Let’s Encrypt has launched multi-perspective domain validation, a new feature that aims to bolster network security by limiting the ability of cybercriminals to trick Certificate Authorities into mis-issuing certificates.
We are coming up on 1 *BILLION* certificates issued by the Let's Encrypt certificate authority. Each certificate, free to get, and carrying out the mission of a more privacy-respecting Web. We are 1 billion, and we have just begun. Join us! pic.twitter.com/3RqkP1yjee
— Let's Encrypt (@letsencrypt) February 21, 2020
It’s great to see Let’s Encrypt increase the level of validation they use to better demonstrate ownership and control of a domain. However, we know that tens of thousands of Let’s Encrypt certificates are used by cyber attackers every day to make their phishing attacks more credible.
It’s easy for many businesses to assume that if they don’t use Let’s Encrypt certificates this isn’t their problem, but that’s not the case. Attackers can still get Let’s Encrypt certificates that look like any domain in seconds. The only way organisations can protect themselves is by having complete visibility over all the TLS certificates across the entire internet.