Cybersecurity Roundup July 2022

Machine Identities Are Critical for Cybersecurity 

In today’s connected world, robots, intelligent machines, and various automated devices outnumber humans using the Internet. While multiple layers of security are built into networks, a major component is the level of digital trust applied to validating identity. While it is a known process for humans, validating machines is more challenging. 

According to a recent article in SC Magazine, with the number of devices on the net, security certificate management is a complex initiative unless organizations implement a unified methodology ensuring security certificates stay valid and up to date.

The article is derived from a poll administered by the Ponemon Institute, which surveyed more than 1200 security professionals dispersed over multiple industries. 

The article indicates that over 80% of the respondents experienced multiple operational disruptions due to expired certificates. While the level of security  protection was good, once a certificate expires devices in question are typically taken off line, till remediation can take place.  The mitigation process to restore can take over 3 hours once it’s identified. The process disrupts operations, which is costly.

Machine identities rely on digital certificates, and encryption technology deployed through SSL/TLS Certificates with an ongoing emphasis on PKI. 

Security researchers predict that device security compromises will increase. Most of the issues will be related to a lack of good certificate management. With  > 100 billion IoT devices connected to the internet, security organizations must consider a certificate management platform. 

  SSL.com has tools, partners and processes to help mitigate and reduce operational downtime due to untimely expirations. 

SSL.com Response SSL.com is very active in securing IoT devices with a suite of solutions designed for various devices and configurations. SSL.com provides:
  1. Custom Certificate Solutions
  2. Hosted PKI and Branded Subordinate/Issuing CA
  3. SSL Web Services (SWS) API
  4. Client Authentication Certificates
  5. ACME: SSL.com endorses and recommends using the ACME protocol for certificate lifecycle automation.  


For additional information, please refer to the following article: Securing the Internet of Things (IoT) with SSL/TLS – SSL.com

Reports of Malware Disguised as Productivity Apps Are Showing Up in The Google Play Store

Trend Micro recently reported that malicious dropper apps are appearing in The Google Play Store disguised as business productivity apps. Unfortunately, the apps slipped through Google’s security screening and are droppers for privacy-invading malware, trojans, and keyloggers. Once downloaded, the malware embeds itself on the endpoint device and collects and transmits private user data to its home base.

The apps have allegedly been removed from the Play Store but may persist on personal devices. According to an online report in The Hacker News, Cybercriminals are becoming more adept at evading detection while infecting as many devices as possible.  The apps are: SSL.com Response

While Google has its own approval process for submitting apps into The Play Store, SSL.com offers the ability to secure code from tampering through Code Signing with a verified globally trusted identity. SSL.com code signing certificates can be enabled for remote cloud signing. 

Additional information is available here: https://www.ssl.com/certificates/ev-code-signing/ . 

Schools Are Not Immune to Ransomware Attacks

Infosecurity-Magazine.com recently reported a ransomware attack targeting an Upper School in Bedfordshire, England. The attack had little impact on operations, however the compromise of student data was problematic. A ransom has been demanded and authorities are calculating their next move. The attack brought to attention widespread technology vulnerabilities, which will be reviewed in the upcoming months. 

According to Palo Alto Networks Unit 42 Threat Report, ransomware attacks increased by 144% between 2020 and 2021. The trend points to higher numbers in 2022 once the year ends. Threat actors are increasing their coverage and demands with new victims being identified every four hours. 

Additional information can be found here:  https://www.infosecurity-magazine.com/news/ransomware-group-500000-school/

SSL.com Response Most ransomware attacks originate through malicious email attachments and unauthorized weblinks. SSL.com offers S/MIME and ClientAuth certificates to protect against such actions. 

Our S/MIME (Secure/Multipurpose internet Mail Extensions) certificates can be used by organizations to encrypt email communications internally among colleagues and externally with clients and partners. Their use prevents debilitating cyber attacks including email tampering, phishing, pharming, CEO Identity fraud, corporate impersonation, and leaks of sensitive data.

Our ClientAuth certificates shield sensitive data and digital assets from malicious actors by ensuring that only verified individuals or organizations are granted access.

SSL.com, is a Certificate Authority, providing a vital role in internet security. Our products and solutions were developed under the guidance of the Certificate Authority/Browser Forum and Cloud Signature Alliance to meet the changing needs of our customers, partners, and international communities.  In addition to creating encryption solutions SSL.com is a Digital Trust organization focused on creating a chain of trust for document digital signing, code signing, web security and encrypted email.   

Ask about SSL.com complete product suite, contact sales@ssl.com or call toll free 877-775-7328:

SSL.com Reminders

OV & IV Code Signing Key Storage Requirements are Changing Effective November 1, 2022 OV & IV Code Signing Certificates will be issued on Yubico USB Tokens or available via the SSL.com eSigner cloud signing service.  Additional information on this change can be found on the  CA/Browser Forum website

Learn more about the SSL.com eSigner solution: https://www.ssl.com/esigner/

Organizational Unit Field for SSL/TLS Certificates is Being Deprecated August 1, 2022, SSL.com discontinued the use of the Organizational Unit field. This is in response to new guidelines ratified by the CA/Browser Forum. Learn more about this announcement:  https://www.ssl.com/article/organizational-unit-ou-field-to-be-deprecated-by-ssl-com/

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.