Venafi has discovered over 100,000 typosquatted domains with legitimate TLS certificates that appear to be aimed at large traders, a company that allows organizations to protect cryptographic keys and virtual certificates.
Venafi has been analyzing lookalike domains with 20 major retailers in the United States, Australia, Germany and France during the summer shopping season.
The analysis resulted in 109,045 lookalike domains using valid TLS certificates to make them more reliable. This is over double the year before, and the company has pointed out that only fewer than 20,000 valid retail domain certificates have been released.
Of 109,000 typo squata domains, almost 84,000 target retailers are located in the U.S., and almost 50,000 of them represent one of the largest retailers in the world. In the U.K., Venafi discovers about 14,000 fraudulent distributor domain certificates.
The company also found approximately 7000 false domain certificates for retailers in Germany, 3500 for Australian retailers and 1500 for French retailers.
“Some of these URLs may serve a legitimate purpose, but many may be used for malicious purposes by attackers. We believe that the size of these sites is a strong indicator of the fact that many are used for malicious purposes, particularly as we are so close to shopping, “said Jing Xie, senior Venafi intelligence threats researcher in SecurityWeek.
Xie added, “While our research did not analyze the threats associated with those domains, we are aware that look alike domains are often used to attack phishing and distribute malware. Security researchers, for instance, found that many certificates containing’ Paypal’ were used in phishing websites back in 2017. It is reasonable to assume that hackers use similar tactic with other retail domains. “In addition, 60 percent of the typo domains that have a valid TLS certificate got a Let’s Encrypt free certificate. The Let’s Encrypt Certificate Authority’s objective is to make the web more secure by providing website owners with free digital certificates to encode traffic using them. However, its services are often maliciously abused.
According to Venafi, 85% of the lookalike domains for German retailers have issued Let’s Encrypt certificates.
Source : HackerCombat