What was the Role of Rogue Certificates in the Kaseya VSA Attack?
Vložit
- čas přidán 26. 07. 2024
- A recent ransomware attack could have been avoided by better certificate hygiene.
Our inventory software for cryptography can help you clean up your certificate stores. Find out more here: cryptosense.com/analyzer/mach...
References:
- David Maimon talk at RSA 2020: The Modus Operandi of EV Certificates Fraudsters: Findings from the Field published-prd.lanyonevents.co...[…]v-certificates-fraudsters-findings-from-the-field.pdf
- Sophos Description of the Kaseya VSA Attack news.sophos.com/en-us/2021/07...
- VSA Exploit agent on Virus Total www.virustotal.com/gui/file/d...
- Avoiding Rogue Certificates: cryptosense.com/blog/when-cer...
/////
Find out more about Cryptosense: cryptosense.com/
Follow us on Twitter: / cryptosense
/////
Cryptosense CEO Dr. Graham Steel was formerly an academic researcher before founding Cryptosense in 2013. His cryptography expertise is the basis for the company's 'Analyzer' technology which allows customers to protect themselves against losing sensitive data. - Věda a technologie
I enjoyed the story about buying illegitimate certificates on Tor :)
There is still an element of supposition here ref. Maimon and the correlation between that an the Kaseya attack.
What we know thanks to Maimon is that it's quite possible to find an actor on the dark web who can get an EV TLS certificate for you, which requires very similar checks to a code signing cert. For the particular certificate used in the Kaseya attack, the CA must have a paper trail explaining why they issued that cert, but I guess we'll only get to see it if the case goes to a court of law.
The only rogue I see here is Graham the dashing rogue!
The 'Avoiding Rogue Certificates' link seem broken.