Online banking traffic: Fake SSL certificates deployed across the internet.
As a
forward-thinking IT leader with global operations, everyday ,Connectikpeople.co
observes amazing behaviors related to hacking and cyber-attacks.
Today, let us talk about the recent Netcraft report which underscores the Fake SSL certificates deployed across the internet phenomenon.
Connectikpeople.co can observes that dozens of fake SSL
certificates impersonating banks, ecommerce sites, ISPs and social networks
have been found.
According to Netcraft, some of these certificates may be used to carry out
man-in-the-middle attacks against the affected companies and their customers. Meaning
that, successful attacks would allow criminals to decrypt legitimate online
banking traffic before re-encrypting it and forwarding it to the bank. This
would leave both parties unaware that the attacker may have captured the
customer's authentication credentials, or manipulated the amount or recipient
of a money transfer.
The fake certificates bear common names (CNs) which match the hostnames of
their
targets (e.g. www.facebook.com).
Netcraft mentioned that, as the certificates are not signed by trusted certificate
authorities, none will be regarded as valid by mainstream web browser software;
however, an increasing amount of online banking traffic now originates from
apps and other non-browser software which may fail to adequately check the
validity of SSL certificates.
‘’Fake certificates alone are not enough to allow an attacker to carry out
a man-in-the-middle attack. He would also need to be in a position to eavesdrop
the network traffic flowing between the victim's mobile device and the servers
it communicates with. In practice, this means that an attacker would need to
share a network and internet connection with the victim, or would need to have
access to some system on the internet between the victim and the server.
Setting up a rogue wireless access point is one of the easiest ways for an
individual to carry out such attacks, as the attacker can easily monitor all
network traffic as well as influence the results of DNS lookups (for example,
making www.examplebank.com resolve to an IP address under his control)’’ said the report available in
full detail via this link: Fake SSL certificates deployed across the internet.