Nation-state attackers will maintain their focus on keys and certificates
2018 looks to be a big year for cybercrime—at least judging by the trends. 2017 currently holds the distinction of the most chaotic year in cybercrime’s short history. Per Gemalto, In just the first six months of 2017, there were over 900 data breaches, compromising over 1.9 billion (with a B) records. That’s more than all of 2016 combined.
Jing Xie, a Senior Threat Intelligence Analyst for Venafi believes the trend will continue into 2018. And it’s not just the private sector that’s behind the attacks, either. State-sponsored cybercrime is on the rise, too.
“In 2017, attackers working for nation-states focused on efficiency and return on investment and they were very successful,” said Xie. “As a result, we should expect to see escalations and variations of similar attack vectors this year.”
Xie provides some predictions for 2018, a couple of which have a direct impact on the SSL industry.
Nation-state attackers will maintain their focus on keys and certificates. The ongoing wrestling match between super powers will move from clandestine programs that are largely carried out behind the scenes to more public attacks aimed at critical infrastructure and services. Due to vital security assets controlling encrypted communication between machines, many cyber attacks will leverage compromised or rogue keys and certificates. A nation-state with this power can bombard critical infrastructure through increasingly sophisticated variations of attacks, sabotaging core services using attacks derived from Stuxnet and Duqu.
This is a potential issue that that many in the industry are already concerned with. Work is currently being done at the CA/B Forum to strengthen validation practices and help to better regulate the activity of Certificate Authorities in order to prevent exactly this sort of situation.
The most critical risk comes from the fact that hackers could opt for the bigger target, the CAs themselves.
Certificate Authorities may be targeted as cyber weaponry. Cyber criminals sponsored by nation-states may find ways to exploit the trust models used to control communication between machines. The easiest way to accomplish this would be to attack or manipulate Certificate Authorities and the keys and certificates they issue. If successful, this exploit vector would allow cyber criminals to eavesdrop on a wide range of confidential communications, intercept and redirect encrypted traffic and target government watchdogs and human rights activists.
This is a scenario that could potentially be a disaster for everyone involved. Depending on how the CA is attacked, we could have anything from a few mis-issuances to the complete degradation of trust in PKI.
Browsers maintain trust stores that are filled with trusted root certificates from CAs. Your SSL certificate is trusted because it can be chained back to one of the roots in that trust store. If attackers could compromise the private key for a root certificate, it could create a situation where the CA’s roots have to be distrusted. That, in turn, would have a major impact on users as any SSL certificate chaining to the affected root would also be distrusted. Beyond that, this would be a fairly unprecedented issue that would require the browsers to act quickly in spite of the effect it would have on their users.
Suffice it to say, the whole thing would be a nightmare.
So here’s the multi-million dollar question: are the CAs ready?
We better hope so.