Security Experts:

New Service Alerts SSL Customers If Their Site Is Supporting Phishing Attacks

GlobalSign And Netcraft Partner To Launch Real-Time Phishing Attack Alerts

Certificate authority GlobalSign has partnered with Netcraft to alert customers in real-time if their websites are being used to support phishing attacks.

The GlobalSign Netcraft Phishing Alert service sends the certificate authority an alert if a GlobalSign customer's site is being used in a phishing attack, GlobalSign CEO Steven Waite told SecurityWeek Wednesday. GlobalSign notifies the customer so that the site can be remediated immediately and shut down the phishing attack.

Phishing AttacksNetcraft produces a continually updating phishing feed which is used by major Web browsers and security products to block phishing sites. Under the partnership, if Netcraft detects a phishing site is signed with a SSL certificate issued by GlobalSign, then Netcraft will notify GlobalSign as the first step in the alert process. GlobalSign would either notify the customer to take steps to secure the site or revoke the certificate, if it turns out the phishing URL was the legal owner of the certificate.

"Organizations are under constant threat of phishing and other cyberattacks and need to invest in technologies that keep them a step ahead of the threats," Waite said.

The company originally launched the service in August, and 2,000 phishing URLs using certificates issued to more than 70 GlobalSign customers were identified over a two-week period, Waite said. Customers were alerted immediately. Without the service, the customers would have remained unaware and the attacks would have continued, said Waite.

The phishing attacks are submitted to Netcraft's malicious URLs data feed via the Netcraft Toolbar community. Well over five million unique phishing sites have been detected and blocked by Netcraft since the list's inception, the company said.

Customers automatically get access to the real-time alerts, and there is no separate option to purchase or separate service to sign up for, Waite said.

Phishing attacks which use SSL certificates are "especially dangerous" as users have been to think the presence of a SSL certificate means the site is protected, said Mike Prettejohn, director of Netcraft. The partnership encourages certificate authorities to take responsibility for the sites they certify, Prettejohn said.

In July 2012 alone, Netcraft detected phishing attacks using 505 unique valid SSL certificates for a number of widely trusted issuers, according to a post on Netcraft's company blog.

While the majority of phishing attacks on the Web are on HTTP, the number of Websites with a valid SSL certificate has also increased, Netcraft said in a company blog post. In some cases, the attackers managed to obtain a legitimate certificate for malicious use. However, the more common scenario has attackers compromising some other Website in order to gain access to the certificate to use for their nefarious purposes.

Having access to timely, professionally validated alerts when phishing attacks occur is "operationally efficient and responsible" for certificate authorities, Netcraft said.

The real-time alert service gives customers "an opportunity to engage the attacker and wrest back control of their site before harm is done," the post said.

GlobalSign and Netcraft have been working together for years on various initiatives, Waite said, adding that he expects the two companies will be expanding the partnership into other areas as well.

Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.