How are advanced attacks taking advantage of keys and certificates?
Never have organizations faced such a barrage of cyber-attacks. Cybercriminals and nation-states are successfully syphoning off their intellectual property. More than a terabyte of data is stolen each day (The Verge). Despite the fact that companies will spend US$68.34 billion globally on cyber security solutions this year (Security Affairs), 95 percent of them are already compromised (FireEye).
Cybercriminals have discovered a new attack vector: Exploiting the trust that keys and certificates establish.
By using keys and certificates, hackers are able to go about their business on your network, authenticated, and with legitimate access. They are able to successfully steal your data while remaining undetected for months—sometimes years—at a time. Stuxnet and Duqu provided the blueprint, and now attacks on keys and certificates are commonplace. Common Trojans such as Zeus and SpyEye steal these trust assets.