Dark Web Markets Host Thriving Trade in Weaponized TLS Certs

Infosecurity Magazine | March 07, 2019

Dark Web Markets Host Thriving Trade in Weaponized TLS Certs
Researchers have uncovered a thriving underground market in TLS certificates sold on their own and packaged with crimeware to help launch a range of attacks. Sponsored by Venafi, the SSL/TLS Certificates and Their Prevalence on the Dark Web report was carried out by researchers at the Evidence-based Cybersecurity Research Group at the Andrew Young School of Policy Studies, Georgia State University and the UK’s University of Surrey. It revealed that, although SSL/TLS certificates are essential to protecting user privacy and security and enhancing digital trust, they are also an attractive target for hackers. The researchers observed a steady influx of certs on five TOR-based dark web markets — Dream Market, Wall Street Market, BlockBooth, Nightmare Market and Galaxy3. Some, like Dream Market, specialized in the sale of SSL/TLS certificates for use in attacks. Prices ranged from $260 to $1600, depending on the type of certificate offered and the scope of additional services, which could include malicious websites and ransomware.

Spotlight

SonicWall is a cybersecurity company with thousands of partners around the world. They needed to optimize their sales kick-offs with new tools available. 6Connex helped them increase engagement between teams and streamline their processes.  Learn how.

Spotlight

SonicWall is a cybersecurity company with thousands of partners around the world. They needed to optimize their sales kick-offs with new tools available. 6Connex helped them increase engagement between teams and streamline their processes.  Learn how.

Related News

DATA SECURITY

ActZero to Partner with Zeguro to Give Holistic Cyber Risk Management and Response for all Businesses

ActZero | June 10, 2021

ActZero, a cybersecurity startup, has decided to partner with Zeguro, a cyber-insurance provider, to create a complete cyber risk management solution for mid-size and small-size businesses. As ransomware is becoming the norm and bad actors come against SMBs that are less-well-resourced, businesses seek far better solutions for security and insurance. To keep business premiums low and business secure, cyber insurance providers have long been advocated for clients to leverage response and detection capabilities that will reduce various risks of cyber threats in operations. This relationship will enable multiple organizations to know about management strategies of risks across both paths. The intelligent managed detection and response (MDR) service of ActZero provides protection, response, and monitoring 24/7 support. Earlier times, advanced cybersecurity technologies were accessed by corporates only as it was considered a luxury. SMBs can effectively prevent intrusions and manage threats with ActZero. Innovation in machine learning and artificial intelligence and a novel combination of threat-hunting expertise of the platform will assist SMBs for it. ActZero has the capabilities that strengthen its clients to elucidate and toughen their security, strengthen their defense competencies, and significantly decrease risk over time. The mission of Zeguro is to simplify cyber insurance through effortlessly achievable and comprehensible cyber quotes that can obtain in a few minutes. Customers of ActZero can take benefit of its relationship with Zeguro to inexpensively accomplish coverage for loss of revenue from payment fraud, breaches, regulatory fines, ransomware, and more. About ActZero ActZero enables companies to become secure utilizing fewer internal resources. They combine threat hunting expertise with emerging AI and ML technology to identify more vulnerability more quickly, proactively recommend and prioritize actions to seal gaps, rapidly contain and remediate threats and ultimately harden their customers' cybersecurity posture. They illuminate a different path forward for IT and security professionals that don't involve building one's own SOC. About Zeguro Zeguro provides holistic risk management to organizations of all sizes through its integrated cybersecurity and cyber insurance solutions. These solutions include insurance premiums tailored to the sector, size, and profile of a company and a suite of Cyber Safety tools for risk mitigation and compliance.

Read More

DATA SECURITY

Google Announces Cybersecurity Action Team to Support the Security Transformations of Public and Private Sector Organizations

Cybersecurity Action Team | October 13, 2021

Google announced the Google Cybersecurity Action Team. Made up of experts from across the company, the Google Cybersecurity Action Team will be the world's premier security advisory team with the singular mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises and small businesses. To deliver on this mission, the Google Cybersecurity Action Team will provide: Strategic advisory services for customers' security strategies, including transformation workshops and educational content. This function will advise customers on the structure of their digital security transformation and provide program management and professional services support. Trust and compliance services that map our global compliance certifications to industry control frameworks, enabling customers to simplify their compliance journey. Security customer and solutions engineering that deliver proven blueprints and architectures for deploying Google Cloud products and services securely and in accordance with regulatory requirements, as well as comprehensive solutions for autonomic security operations, cyber resilience and more. Threat intelligence and incident response services, which include threat briefings, preparedness drills, incident support and rapid response engagements to stay on top of the evolving security landscape. The vision of this team is to guide customers through the cycle of security transformation - from their first transformation roadmap and implementation, through increasing their cyber-resilience preparedness for potential events and incidents, and engineering new solutions as requirements change. This effort will begin within Google Cloud, building on our close partnerships with organizations of all sizes, and will evolve to bring Google security to more organizations as it progresses. "Cybersecurity is at the top of every C-level and board agenda, given the increasing prominence of software supply chain exploits, ransomware, and other attacks. To address these unprecedented security challenges facing organizations in every industry today, we are announcing the creation of the Google Cybersecurity Action Team," said Thomas Kurian, CEO of Google Cloud. "The Google Cybersecurity Action Team is part of our ongoing commitment to be the best partner for our enterprise and government customers along their security transformation journey." Recent attacks like USAID, Colonial Pipeline, and Solarwinds all speak to a major shift in the needs of threat protection. In August, Google dedicated $10 billion over the next five years to strengthen cybersecurity, including expanding zero trust programs, securing software supply chain frameworks, enhancing open-source security and strengthening the digital security skills of the American workforce. The Google Cybersecurity Action team is one of our efforts under these commitments. "The Cybersecurity and Infrastructure Security Agency (CISA) recently established the Joint Cyber Defense Collaborative (JCDC). This initiative will unite government and private sector entities to enhance efforts to prevent and respond to malicious cyber activity against the nation's critical infrastructure," said CISA Director Jen Easterly. "It's great to see a large company like Google Cloud orient itself to support the cybersecurity of all organizations large and small through its Cybersecurity Action Team, and as part of the JCDC and other initiatives, we look forward to partnering with them and other tech companies in this vital effort." "Google Cloud has been a critical partner in the BBVA security journey, helping us protect our customers' sensitive and proprietary data with modern frameworks like zero trust and secure-by-default products like Google Workspace," said Alvaro Garrido, Chief Security Officer at BBVA. "We look forward to the strategic services and guidance the Google Cybersecurity Action Team will deliver as we continue on our security transformation." Under the Google Cybersecurity Action Team, Google Cloud will deliver full spectrum security and customer engineering solutions that will help organizations address business and security challenges. These will build on existing offerings like Autonomic Security Operations, which helps businesses transform their organization's Security Operations Center (SOC) and Web App and API Protection, which provides customers a comprehensive solution for protecting against modern internet threats. Today, Google Cloud announced a new security and resiliency framework that delivers customers a comprehensive security management program with cloud technologies that are aligned to the National Institute of Standards and Technology's Cybersecurity Framework. Additionally, Google also announced its new Work Safer offering, designed to help organizations, their employees, and partners collaborate and communicate securely and privately in today's hybrid work environment. It uniquely brings together the cloud-native, zero-trust solutions of Google Workspace with industry-leading solutions from across Google and its cybersecurity partners, CrowdStrike and Palo Alto Networks. Customers need a consistent approach to preparing for and defending against cybersecurity threats,Our comprehensive suite of security solutions delivered through our platform and amplified by the Google Cybersecurity Action Team will help protect organizations against adverse cyber events with capabilities that address industry frameworks and standards. Phil Venables, Vice President and Chief Information Security Officer at Google Cloud and founder of the Google Cybersecurity Action Team About Google Cloud Google Cloud accelerates organizations' ability to digitally transform their business with the best infrastructure, platform, industry solutions and expertise. We deliver enterprise-grade solutions that leverage Google's cutting-edge technology – all on the cleanest cloud in the industry. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

Read More

SOFTWARE SECURITY

Trend Micro Detected Nearly 13 Million Malware Events Targeting Linux-based Cloud Environments

Trend Micro Incorporated | August 24, 2021

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today released new research on the state of Linux security in the first half of 2021. The report gives valuable insight into how Linux operating systems are being targeted as organizations increase their digital footprint in the cloud and the pervasive threats that make up the Linux threat landscape. As of 2017, 90% of public clouds workloads ran on Linux. According to GartnerÒ, "Rising interest in cloud-native architectures is prompting questions about the future need for server virtualization in the data center. The most common driver is Linux-OS-based virtualization, which is the basis for containers.1" Linux allows organizations to make the most of their cloud-based environments and power their digital transformation strategies. Many of today's most cutting-edge IoT devices and cloud-based applications and technology run on some flavor of Linux, making it a critical area of modern technology to secure. "In the industry, we see some very creative attacks and we have to stay ahead. Protecting the company, our employees, and our intellectual property is a priority," says John Breen, Global Head of Cybersecurity at Flowserve. "We'll continue to work closely and collaborate with Trend Micro to ensure our people and our company remain protected." "It's safe to say that Linux is here to stay, and as organizations continue to move to Linux-based cloud workloads, malicious actors will follow," said Aaron Ansari, vice president of cloud security for Trend Micro. "We have seen this as a main priority to ensure our customers receive the best security across their workloads, no matter the operating system they choose to run it on." The report revealed that most detections arose from systems running end-of-life versions of Linux distributions, including 44% from CentOS versions 7.4 to 7.9. In addition, 200 different vulnerabilities were targeted in Linux environments in just six months. This means attacks on Linux are likely taking advantage of outdated software with unpatched vulnerabilities. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response.

Read More