Unknown: A rise has been seen in the past week of threat actors purchasing digital certificates and then reselling them on the darknet. By impersonating company executives, the actors manage to trick digital certificate authorities into believing that the certificates being sold are for legitimate reasons. After the certificates are purchased, actors are selling them online to others, allowing them to set up the certificate to carry out attacks. The presence of having a digital certificate can lower the chance that an antivirus would pick up the website as malicious. A preferred target for the actors to impersonate would be someone that is well known in their industry, which would make them easier to verify and easier for the attackers to dupe the systems that are in place to prevent this type of fraud from occurring. Adware was the main type of malware being distributed with these fraudulent certificates but that does not mean other attackers will not begin to distribute other types.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is