HomeNewsHackers now have the access of most-secured corporate data files on Dark Web

Hackers now have the access of most-secured corporate data files on Dark Web

Most Read

Cyber criminals now have access to the most-secured data files used to facilitate confidential communication between organisations’ servers and clients’ computers on the Dark Web, say researchers.

According to the team from Georgia State University and the University of Surrey, a thriving marketplace for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates exists on a hidden part of the Internet.

- Advertisement -

SSL and TLS are security technology (https protocol) that protects the transfer of data and information between computers and servers.

Networked machines use keys and SSL/TLS certificates to identify and authenticate themselves when connecting to each other, much like humans employ user names and passwords to go online.

According to the researchers, when these certificates are sold on the darknet, they are packaged with a wide range of crimeware that delivers machine identities to cybercriminals who use them to spoof websites, eavesdrop on encrypted traffic, perform attacks and steal sensitive data, among other activities.

“One very interesting aspect of this research was seeing TLS certificates packaged with wrap-around services — such as Web design services — to give attackers immediate access to high levels of online credibility and trust,” informed lead author David Maimon, Associate Professor in Georgia State.

A search of five marketplaces in the darknet uncovered 2,943 mentions for SSL and 75 for TLS.

In comparison, there were just 531 mentions for ransomware.

It was surprising to discover, he added, how easy and inexpensive it is to acquire extended validation certificates, along with all the documentation needed to create very credible shell companies without any verification information.

“This study found clear evidence of the rampant sale of TLS certificates on the Dark Net,” said Kevin Bocek, Vice President of Security and Threat Intelligence for cyber security firm Venafi.

“Every organisation should be concerned that the certificates used to establish and maintain trust and privacy on the Internet are being weaponised and sold as commodities to cyber criminals.”

Subscribe To Morning Newsletters

Sign up to receive the latest news stories, exclusive interviews, and more in your inbox.

We don’t spam! Read our privacy policy for more info.

Editor's Pick

Krishna Mali
Krishna Mali
Founder, CEO & Group Editor of TechGraph.

Read More Stories

UK Housing Market Grinds to a Halt as Rates Bite

Britain’s once-thriving housing sector is now flatlining amid a tightening chokehold of astronomical mortgage rates. New data reveals house...

Tech Mahindra Set up Innovation Centre In Espoo Finland

India-based multinational technology company, Tech Mahindra has today inaugurated its innovation centre in Espoo, Finland. The new centre will accommodate...

Apple’s first ever dual-sim iPhone

The Indian Apple users are in for a treat as the leading smartphone manufacturer introduces its first-ever dual SIM...

Starmer Pledges New EU Pact to Stem Channel Migrant Crisis

UK Labour leader Sir Keir Starmer has proposed a plan to improve cooperation with the European Union to address...

Now, US users can see what Apple has collected from their device

Apple Inc on Wednesday rolled out an online tool to users in the United States and several other countries...

China Vows to Fight EU’s Electric Vehicle Subsidy Probe

An economic skirmish is brewing as China fired back fiercely against the European Union’s (EU) subsidy probe into its...