Cyber security agency warns about compromised RSA keys

Millions of RSA keys have been inadvertently exposed, significantly compromising the security of digital communications worldwide, Jamaica's National Security Operations Centre has disclosed.

RSA keys are used as encryption for secure communication.

The National Security Operations Centre, in a public advisory post on X – formerly Twitter – said a recent investigation has revealed that “millions of RSA keys” have been “inadvertently exposed”.

The centre is a division of Jamaica's Cyber Incident Response Team.

It said among the risks involved is that a exposed keys can be used by attackers to issue fraudulent digital certificates, allowing them to impersonate trusted organisations, conduct phishing campaigns and perpetuate fraud.

Further, the centre warned that the compromised keys could allow “adversaries” to decrypt sensitive data, including personal information, financial records and proprietary business data, leading to “significant private violations and corporate espionage”.

“This exposure undermines the integrity of cryptographic systems relied upon by governments, financial institutions and private organisations, eroding trust in the security of online transactions and communications,” it said.

“This incident threatens the very foundation of public key infrastructure, potentially enabling threats actors to forge digital identities and intercept or decrypt confidential communications,” it warned.

Recommendations for Safe Practises

• Immediate Key Revocation: Urgently coordinate with certificate authorities (CAs) to revoke all potentially compromised RSA keys and digital certificates. Ensure that all affected entities are notified to prevent further misuse.

• Reissue Secure Certificates: Work with trusted CM to promptly reissue new certificates, ensuring that the new keys are generated using robust, secure methods.

• Strengthen Key Management: Review and enhance your key management practises. This includes implementing robust security controls for key storage and access, and ensuring that cryptographic keys are stored in secure hardware modules.

• Consider Cryptographic Upgrades: Evaluate transitioning to more advanced cryptographic algorithms (such as elliptic curve cryptography) which may offer enhanced security compared to RSA.

• Increase Monitoring and Incident Response: Strengthen network monitoring and establish a robust incident response plan to quickly identify and mitigate any malicious activity arising from the exposure.

• Stay Informed: Continuously monitor threat intelligence feeds and security advisories for updates on this incident, ensuring that all recommended patches and mitigations are applied promptly.

Editor's Note: A previous version of this story referred to 'RSA token keys'. That was incorrect. The issue involves RSA keys. We regret the error.

Follow The Gleaner on X, formerly Twitter, and Instagram @JamaicaGleaner and on Facebook @GleanerJamaica. Send us a message on WhatsApp at 1-876-499-0169 or email us at onlinefeedback@gleanerjm.com or editors@gleanerjm.com.