Unknown: A rise has been seen in the past week of threat actors purchasing digital certificates and then reselling them on the darknet. By impersonating company executives, the actors manage to trick digital certificate authorities into believing that the certificates being sold are for legitimate reasons. After the certificates are purchased, actors are selling them online to others, allowing them to set up the certificate to carry out attacks. The presence of having a digital certificate can lower the chance that an antivirus would pick up the website as malicious. A preferred target for the actors to impersonate would be someone that is well known in their industry, which would make them easier to verify and easier for the attackers to dupe the systems that are in place to prevent this type of fraud from occurring. Adware was the main type of malware being distributed with these fraudulent certificates but that does not mean other attackers will not begin to distribute other types.
Analyst Notes
Digital certificates have a system in place to try and prevent this type of fraud, but with the actors having a knowledge of who to use to sign up for them, it makes it easier for them to do so. Even if a website does pass an antivirus scan and is believed to be clean, there is always the possibility that it is not. Being vigilant in web browsing can help prevent falling victim to these types of scams and never clicking on unknown links will help prevent users from visiting these types of websites.
