Not Secure?

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Throughout 2019, the folks at CIP noticed some correlations between Not Secure websites and breaches. The ransomware attack on Travelex, a $3 billion FX entity on the 31 December 2019, revealed that their Homepage was displaying Not Secure in the address bar due apparently to their use of an invalid digital certificate.

Further research validated that assumption.

As a firm of Public Key Infrastructure experts, CIP knew that numerous cyberattacks were utilizing weak PKI management, revoked, expired, sanctioned, even fake digital certificates.

How?

Because CIP scans those sites to determine the currency and credibility of their digital certificates. Their beacon is the same beacon that draws the attention of cyber attackers, the URL declaring Not Secure.

Throughout 2019, CIP’s observations started crystalizing and the ransomware attack on Travelex, a $3 billion FX entity on December 31st, 2019 cemented and confirmed their thesis as the Travelex Homepage was displaying the Not Secure warning in their address bar due to use of an invalid digital certificate.

What is a Not Secure Website?

A Not Secure website indicates that the website is unauthenticated, that any data on the site lacks integrity and any data in flight, to and from the server, is unencrypted.

This means data is displayed in plain text as opposed to cipher text.

When a certificate is invalid, it defaults the website status to Not Secure, and there can be many reasons. These include misconfiguration, expired certifications, HTTP to HTTPS redirection error, Port 443 closed and only using Port 80 and so on.

Is there a connection between cybersecurity breaches and Not Secure websites?

During 2020, CIP continued researching hundreds of cyberattacks, and after examining forensics from 1,000 cyber and ransomware attacks, 100% of the victims were found to be maintaining suboptimal websites, servers and website application interfaces.

In response, CIP developed the Whitethorn Shield, a product that examines the Public Key Infrastructure (PKI) element of domains and subdomains. That visibility includes all digital certificates, certificate chains and their validity and sequence. In addition, the Whitethorn Shield reviews the entire website configuration from Content Security Policy (CSP) to HSTS

Read more