It’s frightening what criminals can buy on the dark web. But it’s even scarier that they may be buying your own security certificates to use against you. Venafi recently sponsored a six-month investigation into the sale of digital code signing certificates on the dark web. Conducted with the Cyber Security Research Institute (CSRI), our research revealed that not only are code signing certificates readily available for purchase on the dark web, they are selling for up to $1,200.
Freaky fact: this makes code signing certificates more expensive than the counterfeit U.S. passports, stolen credit cards and the handguns nefarious actors can also purchase on the dark web.
SSL/TLS Certificates and Their Prevalence on the Dark Web
Spooked enough to learn more about our investigation? Check out the infographic below. Forewarning, the results are scary!
“Our research proves that code signing certificates are lucrative targets for cyber criminals,” said Kevin Bocek, chief security strategist for Venafi. “With stolen code signing certificates, it’s nearly impossible for organizations to detect malicious software. In addition, code signing certificates can be sold many times over before their value begins to diminish, making them huge money makers for hackers and dark web merchants. All of this is fuelling the demand for stolen code signing certificates.”
Are you protecting your certificates from the dark web?
