Security researchers uncover underground cybercriminal sites selling fraudulent services, leaked courses, and fake certificates to deter malicious individuals from gaining security credentials or advancing their careers. I am supporting.
Cybersixgill’s head of threat research, Dov Lerner, said in a new report today that his team found fake CompTIA CySA+ diplomas on the dark web. These counterfeits should be easy to spot, he added, because each legitimate certificate has a unique serial number.
However, other cheats can be more difficult to spot. Lerner said some dark web vendors offer buyers a way to cheat on exams such as CompTIA, Cisco, Microsoft, Google and AWS, allowing candidates to take exams at home via webcam. You can receive it.
“In a post offering cheating services, one actor explains that during the exam, test takers’ audio and video streams are directed at them so they can hear and watch the exam in real time. [invigilator],” he explained.
Cybersixgill also recorded a 73% increase in the number of leaked courses advertised on the underground market compared to 2021. Depending on the quality and quantity of course content, the average price ranges from $5 to $200, but some of these are free downloads. Course level and date.
The market for these services is relatively small compared to other cybercrime offerings, but threat intelligence firms have urged providers of security certification tests and courses to monitor attempts to manipulate systems.
“Fake cybersecurity certifications pose a significant risk to employers who misrepresent their training and falsely hire unqualified candidates,” Lerner concluded.
“Eventually, organizations employing such individuals may discover that sensitive data is in the wrong hands. It should take a few minutes to verify a prospective employee’s eligibility.”
