Could a Flame-like Attack Burn Your Company?

Venafi, a Salt Lake City, Utah-based provider of enterprise key and certificate management solutions, has shared the results of scans performed on 450 Global 2000 companies, revealing that on average, nearly one in five digital security certificates deployed by the organizations rely on a technology that makes them open targets for Flame-, Stuxnet- and Duqu-style malware breaches.

“Digital certificates are a network security cornerstone and are deployed at enterprises of all sizes and within all industries,” Venafi explains. “Their primary purpose is to facilitate safe, secure and trusted communications between servers, applications, network systems, mobile devices and humans.”

According to Venafi’s numbers, nearly all Global 2000 organizations have deployed weak, easily-hacked MD5-signed certificates in their environments. MD5, Venafi says, is the broken certificate-signing algorithm used by Microsoft, which allowed hackers to bypass security measures and infect thousands of computers (mainly in the Middle East) with Flame malware.

While the Flame malware is widely speculated to be a targeted attack against Iran and possibly other nations in the Middle East, the same types of attacks could be used against enterprises in the United States and around the world. Because of this threat, Venafi suggests that enterprises proactively defend their global networks against breaches that result from weak security by locating and replacing all vulnerable, MD5-signed certificates.

Based on the scans conducted by Venafi, some networks had as many as 78 percent of their internal certificates signed with MD5. Additionally, 17.4 percent of all scanned internal and external certificates were signed with MD5.

“The risks are no longer hypothetical,” said Jeff Hudson, Venafi CEO. “MD5 certificates were the open door that allowed Flame to penetrate networks and gather information. Microsoft closed their door by issuing a security patch. Your door, however, remains wide open. Intrusion detection systems, firewalls, antivirus and other security measures do not address these open doors on your network. Organizations need to take specific action immediately to remove MD5.”

“Flame may have been a state-backed attack, but it demonstrated to cybercriminals that weak digital certificates can be used to easily infect computer systems with malware that can siphon off valuable information,” explained industry analyst Richard Stiennon. “Yesterday, it was Middle East governments under attack; right now, it could easily be private enterprises in the U.S. Anyone who says this is not a big deal is not watching closely enough.”

“One effect is that other malware authors can learn new techniques that they can incorporate into their own malware,” explained Wade Williamson of Palo Alto Networks in a recent SecurityWeek column. The problem, obviously, is that even if these malicious techniques are not hitting our networks today, they likely will in the future when repackaged into new malware.”