KPN has become the latest company to halt its SSL certificate operations following the discovery of a security breach – in this case, an intrusion that took place four years ago and remained undetected.
On Friday, KPN said it would temporarily stop issuing certificates while it carries out an investigation, the results of which are expected early this week.
False SSL certificates could be used to trick a user into revealing sensitive data via a website that appears to be secure.
“During an investigation into the SSL web server, evidence was detected that could indicate an incident four years ago,” KPN said in a statement.
The intruders appeared to have intended to make use of the server to launch distributed denial of service (DDoS) attacks against other organisations, KPN said.
“Although there is no evidence that certificate production was compromised, it cannot be completely excluded that this may have happened,” KPN stated.
The company said it has replaced the affected web servers and has brought in independent investigators who are looking into the matter, with the oversight of the Dutch government.
The incident follows security breaches at several SSL certificate authorities (CA) this year, including DigiNotar, another Dutch firm, which resulted in the issuance of at least 500 false certificates for websites such as Gmail, Skype, Adobe, the CIA, MI6, Facebook, Twitter, Tor, WordPress, Mossad, AOL and LogMeIn.
Many web browser makers removed DigiNotar from their lists of trusted authorities and the company itself filed for bankruptcy in September as a result of the attack.
Ironically, KPN said at the time that it had seen a boost in its own certificates business as a result of the DigiNotar attack.
Level of cyberthreats revealed, after BT says it spots 2,000 signals of potential cyberattacks every…
The British competition regulator has provisionally found competition concerns over Vodafone’s planned merger with Three…
Post Activision - Microsoft Gaming confirms it will axe 650 employees, after thousands of job…
Billionaire Jared Isaacman and SpaceX’s Sarah Gillis become first non-professional astronauts to carry out risky…
Data centres in the UK are to designated as Critical National Infrastructure (CNI), alongside energy…
Google's protection of EU users' personal data when training its AI model, is under investigation…