Increasingly, malware is being designed specifically to steal SSL/TLS keys and certificates for use in communications fraud and data exfiltration. For example, Advanced Persistent Threat (APT) operators exploiting Heartbleed malware stole digital keys and certificates that resulted in a breach of 4.5 million Community Health System (CHS) patient records. The Heartbleed exploit was used against a system behind the CHS firewall to expand the attack to reach these highly regulated patient records.
Heartbleed remediation requires that all keys and certificates be replaced, not just for a system to be patched. Incomplete remediation means that business and government services can be spoofed with the trust that a valid digital certificate provides, and sensitive communications can be decrypted.
To protect against advanced persistent malware, organizations need to identify all systems using SSL/TLS, install new keys and certificates on servers, revoke vulnerable certificates, and validate new keys and certificates are installed and working.
