Details have emerged as to how hackers managed to take down the entire DNS infrastructure of a Brazilian bank in order to rob customers in October of last year. By using certificates from Lets Encrypt, the thieves were able to transfer all 36 of the banks domains to phony websites, where unsuspecting users would give away their details. Kevin Bocek, Chief Cyber-Security Strategist at Venafi commented below.
Kevin Bocek, Chief Cyber-Security Strategist at Venafi:
“Cybercriminals can now steal money by taking advantage of the one security measure every Internet user has been trained to trust: the green padlock in web browsers. These padlocks are supposed to signify a trusted digital certificate is in use, but now bad actors can obtain them for free. This attack is part of a much larger problem that jeopardizes the system of trust behind all digital commerce. Security professionals don’t understand the scale and scope of this problem and they don’t have the tools they need to control it.”