Is the Entrust SSL certificate part of your security arsenal or are you a cybersecurity enthusiast?
Well, if that’s the case, you’re going to have a shock with this article.
Entrust has confirmed that it was the victim of a cyberattack, with threat actors compromising their networks and stealing data.
Guess that’s kind of shocking news, huh?
Not familiar with the Entrust SSL Certificate?
Entrust is a security company specializing in online trust and identity management, providing a variety of services such as encrypted communications, secure digital payments and identity solutions.
Many of you are probably wondering how this attack happened. What impact will this attack have on Entrust users, etc. ?
It’s time to get to work… without wasting a lot of time.
Have hackers broken into Entrust’s network?
A source said beeping computer About two weeks ago confider was hacked on June 18 and hackers stole corporate data in the cyberattack.
However, the breach was not officially announced until July 21, 2022, when security researcher Dominic Alvieri tweeted asscreenshot of a security advisory sent to Entrust customers on July 6.
June 18 Entrust security incident.
Entrust blog always on the bottom left and official release on your right.
— Dominic Alvieri (@AlvieriD) July 21, 2022
What did the Entrust letter say?
“I am writing to inform you that on June 18, we discovered that an unauthorized party had gained access to some of our internal operating systems.” “We have worked tirelessly to remedy this situation since then,” Entrust CEO Todd Wilkinson said in a security advisory.
“At this time, no indication has been found that this issue has affected the operation or safety of our products or services, although our investigation is ongoing.”
According to Entrust’s security advisory, the data was stolen from its internal systems. At this time, it is unclear whether the data is purely corporate or includes that of customers and suppliers.
It has been determined that some files have been extracted from our internal systems. Throughout our investigation, we will contact you directly if we discover any information that we believe will adversely affect the safety of the products and services we provide to your business. – Confide.
A well-known ransomware gang is behind the attack?
In double extortion schemes, ransomware gangs often steal data before launching their encryptors, so it’s unclear whether the devices were encrypted during the attack.
Vitali Kremez, CEO of AdvIntel, said a ransomware operation used compromised Entrust credentials to breach the company’s internal network.
During a conversation about the attack, Kremez told Bleeping Computer that the responsible group’s operation relied on the trusted network of network access vendors to gain initial access to Entrust environments.
If entrust doesn’t pay the ransom demand, we’ll likely find out which ransomware operation was behind the attack within days of the leaked data being released.
At this time, entrust has declined to answer questions or provide more information about this attack.
Let’s first look at some basics of how certificates work and what you as an IT professional/user can do to protect your business from these breaches.
How does a certificate work?
A certificate is required to establish an SSL connection. A certificate cannot be issued on its own because it would not be trustworthy.
Read also : Security Risk of Self-Signed SSL Certificates
An administrator creates a certificate signing request (CSR) to create a secure site. This document contains very specific information about the site they manage, their identity as an individual or company, and their contact details. After that, they send the request to a trusted certificate authority (in this case, Entrust SSL Certificate).
Once Entrust confirms that you are authorized to hold a certificate for this domain name, it will generate the signed certificate using its private key. Therefore, all popular web browsers can trust their certificate. This is called a certificate hierarchy.
Can a hacker exploit your Entrust SSL certificate?
If any of Entrust’s customer data is hacked and their private keys are released into the wild. This would allow the hacker to create a certificate for any website they want, and our browsers would accept it as valid. Additionally, they can create certificates for all purposes, including signing emails and encrypting VPN connections.
How does this attack work? Such a certificate could be exploited by hijacking traffic and inserting their fake certificate into a Man-in-the-Middle (MitM) attack.
As a user, how can you mitigate the potential threat?
Second, you can hope that entrust user data won’t be compromised by ransomware.
The Entrust breach may reoccur. Since hackers are now familiar with the environment, they never abandon the target. Despite this, you or your organization should not be vulnerable if such things are hacked.
It is recommended that you secure your website with leading and trusted certificate authorities such as DigiCert and Sectigo to reduce the possibility of such an issue affecting your website and your users.
*** This is a syndicated blog from the Security Bloggers Network of https.in Blog written by https.in Blog. Read the original post at: https://www.https.in/blog/entrust-ssl-certificate-ransomware-attack/