Cybersecurity Roundup August 2023

SSL.com’s Takeaway: The new feature is a significant step towards enhancing browser security, but it also highlights the ongoing struggle against malicious extensions. These extensions are produced rapidly, often reappearing under new names after removal. While Google’s new feature will help users identify malicious extensions, it’s a reactive measure that kicks in after the extension has already been installed and potentially done damage.

Users should proactively vet extensions before installing them by checking reviews, developer reputation, and permissions required. Employing additional security software that scans for browser vulnerabilities can also add an extra layer of protection.

SSL.com’s Takeaway: Using a non-government domain for such a critical civic duty can be very problematic where phishing and online scams are rampant. The confusion undermines trust in the electoral process and presents a ripe opportunity for cybercriminals to exploit the situation. The issue is exacerbated by a time-sensitive requirement to respond that imposes penalties. Scammers and cybercriminals can leverage this sense of urgency in their malicious messaging.

The UK government should consider migrating the service to a .gov.uk domain to eliminate confusion and enhance trust. 

Aside from migrating to a .gov.uk domain, implementing an Extended Validation (EV) SSL certificate on the UK government’s voter registration website can significantly alleviate the concerns raised. The main issue at hand is the confusion and suspicion surrounding the site’s authenticity, which makes it susceptible to phishing attacks. When a user clicks the lock icon on an internet browser’s address bar, an Extended Validation (EV) SSL certificate, with its rigorous verification process, would display the validated name of the organization which owns the website, assuring users of the site’s legitimacy. This would serve as a powerful deterrent against scammers attempting to exploit the confusion by creating fraudulent versions of the website. 

SSL.com’s Takeaway: The breach at Kadaster is a glaring example of how poor cybersecurity measures can have far-reaching implications. Not only does it expose citizens to potential criminal activities, but it also puts vulnerable groups like journalists, activists, and politicians at risk. The fact that the service was intended for professionals but was easily exploitable shows a lack of foresight in security design. This is not an isolated incident; similar vulnerabilities have been exploited in other governmental databases, leading to real-world consequences like the murder of a lawyer who was defending a key witness. 

Immediate steps should be taken to rigorously vet the credentials of those applying for professional accounts. Multi-factor authentication and periodic security audits can further strengthen the system. Public awareness campaigns should also be launched to educate citizens on protecting themselves after such breaches. 

A client authentication certificate could also significantly mitigate the security issue at the Dutch land registry. This certificate would enhance security by requiring individuals, including real estate professionals, to not only provide their regular login credentials but also present a valid client certificate issued by a trusted certificate authority.  

This certificate would be granted only after a rigorous identity verification process, ensuring that the person requesting access is genuinely who they claim to be. By adding this layer of authentication, Kadaster could implement stricter access controls, limiting access to only those with valid certificates.

SSL.com’s Takeaway: The targeting of Airbnb accounts is a concerning development in cybercrime. With over 7 million global listings in 100,000 active cities, Airbnb presents a lucrative opportunity for hackers. The breach jeopardizes hosts’ and guests’ financial and personal information and poses property risks. The use of “account checkers” and the sale of discounted services indicate a mature, organized cybercrime ecosystem that is capitalizing on vulnerabilities in Airbnb’s security measures. 

Airbnb must ramp up its security protocols, possibly incorporating multi-factor authentication and rigorous monitoring of suspicious activities. Users should be educated about the risks, advised to change their passwords regularly, and remain cautious of phishing attempts.

Public Key Infrastructure (PKI) can also play a role in addressing the security issues faced by Airbnb and its users. PKI is a framework that uses digital certificates, public and private keys, and certificate authorities to ensure secure communication and identity verification. Here’s how PKI can help in this context: 

• SSL/TLS Certificates: Airbnb should use SSL/TLS certificates to encrypt communication between users’ devices and their servers. This would protect users’ login credentials and data during transmission, making it more difficult for attackers to intercept sensitive information. 
• Email Signing and Encryption: Airbnb can use PKI-based email signing and encryption to ensure that communication sent to users is authentic and secure. This helps in mitigating phishing attacks where attackers impersonate Airbnb via email. 
• Digital Identity Verification: Airbnb could implement a digital identity verification system using PKI. Users would need to undergo a robust identity verification process to create and access their accounts. This could deter cybercriminals from creating fake accounts. 
• Certificate-Based Access Control: Airbnb can employ client authentication certificates for access control, allowing only administrators to access critical systems . This would make it extremely difficult for attackers to gain unauthorized access even if they have stolen login credentials.