
How our publisher harnessed machine learning to overhaul Techday websites
Our publisher, Sean Mitchell, went to CoderSchool in Ho Chi Minh City to learn how to implement machine learning into Techday.More
Story image
How data warehouses have become the new data lakes for business
While data lakes are great when it comes to storage, they don’t perform well when it comes to analysis and reporting. The vast volumes and multiple formats mean that traditional data warehouse tools are unsuitable and another approach needs to be found.More
Story image
COVID-19: Adobe unveils index to track changes in consumer behaviour
In an effort to track and analyse the ways in which the pandemic is changing retail behaviour, Adobe has revealed its Digital Economy Index, which analyses trillions of online transactions across 100 million product SKUs in 18 product categories. More