Certificate authorities aren’t scrutinizing who gets their SSL certificates, and now a large number of phishing sites have legitimate certificates, said Netcraft.
Netcraft has blocked phishing attacks on more than 47,500 sites with a valid TLS certificate between 1st January and 31st March 2017. On 19,700 of these, Netcraft blocked the whole site rather than a specific subdirectory. 61% of the sites that were entirely blocked were using certificates issued by Let's Encrypt, and 36% by Comodo.
Le autorità di certificazione non esaminano chi ottiene i loro certificati SSL, e ora un gran numero di siti di phishing hanno certificati legittimi, ha affermato Netcraft.
Netcraft ha bloccato gli attacchi di phishing su oltre 47.500 siti con un certificato TLS valido tra il 1 ° Gennaio e il 31 Marzo 2017. Su 19.700 di questi, Netcraft ha bloccato l'intero sito anziché una sottodirectory specifica. Il 61% dei siti completamente bloccati utilizzava i certificati emessi da Let's Encrypt e il 36% da Comodo.
Reference
https://news.netcraft.com/archives/2017/04/12/lets-encrypt-and-comodo-issue-thousands-of-certificates-for-phishing.html
https://www.infoworld.com/article/2992605/security/phishing-sites-exploit-trust-in-valid-ssl-certificates.html
https://www.scmagazineuk.com/ssl-encrypted-malware-doubles-this-year-phishing-over-ssltls-up-400/article/679607/
Nessun commento:
Posta un commento