2012-06-15
By staff reporter
Analysis of the sophisticated malware program Flame has further underlined the considerable security risk posed by malware of this kind. According to network security firm, Venafi, until organisations find and replace all of the MD5 certificates on their networks, which are virtual open doors, they are going to continue to be hit with this emerging type of certificate-based attack. A digital certificate is a digital ID that is used for two fundamental purposes. Certificates authenticate one machine to another and they encrypt the traffic that flows between the two machines. They are the security backbone of almost everything that happens on the Internet.
Venafi analysed the networks of over 450 Global 2000 organisations and believes 17.4% of certificates in to be signed with unsafe, hackable, MD5 algorithms. Certificates exactly like the ones compromised as part of the Flame malware are used everywhere in organisations worldwide today and are vulnerable to the same compromise.
“We have seen a growing wave of attacks that compromise certificates as a fundamental strategy. First Stuxnet, DuQu, the CA compromises - Comodo, StartSSL, DigiNotar and now Flame prove that this is going to continue, says Venafi’s head of europe Calum MacLeod.
Every MD5 certificate on a network is an open door. Organisations need to find and replace them immediately, otherwise they will be breached, it’s that simple.
"Why would anyone use MD5? Because they don’t understand the critical nature of certificates and their responsibility to manage them accordingly,” he adds.
Through Flame, which has even got the best of Microsoft, that certificates using MD5 are available to be compromised and remanufactured fraudulently has now been exposed as a major cyber risk. Microsoft closed the door they had opened because they used MD5 based certificates.
“I often wonder why something so fundamental as knowing which certificates are active on the network, understanding their attributes, and managing the keys associated with the certificates is not a top priority - especially when managing these instruments radically reduces the vulnerability,” says MacLeod.
