Skip to main content
banner image
venafi logo

Attack on Trust Threat Bulletin: Malicious Certificates Issued in India Threatens All Enterprises

Attack on Trust Threat Bulletin: Malicious Certificates Issued in India Threatens All Enterprises

generic_blog_banner_image
July 11, 2014 | Kevin Bocek
Situation

On 8 July 2014 Google reported it had discovered certificates issued without authorization for the multiple Google-owned domains from the National Informatics Centre (NIC) Certificate Authority (CA). NICCA CA certificates are Intermediate CA certificates issued by the Indian Controller of Certifying Authorities (ICCA). NICCA CA certificates, and as a result NICCA, are trusted in Microsoft Windows and other applications, which makes this is a serious security issue for all enterprises worldwide. There are some reports that other malicious certificates were issued to fraudulently represent Yahoo and other organization. It is not clear whether this malicious action was due to fraud, breach, or complicity from the Indian authorities.

Threat

No information is available on the actors who requested or maliciously issued these certificates but their intent should be assumed to be malicious. Certificates issued for a domain would allow for spoofing of websites, encrypted communications to be disclosed, and information to be tampered with. With information obtained from the attack, attackers may proceed to steal more data or elevate privileges from credentials gained through operations. Any communication with Google, including Gmail, Google Drive, and other applications, could be compromised for all organizations and individuals worldwide, not just those operating in India. And it appears that other web services that businesses and governments communicate with, including Yahoo, have also been targeted with malicious certificate issuance.

Impact

ICCA, and as a result, NICCA-issued certificates, are trusted by Microsoft Certificate Store, including Internet Explorer and Google Chrome. NICCA CAs may be trusted in other enterprise applications. Therefore, the certificates issued for Google domains (and likely others including at least Yahoo) would be trusted allowing for websites to be spoofed, sensitive information captured, and all traffic decrypted. 

Recommended Remediation

Venafi recommends customers use the Venafi Trust Protection Platform to take the following actions:

  1. Detect NICCA certificates with Venafi TrustAuthority:
    • Scan for any certificates on their network issued by NICCA
    • Evaluate if NICCA CA certificates are trusted by enterprise applications
    • Report and escalate any NICCA CA certificates and issued certificates
  2. Remediate with Venafi TrustForce
    • Remove all NICCA CA certificates using certificate whitelisting
  3. Review CA Compromise Plan

Please contact Venafi support with any questions or help with remediation.

Additional Resources
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CA Agility: What Should Security Leaders Do Next?

Maximizing Your CA Agility: Why This Issue Is So Important Right Now

new Venafi technology network

Venafi Technology Network Changes the Way Machine Identities Are Protected

About the author

Kevin Bocek
Kevin Bocek

Kevin Bocek writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat