Cybercrime and TLS Cybercrime and TLS Phishing Browsers
Cybercrime and TLS
Cybercrime and TLS Phishing, Browsers and Let’s Encrypt Dmitry Belyavskiy, Technical Centre of Internet Kyiv, Ukraine UADOM-2017 December 1, 2017
TLS trends Free certificates New standards Browser warnings TLS traffic > 55% Cybercrime, botnets, etc: > 30%
0 03 011. 20 04. 0. 16 20 0. 01. 16 2 05. 01. 16 200 06. 41. 16 2 57. 42 16 30 68 42 1 2 4 64 42 4 67 42 5 70 42 5 73 42 6 76 42 7 79 42 5 82 42 6 85 42 6 88 42 7 91 42 7 94 42 8 97 43 9 00 43 9 04 0 Certificates for free! 250000 0 Source: https: //statdom. ru 200000 150000 100000 Comodo 50000 Let's Encrypt Comodo
Free certificates: bad news Phishing domains Normal domains
Pay. Pal phishing certificates Source: ww. bleepingcomputer. com/news/security/14 -766 -lets-encrypt-ssl-certificates-issued-to-paypal-p sites/ 6000 5000 4000 3000 2000 1000 01 20. 03 1. 016 20. 04 16. 01 20. 05 1. 016 20. 06 16. 42 5 3 8 42 6 4 1 42 6 4 4 42 6 5 7 42 7 5 0 42 7 6 3 42 7 7 6 0 Pay. Pal. *
Free certificates: balance Free wildcard certificates CA/Browser forum recommendations
Technical solutions CAs: CA/Browser’s Forum recommendations + Check “dangerous” names - Automatic issuance Browsers: + Warn users about suspicious names - False positives
Explain to users! Green lock means nothing Certificate DOES NOT mean secure site Certificate is significant for reputation DV certificates confirm only control over domain EV certificates confirm the domains owner Phishers use new technologies too
What can registries do? Sell more EV certificates! Educate users
Cybercrime and TLS Questions? beldmit@tcinet. ru
- Slides: 11