- Change TLS Certificates Regularly for Better Data Security.
- Counterfeit TLS certificates pose a huge security risk.
- Fraudulent certificates issued in the name of real services could be used to support phishing scams. Fake certs may also be used to decrypt traffic via a MiTM(man-in-the-middle) attack.
Previously, researchers suspected that many SSL certs were in fact stolen.
Recorded Future found four main vendors of TLS certificates in recent years.
Three remain active two of which catering to Russian speakers.
The vendors all appear to operate a unique market: Buyers specify what they need, and the vendors obtain the certs, registered fraudulently using legit details.
The counterfeit certs are obtained from a range of legit CAs, including Comodo, Symantec as well as Thawte all are a part of Symantec Corp.