SSL certificate acquisition for domain

Certificates are designed to instill trust. They include information about the key, information about its owner's identity, and the digital signature of an entity that has verified the certificate's contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner. Acquiring a certificate for a domain name similar to one that is expected to be trusted may allow an adversary to trick a user in to trusting the domain (e.g., vvachovia instead of Wachovia -- homoglyphs). [1] [2]

ID: T1337

Tactic: Establish & Maintain Infrastructure

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Defender can monitor for domains similar to popular sites (possibly leverage [https://www.alexa.com Alexa] top ''N'' lists as starting point).

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: SSL certificates are readily available at little to no cost.

References

  1. Ryan Singel. (2010, March 24). Law Enforcement Appliance Subverts SSL. Retrieved March 2, 2017.
  1. Bob Sullivan. (2000, July 24). PayPal alert! Beware the 'PaypaI' scam. Retrieved March 2, 2017.