Recent reports from security company Lookout reveal that the United Nations and several humanitarian aid organisations, including UNICEF and UN World Food, have been targeted by a phishing campaign.
The campaign uses convincing landing pages signed by SSL certificates to create legitimate-looking Microsoft Office 365 login pages, and attempts to trick UN officials into revealing their login and password credentials.
The security company reports that these fake pages are able to respond according to whether the user is on a computer or a mobile device, delivering specific content to suit the browser being used, meanwhile browsers on mobile make it difficult for viewers to recognize that the site is fake by truncating them.
On learning of these worrying reports, Kevin Bocek, VP security strategy & threat intelligence, Venafi advises:
“These latest attacks targeting United Nations and global charity websites use TLS certificates to make malicious domains appear legitimate, they take advantage of the implicit trust users have in the green padlock created by TLS certificates. Internet users have been trained to look for a green padlock when they visit websites, and bad actors are using SSL/TLS certificates to impersonate all kinds of organizations.
“This may appear sophisticated, but these kinds of phishing attacks are very common. For example, in 2017, security researchers uncovered over 15,000 certificates containing the word ‘PayPal’ that were being used in attacks. And in June, the FBI issued a warning stating that the green padlock on websites doesn’t mean the domain is trustworthy and safe from cyber criminals.
“In order to protect businesses and users, security teams must identify all the legitimate TLS certificates on their own networks. They also need to identify fraudulent certificates issued by attackers that are being used to impersonate their organization. Technologies like certificate transparency and certificate reputation can definitely help, but as the number of certificates issued every day continues to skyrocket, more help is definitely needed.”