Certificate Authority Uncovers Old Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


Certificate Authority Uncovers Old Breach


Yet another CA is hacked, suspends issuing certificates -- and there likely will be more



Remember the Netherlands-based certificate authority DigiNotar that was hacked and then went out of business? Well, now the largest CA in the Netherlands, KPN/Getronics, also has been breached and, for now, has suspended issuing digital certificates.
KPN announced this week that it has suspended issuing certificates after discovering the breach of a PKI-related Web server with a distributed denial-of-service tool that apparently had been sitting on the server for at least four years.
The company said existing certificates are valid, but that the firm is having the potential breach investigated and halted issuing certificates as a precaution. Although there is no evidence that the production of the certificate is compromised, it can not be completely excluded that this did happen,
according to a Google translation of the statement
. Therefore, KPN Corporate Market (formerly Getronics) decided the application and issuance of new certificates temporarily discontinued, pending further investigation. This is to ensure that the certificates be issued optimal procedure is safe and reliable. KPN has replaced the web servers.
Interestingly,
KPN recently said it had picked up some of DigiNotars old customers
after that firm
went out of business
. DigiNotar filed for bankruptcy, and its parent company, VASCO, exited the CA business altogether.
Meanwhile, last week Malaysia-based CA reseller Digicert revoked some of its own digital certificates for security reasons, and Mozilla and Microsoft began blocking them.
With the string of CA breaches and the apparent targeting of CAs by Duqu, its a bad time to be a CA. Dave Marcus, director of security research and communications for McAfee, says the string of CAs getting attacked has major implications. This is turning into a big deal, he says. [Attackers] are going after CAs as an industry.
Marcus says this new trend in attacks goes after an entire trust model. Its not just the website aspect. Its part of the OS ... and the signing of drivers and files. People dont realize what a big deal this potentially is.
And there will be more, security experts predict.
One of the questions that should also be answered is how a DDoS tool went undetected for four years. However, as companies are ramping up internal security I fully expect to see more old breaches like this one uncovered, Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab,
said in blog post on Friday
.
Whats particularly interesting about KPNs statement is that it could be interpreted as them saying already issued certificates will remain valid (no matter what). KPN is a much bigger certificate authority than Diginotar. Possibly, people could be going into this with the idea of KPN being too big too fall.
A compromised CA and the bad guys issuing phony digital certificates isnt something organizations can easily defend against, either. Its not an update your DAT issue or make sure your firewall is configured a certain way issue, McAfees Marcus says. So much of the remediation lies outside the hands of the end user and the security company.
It also poses potential problems for whitelisting, he says. Driver-signing is a big portion of that, Marcus says. What if a whitelisted software driver actually has a rogue certificate, he says. There are big questions that have to be asked here.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Certificate Authority Uncovers Old Breach