Is the Entrust SSL Certificate a part of your security arsenal or are you an enthusiast for cybersecurity?

Voilà, if that’s the case, you’re in for a shock with this article.

Entrust confirmed it had been the victim of a cyber-attack, with threat actors compromising their networks and stealing data.

I guess it’s a bit of shocking news, huh?

Are you unfamiliar with the Entrust SSL Certificate?

Entrust is a security firm that specializes in online trust and identity management, providing a variety of services such as encrypted communications, secure digital payments, and identity solutions.

Many of you are probably wondering how this attack happened. What impact will this attack have on Entrust users, etc.?

It’s time to get down to business… without wasting much of your time.

Did hackers break into Entrust’s network?

A source told Bleeping Computer about two weeks ago that entrust breached on June 18th and that hackers stole corporate data during the cyberattack.

However, the breach was not officially announced until July 21st, 2022, when security researcher Dominic Alvieri tweeted a screenshot of a security notice sent to Entrust’s customers on July 6th.

Entrust security incident dated June 18th.

Entrust blog still down on your left and official statement on your right.

No one seen taking credit to date.@Entrust_Corp #cybersecurity #infosec @Cyberknow20 @GossiTheDog @campuscodi @vxunderground @FBI pic.twitter.com/m54y0x1CIJ

— Dominic Alvieri (@AlvieriD) July 21, 2022

What did the Entrust Letter Say?

“I am writing to inform you that on June 18, we discovered that an unauthorized party gained access to certain of our internal operations systems.” “We have been working tirelessly to rectify this situation since that time,” says Entrust CEO Todd Wilkinson in a security notice.

“As of now, no indication has been found that this issue has affected the operation or security of our products or services, although our investigation is ongoing.”

According to Entrust’s security notice, the data has been stolen from its internal systems. At this time, it is unclear if the data is purely corporate or includes those of customers and vendors.

It has been determined that some files were taken from our internal systems. Throughout our investigation, we will reach out directly to you if we discover information that we believe will adversely affect the security of the products and services we provide to your company.” – Entrust.

A well-known ransomware gang is behind the attack?

In double-extortion schemes, ransomware gangs often steal data before they launch their encryptors, so it is unclear whether devices were encrypted during the attack.

Vitali Kremez, AdvIntel’s CEO, said a ransomware operation used compromised Entrust credentials to breach the company’s internal network.

During a conversation about the attack, Kremez told Bleeping Computer that the responsible group operation relied on the trusted network of network access sellers to obtain initial access to Entrust environments.

If entrust doesn’t pay the ransom request, we will likely find out what ransomware operation was behind the attack in the days after they publish the stolen data.

As of right now, entrust has refused to answer any questions or provide more information on this attack.

Let’s first know some basics on how certificates work and what you as an IT professional/user can do to protect your company from these breaches.

How does a certificate work?

A certificate is required to establish an SSL connection. A certificate cannot be issued on its own because it would be untrustworthy.

Also read: Self-Signed SSL Certificate Security Risk

An administrator creates a Certificate Signing Request (CSR) to create a secure site. This document contains very specific information about the site they run, their identity as an individual or company, and their contact details. After that, they send the request to a trusted Certificate Authority (in this case, Entrust SSL Certificate).

Once Entrust confirms that you are authorized to hold a certificate for that domain name, it will generate the signed certificate using its private key. Therefore, all popular web browsers can trust their certificate. It’s called a Certificate Hierarchy.

Can a hacker exploit your Entrust SSL Certificate?

If any of entrust’s customer data gets breached and their private keys are released into the wild. This would enable the hacker to create a certificate for any website they want, and our browsers would accept it as valid. In addition, they can create certificates for any purpose, including signing emails and encrypting VPN connections.

How does this attack work? Such a certificate could be exploited by hacking traffic and inserting their fake certificate in a Man-in-the-Middle (MitM) attack.

As a user, how can you mitigate the possible threat?

Meanwhile, some things can be done. First, you can switch to trusted Certificate Authorities like DigiCert, Sectigo, Geotrust, Rapid SSL, Thawte, etc.

As a second, you can hope that entrust’s users’ data is not compromised by ransomware.

Conclusion:

The Entrust breach can occur again. Since hackers are now familiar with the environment, they never give up on the target. Despite this, you or your organization don’t have to be vulnerable if such things are hacked.

It is recommended that you secure your website with top & trusted Certificate authorities like DigiCert & Sectigo to reduce the possibility of such an issue affecting your website and your users.

The post Did a Hacker Break into the Entrust Network? appeared first on https.in Blog.

*** This is a Security Bloggers Network syndicated blog from https.in Blog authored by https.in Blog. Read the original post at: https://www.https.in/blog/entrust-ssl-certificate-ransomware-attack/