Criminals are abusing Let’s Encrypt Certificates
TLDR
How can You Prevent Yourself From Such Attacks?
Trend Micro has reached out to both the Let’s Encrypt project, and the legitimate domain’s owner to notify them about the malvertising campaign.
And Here’s your take:
- Users should be aware that a ‘secure’ website is not always or necessarily a safe website, and the best defense against exploit kits is still an easy go, i.e.:
- Always keep your software up-to-date to minimize the number of vulnerabilities that may be exploited by cyber criminals.
- For online advertisement brokers, an approach would be to implement internal controls to stop malicious advertisements.
Source: Hackers Install Free SSL Certs from Let’s Encrypt On Malicious Web Sites | The Hacker News