TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Fighting Back Against Phishing and Fraud—Part 2

2019-01-31 · Read original ↗

ATT&CK techniques detected

4 predictions
T1588.004Digital Certificates
68%
“in - the - middle attacks, and facilitate phishing attacks. figure 4. examples of tools, protocols, and methods useful in combatting phishing ( presented within the nist cybersecurity framework ( csf ) ). what is certificate transparency? certificate transparency ( ct ) is a meth…”
T1588.003Code Signing Certificates
66%
“lower prices to consumers. but it also makes the system prone to abuse — and confusing for website visitors. should i, for example, trust the paypal. com certificate that was created by digicert or let ’ s encrypt? both are cryptographically signed and, therefore, both are totall…”
T1588.004Digital Certificates
63%
“unauthorised certificates and certs generated with suspicious extensions such as “ certificate authority ” certificates, ( for example, “ root ” ). certificate auditors use cryptographic methods to ensure that certificates are only ever added to the logs and that deletions from t…”
T1588.004Digital Certificates
33%
“google ' s chrome web browser marks a site as insecure if an ev certificate is presented by a web server that does not exist in the ct logs. today, however, many certificate authorities, including let ’ s encrypt, choose to publish all their domain validation ( dv ) certs into th…”

Summary

How certificate transparency can help you spot fraudulently registered TLS certificates that exploit your domain or brand name.