N.J. cyber firm dials up online security study

How many phishing attacks were attempted in 2018? Try 482.5 million.

Over twice as many attempts as the prior year.

Roseland-based computer security company, Sectigo — formerly Comodo CA — sponsored a study conducted by the Georgia Institute of Technology Cyber Forensics Innovation Laboratory to determine correlation between online crime and sites with extended validation.

The lab studied 2.6 million certificates and concluded that a website with a company-branded address bar significantly decreases the chance of users falling victim to a malware or phishing attack and that the presence of an extended validation SSL certificate represents a 99.87% likelihood that the site such a certificate belongs to is not associated with common forms of online crime.

According to the study, EV certificates play a critical role in assuring visitors that the website is legitimate and safe, playing a role in online trust.

“Across (all the domains) with EV certificates that we studied, we found overwhelming evidence that (they) are highly indicative of a legitimate domain registered by a legitimate business,” said Brendan Saltaformaggio, professor and director of the CyFI Lab. “The probability that an EV SSL certificate is associated with a bad domain is less than 0.013%.”

A Sectigo subsidiary, website backup and recovery company CodeGuard, funded the study on a “no strings” basis, meaning CyFI was free to create, conduct and publish the study and conclusions independently.

Researchers at the CyFI Lab cross-correlated a global repository of web domains with EV certificates against an aggregation of web domains associated with malware, suspicious activity blacklists and underground marketplace communications to conduct the study.

To prevent cybercriminals from modifying data, SSL certificates create a secure communication tunnel by encrypting the data sent between two parties, whether that be a client and a server or between two servers. When an active SSL certificate is present, users see a padlock rather than a “Not Secure” warning.

“The presence of EV influences consumers’ perception of a brand or company,” said Tim Callan, senior fellow, Sectigo. “EV certificates are reliably authenticated using techniques that have proven effective through a decade of industrywide use.”