Thriving Dark Web Trade in Fake Security Certifications
Security researchers have discovered underground cybercrime sites selling cheating services, leaked courses and fake certificates to help unscrupulous individuals gain security qualifications and/or a leg up in their careers.
Dov Lerner, head of threat research at Cybersixgill, said in a new report out today that his team found fake CompTIA CySA+ diplomas, among other security-related certifications on the dark web. Given each legitimate cert possesses a unique serial number, these counterfeits should be easy to spot, he added.
However, other cheats may be more difficult to discern. Lerner said some dark web sellers offer buyers a way to cheat on exams from CompTIA, Cisco, Microsoft, Google, AWS and others, which allow candidates to take tests at home via webcam.
“In a post offering a cheating service, an actor explains that during exams, test-takers’ audio and video streams are directed to them so they can listen to and watch exams in real-time, bypassing the [invigilator],” he explained.
Cybersixgill also recorded a 73% increase in the number of leaked courses advertised on underground markets compared to 2021. Some of these are even available via free downloads, although the average price ranges from $5-200 depending on the quality and quantity of course content, course level and date.
While the market for these services is relatively small compared to other cybercrime offerings, the threat intelligence firm urged test and course providers for security certifications to monitor for attempts to game the system.
“Fake cybersecurity certificates pose a significant risk to employers who accidentally hire unqualified candidates misrepresenting their training,” Lerner concluded.
“Ultimately, the organizations that employ such individuals may discover their sensitive data in the wrong hands. Therefore, employers must take a few minutes to verify a prospective employee’s certifications to prevent such circumstances.”