Multiple Digital Certificate Attacks Affect 100% of UK Businesses

Multiple Digital Certificate Attacks Affect 100% of UK Businesses

All—as in 100%—of UK organizations have responded to multiple attacks on keys and certificates in the past two years.

The Ponemon Institute found that attacks are becoming more widespread as the number of keys and certificates deployed on infrastructure such as web servers, network appliances and cloud services has grown by 40% to almost 24,000 per enterprise over the past two years.

Russian cyber-criminals, for instance, recently stole digital certificates from one of the top five global banks, enabling them to steal 80 million records, while another attack allowed hackers to steal data from 4.5 million healthcare patients.

Despite the ubiquity of the attacks, a full 63% percent of organizations do not know where all keys and certificates are located or how they’re being used. But at least the attacks have led to a modicum of self-awareness: 60% of all surveyed respondents agreed that they need to do a better job at responding to vulnerabilities involving keys and certificates. And 54% noted that the trust established by keys and certificates that is necessary for online banking, shopping and government is in jeopardy.

"With the rising tide of attacks on keys and certificates, it’s important that enterprises really understand the grave financial consequences,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “We couldn’t run the world’s digital economy without the system of trust they create. [Organizations] need a wake-up call like this to realize they can no longer place blind trust in keys and certificates that are increasingly being misused by cybercriminals.”

Conducted in the United Kingdom, Australia, France, Germany, and the United States, the report highlights that over the next two years, the potential financial risk facing UK enterprises from attacks on keys and certificates is expected to reach at least £33 million.

As for security professionals specifically, they said that they fear a “Cryptoapocalypse” event the most. Coined by researchers at Black Hat 2013, a Cryptoapocalypse would dwarf Heartbleed in scope, complexity and time to remediate.

“Whether they realize it or not, every business and government relies upon cryptographic keys and digital certificates to operate,” said Kevin Bocek, vice president of security strategy and threat intelligence at report sponsor Venafi. “Without the trust established by keys and certificates, we’d be back to the Internet ‘stone age’—not knowing if a website, device or mobile application can be trusted.”


Iran blocks encrypted messaging apps amid nationwide protests

For the past six days, citizens have taken to the streets across Iran, protesting government oppression and the rising cost of goods. Video broadcasts from the country have shown increasingly intense clashes between protesters and riot police, with as many as 21 people estimated to have died since the protests began. But a complex fight ...

Bitcoin Exchange Has Been Forced to Close After Second Cyber-Attack

A South Korean Bitcoin exchange has been forced to close after suffering another major cyber-attack. Youbit claimed it was “very sorry” but has filed for bankruptcy after it suffered the cyber-attack, less than eight months after the first. In a statement in Korean on its homepage the firm said it had lost 17% of its ...

It is difficult for the FBI to crack most smartphone encryption

The FBI is struggling to decode private messages on phones and other mobile devices that could contain key criminal evidence, and the agency failed to access data more than half of the times it tried during the last fiscal year, FBI Director Christopher Wray told House lawmakers. Wray will testify at the House Judiciary Committee ...

Texas Church Shooting: More Calls for Encryption Backdoors

US Deputy Attorney General, Rod Rosenstein, has decided to use the recent mass shooting at a Texas church to reiterate calls for encryption backdoors to help law enforcers. The incident took place at the First Baptist Church in Sutherland Springs, killing at least 26 people. Deceased suspect Devin Kelley’s mobile phone is now in the ...