Skip to main content
banner image
venafi logo

Broken Trust – Exposing the Malicious Use of Digital Certificates and Cryptographic Keys

Broken Trust – Exposing the Malicious Use of Digital Certificates and Cryptographic Keys

generic_blog_banner_image
November 7, 2013 | Gavin Hill

Digital certificates and cryptographic keys are interwoven into our everyday lives. Think about it: from accessing the Wi-Fi hotspot at your local coffee shop to flying across the county, keys and certificates are entwined into the very fabric of cyber-space. They help to authenticate and secure person-to-machine and machine-to-machine communications—creating the foundation for secure online transactions. Data at rest or in transit is secured by keys and certificates. They establish trust.

But what happens when trust is broken? When malicious actors take advantage of trust established by keys and certificates, turn that trust against you, and use certificates and keys for nefarious gain. That’s exactly what is happening. The last few years have seen a rampant increase in the use of keys and certificates as an attack vector against organizations. It’s important to recognize cyber-criminals’ motives and techniques to understand how to better protect yourself from the onslaught of attacks on keys and certificates.

Generally, there are three types of cyber-criminals: cyber-crime actors, cyber-espionage actors, and other threat actors such as hacktivist groups. Cyber-crime actors are motivated by financial gain, whereas cyber espionage actors are driven by the collection of intellectual property (IP). Hacktivists, on the other hand, are motivated by ideologies such as religious beliefs, or political views.

iSIGHT logo

Venafi collaborated with ISIGHT Partners to highlight some examples of how reliant society is on keys and certificates, and how cyber-criminals exploit keys and certificates to gain illicit access to organizations. ISIGHT Partners provides detailed information about the different types of cyber-criminals, including:

  • Threat actor threat sources
  • Threat actor attack methodologies
  • Threat actor attack surface

What’s very evident from the research is that cyber-criminals will use any tactic they can to gain access into an organization’s network. The Broken Trust white paper includes a few case studies that show exactly how cyber-criminals use keys and certificates to their advantage, exploiting the trust keys and certificates are meant to establish. Some of the case studies include:

  • Using certificates in a spam campaign
  • Pharming
  • Using Secure Shell (SSH) to infiltrate a network and expand a user’s rights within that network
  • Using Secure Sockets Layer (SSL) to disguise communications

The alarming part is that the examples in the paper are by no means an exhaustive list. On a daily basis, news outlets report new ways cyber-criminals are taking advantage of the blind trust most organizations have in keys and certificates.

whitepaper

Download your copy of the Broken Trust whitepaper to learn more.

Like this blog? We think you will love this.
image of a person holding a cell phone with the word "malware" and a warning triangle on the screen
Featured Blog

The Enigma of Xhelper

Before we get into the details, here’s what I find puzzling: nobody seems ready

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat