Skip to main content
banner image
venafi logo

Top 10 TLS Threats of 2019

Top 10 TLS Threats of 2019

image of a person typing on a laptop with an icon of a shield with a keyhole in it, hovering above his hands
December 31, 2019 | Scott Carter

Machine identity protection has evolved

considerably since the days of Stuxnet and Flame. But so have attackers. As we continue to see an explosion of keys and certificates that fuel digital transformation, we are also seeing more attacks and vulnerabilities that impact machine identities. Cyber criminals realize how valuable machine identities are, especially when used to create a false sense of trust. It’s a crafty way to disguise a variety of nefarious acts—as evidenced by the value of certificate toolkits on the dark web.

It’s great to know your enemy. But it’s even better to proactively prepare to prevent attacks. Let’s take a look back at the top 10 TLS threats, attacks and vulnerabilities we covered in 2019 [listed in chronological order].


List of the top ten TLS threats of last year:

  1. New Poodles Can Bypass Your TLS
    Many organizations must maintain backwards compatibility with older cryptographic standards, which may leave their networks vulnerable to exploits such as the recently discovered Zombie POODLE and GOLDENDOODLE.

  2. ASUS Code Signing Attack Impacts 1M Users
    Bad actors used stolen code signing keys to modify the ASUS Live Update Utility to deliver malicious files packaged in legitimate-looking automatic updates, delivering an unauthorized backdoor to approximately one million people.

  3. Sea Turtle Uses Weak DNS Security for Nation-State Attacks
    By illicitly modifying the name records on DNS servers, Sea Turtle can redirect domain name traffic to perform cyberattacks, with primary targets including Eastern Europe, North Africa, and the Middle East.

  4. New ‘Cipher Stunting’ Helps Attackers Evade Detection
    New technique called “cipher stunting,” which involves randomizing SSL/TLS signatures, to target airlines, banking institutions and dating websites, can improve the chances of digital attacks evading detection.

  5. Reductor Compromises TLS Connections to Mark and Monitor Victims
    This Remote Administrative Tool (RAT) compromises network traffic and manipulates TLS certificates on the victim’s authorized certificates store and marks outbound TLS connections for use in monitoring, espionage and execution of secondary stage infection.

  6. ZenDesk Breach Compromises TLS Certificates
    While early investigation from ZenDesk determined that information belonging to a small percentage of customers was accessed prior to November of 2016. This data included. The compromised data included TLS encryption keys provided to Zendesk by customers.

  7. Imperva API Key Compromise
    In a nutshell, it appears that a breach at Imperva was enabled by an API key that was left on a forgotten server, stolen and used in an attack. Imperva released a detailed and pretty transparent statement regarding their breach, its causes and their remedial actions.

  8. NordVPN Breach Compromised TLS Certificates
    Three private keys leaked, which were used to acquire NordVPN’s TLS certificate. It’s possible that another leaked key could have been used to access a private certificate authority that NordVPN used to issue digital certificates.

  9. Xhelper Uses Pinned Certificate to Thwart Removal  
    This Android threat uses a pinned certificate—a hardcoded recognition of the “machine identity” of the remote C&C server. As a result, the encrypted, malicious traffic especially difficult to examine.

  10. Trojan Targets Facebook Ads Manager with Code-Signed Malware
    An information-stealing Trojan disguised as a PDF reader steals Facebook and Amazon session cookies as well as sensitive data from the Facebook Ads Manager. Executables were signed by digital certificates issued by a legitimate Certificate Authority (CA).


Does your organization have the visibility, intelligence and automation to fight TLS threats like those we saw in 2019? What about 2020 and beyond?



Related posts


Like this blog? We think you will love this.
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more