Certificates employed in malware campaign

Cyber criminals are using free certificates in order to conduct malvertising attacks, says a recent Trend Micro report.

Encryption expert Let’s Encrypt has seen its charity been subject to abuse, with hackers employing this latest tactic to trick unsuspecting users.

Trend Micro identified malicious websites using a Let’s Encrypt certificate in December, with web traffic coming from Japan. Micro believes that the con is only a part of a larger one that it discovered in September, where 3,000 websites in Japan were affected and close to 500,000 users were subjected to the campaign.

This particular con results in the users being a victim of the Angler Exploit Kit, well-known malware named after an ugly fish.

Trend Micro I.T. security consultant Bharat Mistry told SCMagazineUK.com how the  certificates could be distributed while undetected. Mistry said:

“The hackers created a sub-domain for which they requested a new Lets Encrypt certificate – and because there is no stringent checking of the certificate requester, Lets Encrypt has generated and supplied a new certificate.”

The subdomain certificate is then employed in encrypting any traffic between the online user and the ad.

Both individual users and businesses need to be savvier in the current climate where we are seeing more advanced campaigns attempting to mislead users. Businesses, at least, are in a position to do more about it by posting information security jobs to professionals trained in recognising and combatting such attacks. With many firms maintaining large files of user data, they would be encouraged to take such action.