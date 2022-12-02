The major web browsers, including Microsoft Edge and Mozilla Firefox, have announced that they will stop using certificates from TrustCor Systems – a certificate authority (CA) used by many Big Tech companies – due to its ties with a US military contractor. With CAs like TrustCor playing a highly trusted role in securing the internet ecosystem, Mozilla cited concerns around the CA and its affiliations to an organization engaged in the distribution of malware. Many other major tech companies are expected to follow suit and drop TrustCor.
When considering security, one of the areas that is still not given due focus by many organizations is Certificate Authorities (CAs). CAs are / should be a key component in any corporate security strategy as they are machine identity enablers. A root CA is the most significant piece in that hierarchy as it holds the potential to impact the security and the trust of the entire certification hierarchy due to any abuse or compromise. This view needs to be factored in when organizations conduct threat modeling or assessments.
Additionally, there can be also compliance implications if there are weak or non-existent checks and balances in place for ensuring the security of a CA. What is more alarming is that CA compromise has been found to be achieved using living-off-the-land (LOTL) techniques and tools. LOTL attacks are problematic from a detection standpoint and are an incident response (IR) nightmare. As root CAs pose a cascading risk, they have been a favorable target of nation state APT actors aiming to mount a crippling attack.