Phishing & Fraud

The Internet is Marred with Deceit

It can be difficult for users to decipher if the sites they are visiting are really what they say they are. Deceptive tactics such as phishing are used by hackers as an attack vector to penetrate an organization’s defenses and trick users into revealing sensitive information. According to CISA, more than 90% of all cyber attacks begin with phishing.

Businesses are becoming increasingly aware of the damaging repercussions of successful phishing attacks. Users are deceived into opening websites that appear legit but are actually malicious setups designed to steal sensitive data like access credentials. Bad actors employ different tricks from using matching color palettes and images to creating look-alike domains that appear similar to legit websites.

Significance of Certificates in Cyber Defense

Secure Sockets Layer (SSL) certificates are critical components in the field of cyber security. They are what make the "s" in https:// possible. They facilitate secure connections, such as between an individual’s web browser and a server, thereby ensuring a level of confidentiality as well as data integrity. Nonetheless, if misused, these certificates create a false sense of trust, paving the way for malicious actors to carry out attacks.

What is Certificate Transparency (CT)?

The concept of certificate transparency necessitates that every new SSL certificate be documented in an open registry. This publicly accessible record permits anyone to examine and verify the certificates, ensuring their validity while detecting unauthorized issuance. The idea behind certificate transparency is to reduce the potential risks linked with SSL certificate abuses. Its goal is to establish a framework in which all distributed SSL certificates are recorded, monitored and audited transparently.

Certificate transparency is used to spot phishing websites, reliably and swiftly. This requires an evaluation of the certificate’s validity, reviewing the reputation of its issuing authority and making sure there are no inconsistencies when comparing information in the certificate with known attributes. Businesses can then spot certificates that may be intended for use as part of a phishing attack.

Benefits of Certificate Transparency

1. Earlier threat detection - Certificate transparency gives organizations a mechanism to identify fake/unauthorized certificates. Domain owners can spot certificates issued by malicious actors without their consent or certificates that don’t comply with their policy.
2. Swift threat mitigation - Certificate transparency monitoring provides organizations the visibility needed to take action when an unauthorized certificate is discovered. In turn, the issuing certificate authority (CA) can be contacted to revoke the certificate.
3. Provides better insight - Certificate transparency promotes integrity within the overall certificate infrastructure. This visibility keeps issuing Certificate Authorities accountable which bolsters trust and promotes a safer online environment.

Overseeing Certificate Transparency Logs

Transparency logs can be directly consumed for the purposes of monitoring for threats. This particular method requires a level of technical expertise. To give an idea of the scale, there are over forty acknowledged certificate transparency logs in existence. It is required to consistently refresh the inventory of logs, adding and eliminating entries as changes occur. To this regard, adequate continual monitoring involves both keeping tabs of log changes and continually monitoring the contents of the logs.

The contents of each log, which encompasses over 4 billion records, reaches a total of 17TB. Given that certificates can show up in multiple logs, deduplication is an essential practice. Lastly, it’s necessary to parse the leaves within the Merkle Tree for extraction of certificate details.

Services for Monitoring External Factors

Cyber threat intelligence services such as ThreatHarvest provide certificate monitoring so that organizations can uncover fraudulent use of certificates. These services eliminate the complexity of consuming and analyzing the transparency logs directly. Without that burden, organizations can focus on outcomes rather than managing the data and can keep their attention on taking action when potential threats are identified.