Search This Blog

Showing posts with label Websites. Show all posts

Warning for Shoppers: Be Aware of Ransomware


With time, cyber attackers are getting updated and using more advanced technologies to steal data and blackmail the victims to get the ransom. One such case happened last year with Austin business Tiny Pies’ Instagram.

The co-founder of Tiny Pies in Austin, Amanda Wadsworth, commented on this incident and explained that they received a mail from an unknown source, and though it looked unauthorized, they clicked on it. After opening the mail, the cyber attackers hacked their system and locked their data. They coerced them to give ransom or else they will delete the account. 

Many cases showed that attackers threaten the victims for a ransom, or else they will leak confidential information on the dark web, where a large amount of such important information is already uploaded, as a consequence of cyber-attacks. 

Bobby Stempfley, the vice president and business unit security officer for Dell Technologies, commented on the rise in cyber-attacks. Dell also has to face many cyber-attacks on Dell. 

She stated that the organizations hold an “astronomical amount of data.” The organizations are managing data that is ten times more than the data that was there five years ago. 

She mentioned, “It is an environment where, when you put in better protections, the threat actors work to find better ways to go, work around those protections.” 

Considering the passion of cyber attackers to continuously find new ways to invade into target’s system and steal data, Stempfley started training employees of Dell to educate them about this ransomware and make them able to identify phishing and other attacks by ransomware. 

Alert for holiday shoppers 

The security company Tanium said that the cases of cyber-attacks are maximum during the holiday shopping season. Tanium added that hackers target when there is higher traffic on websites, such as on holidays, when people surf online more to find good deals. 

Melissa Bischoping, the endpoint security research director at Tanium, said that "security is not just the responsibility of the company storing your data, but it is also an equal responsibility of the shoppers to be alert and aware of such attacks." 

She explained, Shoppers should be cautious when they receive an email and first confirm whether it is legitimate or not. Prefer the trusted official app or the website instead of clicking on the links in emails with “a holiday sale” text. 

She talked about other holiday scams that are carried out using botnets. Cyber attackers collect items that are popularly in demand and add them to sell. Melissa said that the updated technology is working as a helping tool for cyber attackers to target the victims. 

To use the technology as a productive tool for your purpose instead of making it a weapon for hackers, you should follow some tips while shopping for sales online, such as: 

1. In case you receive an email for a shopping sale, do not click on it directly. Search for its authentication on websites or apps. 

2. Do not leave your credit card unchecked. Keep checking your credit card to know if there are any fraudulent charges. 

3. Create different passwords for different websites and apps where you shop from.

Hackers Construct Fraudulent Websites & Steal Data During 'Black Friday' Sales


In accordance with a new report, threat actors are hosting websites for malicious campaigns centered on the Black Friday theme, with e-commerce, cryptocurrency, and travel being the top targets. 

Researchers discovered that cybercrime forums in various languages are buzzing with talk about Black Friday. According to CloudSEK researchers, who also discovered an Ethereum giveaway scam website, while some actors promote their malicious services/campaigns, others seek to use them.

“Compromised personal identifiable information (PII) and banking credentials can be used to perform unauthorized transactions and social engineering attacks,” they warned.

CloudSEK's contextual AI digital risk platform 'XVigil' discovered hundreds of registered and operational Black Friday-themed domains. The impersonation of legitimate websites, services for Google/Facebook ads, and the spread of malicious applications were all common types of attacks.

The discovery revealed that website cloning is a common technique used by hackers of all levels of sophistication to host bogus copies of legitimate websites.

"The iconic Black Friday sale has now become a global theme, with cybercriminals of all levels and expertise attempting to launch malicious campaigns." "The majority of these campaigns misrepresent or impersonate popular brands and companies offering sales and services in order to defraud the public," Desai added.

The researchers cautioned against accepting freebies, attractive deals, or third-party solutions that appear suspicious.

Hackers Use These Five Common Ways to Hack Websites


Cybercriminals frequently target all websites. Data theft, remote access, and malware distribution can all occur through social media platforms, online retailers, file-sharing services, and other types of online services. Hackers employ a variety of techniques to infiltrate websites, the top 5 types of attacks are discussed in this article. 

1. Brute force attacks 

Brute force attacks employ a trial-and-error method of cryptography to allow hackers to force their way into a website. Cryptography allows data to be stored safely, but it also involves the process of code-solving, which is what cybercriminals are interested in. A hacker can use cryptography to guess passwords, login credentials, and decryption keys. This technique can even be used to locate hidden web pages.

2. Keyloggers and Spyware

An attacker can use a keylogger to record all keystrokes made on an infected device or server. It is a type of monitoring software program that is widely used in data theft. For example, if someone enters their payment card information while a keylogger is active, the malicious operator will be able to spend money without the card owner's knowledge. In the case of websites, the attacker may be able to conceal the credentials required to log in and gain access by monitoring a website administrator with a keylogger. Keyloggers are a type of spyware, and spyware can take many forms, such as adware and Trojans.

3.Man-in-the-Middle Attacks

A malicious actor eavesdrops on private sessions in a Man-in-the-Middle (MitM) attack. The attacker will place themselves between a user and an application in order to gain access to valuable data that they can exploit. Instead of simply eavesdropping, the attacker could pretend to be a legitimate party.

Because much of the intercepted data may be encrypted via an SSL or TLS connection, the attacker must find a way to break this connection in order for the data to be interpreted. If the malicious actor is successful in making this data readable, such as through SSL stripping, they can use it to hack websites, accounts, and applications, among other things.

4. Remote Code Execution 

Remote Code Execution (RCE) is a fairly self-explanatory term. It entails the execution of malicious computer code from a remote location through a security flaw. Remote code execution can take place over a local network or the internet. This enables the attacker to gain physical access to the targeted device and infiltrate it.

An attacker can steal sensitive data and perform unauthorized functions on a victim's computer by exploiting an RCE vulnerability. Because this type of attack can have serious consequences, RCE vulnerabilities are (or should be) taken very seriously.

5. Third-Party Exploits

Thousands of businesses around the world rely on third-party vendors, particularly in the digital realm. Many applications act as third-party service providers for online businesses, whether they process payments, authenticate logins, or provide security tools. However, third-party vendors can be used to gain access to their client's websites.

Attackers can take advantage of a security vulnerability, such as a bug, in a third-party vendor. Some third-party applications and services have lax security measures, making them vulnerable to hackers. This exposes sensitive data from a website to the attacker for retrieval. Even if the website has advanced security features, the use of third-party vendors can be a weakness.

Unfortunately, even when we use the proper security measures, websites and accounts are still vulnerable to attacks. As cybercriminals improve their methods, it becomes more difficult to detect red flags and stop an attack in its tracks. However, it is critical to be aware of the tactics used by cybercriminals and to employ the proper security practices to protect yourself as much as possible.

Change These Settings to Prevent Your Android From Tracking You


You are being watched at every turn in today's connected world. You can have different kinds of apps and websites to track and collect your data for a wide range of purposes, both for personal and commercial use. A prominent example of this can be seen when Apple utilizes your data to process your transactions. Twitter can serve you with relevant advertisements, and Life360 can help it improve its location services based on your information.

There are, however, some apps and websites that utilize your personal information for the greater good, but not all of them. The same applies to your privacy, so it is always a wise idea to protect it as much as possible. 

The steps below are designed to help you stop your Android device from tracking you if you are using one. This includes deleting your web and app activity history, turning off your apps' location access, and disabling unnecessary location settings. 

By taking advantage of your location history 

The GPS feature of your Android phone is probably the most powerful way to track your location when using the phone. By signing into your Google account and allowing Location History to be enabled, Google can keep track of every place you visit when you are signed in. Several benefits can be gained from it, such as personalized maps, traffic reports, and the ability to find your phone when it is lost. These can enhance your experience in many ways. 

On the other hand, if you do not want Google following you everywhere, you can turn off location history. Here are the steps you need to follow to do so: 

  • Open the Settings app on your mobile device.
  • Open the Google search engine.
  • On the Google Account page, tap on "Manage your Google Account."
  • Click on the tab labeled "Date & privacy."
  • Next, below the History settings, select Location History. 
  • After that tap the "Turn off" button. 
  • Eventually, a dialog box will pop up, tap on "Pause". 
Regardless of whether you wish to delete your Location History or not, you can do so. As a result, you can remove data from the last 3, 18, or 36 months. 

You can set up Google to automatically delete your account by following these steps: 

  • Open Google Maps. 
  • Click on your profile icon. 
  • Select the timeline you wish to delete. 
  • Towards the top-right corner, click on the More icon (three vertical dots). 
  • Select "Settings and privacy" from the menu.
  • Under "Location settings," choose "Automatically delete Location History." 
  • Select "Auto-delete activity older than." 
  • From the drop-down menu, choose either three, 18, or 36. 
  • Tap Next. 
  • Select Confirm. 
  • Tap on the "Got it" button to exit. 

Your data will be automatically deleted from your account within the next few days if it has been older than the specified months. 

Tracing web and app activity 

Several settings on your phone can save your location, including Location History. The Web & App Activity gives you the same information as well as a lot more. Whenever you decide to enable Web & App Activity in your Google Account (via Google), you will be able to see the information you have entered and the location, IP address, ads you clicked, and even the things you have purchased (by Google). The following steps will guide you through the process of turning off this setting: 
  • Launch your Settings app. 
  • Scroll down and tap on Google. 
  • Select "Manage your Google Account." 
  • Navigate to the "Data & privacy" tab. 
  • Under "History settings," select "Web & App Activity." 
  • Click the "Turn off" button to disable Web & App Activity. 
  • Tap on Pause.
  • Click "Got it" to exit. 
  • Back on the "Web & App Activity" page, tap on the "Choose an auto-delete option" to automatically delete saved data. 
  • Select "Auto-delete activity older than."
  • From the drop-down menu, choose whether to delete saved data older than three, 18, or 36 months.
  • Click on Next. 
  • Select Confirm. 
  • Tap on "Got it" to exit. 

Update your location settings 

Additionally, you should also make sure that settings for your phone's location are changed, as well as blocking Google from saving your location. The settings you can turn off include the following:


Scanners that help you locate nearby Wi-Fi and Bluetooth devices: The phone can detect nearby Wi-Fi and Bluetooth devices so it can get better location information based on their locations.

Location Services for Emergency Responses: Provides emergency responders with the ability to pinpoint your location when an emergency occurs.

Using the sensors on your phone, Wi-Fi, and the network of your mobile device, Google Location Accuracy improves the location information provided by your phone.

The steps listed below will guide you through the process of managing these settings (via Google): 

  • Launch the Settings app. 
  • Select Location. 
  • Toggle the slider off for "Use location" on top of the screen. 
  • Select "Wi-Fi and Bluetooth sharing." 
  • Turn off the sliders for both "Wi-Fi scanning" and "Bluetooth scanning." 
  • Return to the Location screen by clicking the Back button.
  • Select Advanced.
  • Tap on Emergency Location Service. 
  • Toggle the slider off if you prefer to do so. 
  • Return to the Location screen. 
  • Tap on Google Location Accuracy. 
  • Toggle the slider off next to "Improve Location Accuracy." 

Edit your device's permissions 

Location access is required by the majority of apps, if not all, so that you can get the best possible experience. If you live in a place where Facebook uses your location as an algorithm, you will be able to automatically include it when you post about it, find nearby places, and receive relevant ads.

By navigating to settings > Location > App access to location (via Google), you will be able to see which apps have access to your location and how they do it. The apps here fall under three categories: permitted all the time, permitted only while in use, and not permitted at all. If you have apps under "allowed all the time" and "available only while in use" that you want to remove location access to, simply tap the app. Then, select "Don't allow." 

The app will perform closer to your actual location if you enable the "Use precise location" toggle button for Android 12. This is only available when the app is running on Android 12, and when it does it uses your exact location. By switching this off, you will be able to see your approximate location instead of your exact location when you turn this off. Your location will appear to be somewhere within a radius of three kilometers of the actual location of the device. 

Check your Google Chrome settings 

It is common for you to come across websites when you are browsing the internet that will wish to know where you are located. A certain amount of help can be obtained from this method in some cases. Using a hardware retailer's website, for example, will allow it to display the closest hardware store near you, based on the information you provided on the company's website. 

You can check what websites currently have access to your location from your Google Chrome (via Google).

  • Launch the app. 
  • Tap on the More icon (three vertical dots) in the top-right corner of the screen. 
  • Select Settings. 
  • Scroll down to the "Advanced" section. 
  • Tap on Site settings. 
  • Select Location. 
  • Expand the "Allowed" section to check all the apps that can see your location. 
It is very simple to remove a site's location access by simply tapping on the site you wish to remove it from. Next, select the Block option from the drop-down menu. In addition, you can also turn off the location-sharing feature of Google Chrome to prevent it from tracking your location at all. By disabling this feature, you do not have to share your location with any sites you visit. Alternatively, if you are particularly concerned about the security of your data, you can consider switching to Tor or Firefox as alternative Android browsers. 

The advertising ID should be turned off

In today's world, ads are becoming more and more sophisticated. After researching plaid skirts one day, the next day you will be bombarded with advertisements for plaid skirts that you have never seen before. The ads online act as if they are watching every move you make and know exactly what you like before they ever reach your computer. Here, you will find instructions on how to disable this feature on your Android device (via Google). 

  • Launch your Settings app. 
  • Open Google.
  • Tap on "Manage your Google Account." 
  • Navigate to the "Data & privacy" tab. 
  • Under Ad settings, tap on "Ad personalization." 
  • Toggle off the slider next to "Ad personalization is ON." 
  • Select Turn off in the pop-up box. 
  • Tap on "Got it" to exit. 

However, disabling ad personalization does not mean you will stop seeing ads moving forward. They will still be there, but the upside is that they will only be general ads, not creepy personalized ones. 

If you disable ad personalization from your device, you may still see ads in the future despite disabling them.

Researchers Recently Made the World's Websites Less Vulnerable to Hacking and Cyberattacks


An international team of researchers has created a scanning tool to reduce the vulnerability of websites to hacking and cyberattacks. The black box security assessment prototype, which was tested by engineers in Australia, Pakistan, and the UAE, outperforms existing web scanners, which collectively fail to detect the top ten weaknesses in web applications. 

Dr Yousef Amer, a mechanical and systems engineer at UniSA, is one of the co-authors of a new international paper that describes the tool's development in the wake of increasing global cyberattacks. Cybercrime cost the globe $6 trillion in 2021, representing a 300 percent increase in online criminal activity over the previous two years. 

Remote working, cloud-based platforms, malware, and phishing scams have resulted in massive data breaches, while the implementation of5G and Internet of Things (IoT) devices has made us more connected – and vulnerable – than ever. Dr. Yousef Amer and colleagues from Pakistan, the United Arab Emirates, and Western Sydney University highlight numerous security flaws in website applications that are costing organisations badly.

Because of the pervasive use of eCommerce, iBanking, and eGovernment sites, web applications have become a prime target for cybercriminals looking to steal personal and corporate information and disrupt business operations. Despite an anticipated $170 billion global outlay on internet security in 2022 against a backdrop of escalating and more severe cyberattacks, existing web scanners, according to Dr. Amer, fall far short of evaluating vulnerabilities.

“We have identified that most of the publicly available scanners have weaknesses and are not doing the job they should,” he says.

Almost 72% of businesses have experienced at least one serious security breach on their website, with vulnerabilities tripling since 2017. According to WhiteHat Security, a world leader in web application security, 86% of scanned web pages have on average 56% vulnerabilities. At least one of these is classified as critical. The researchers compared the top ten vulnerabilities to 11 publicly available web application scanners.

“We found that no single scanner is capable of countering all these vulnerabilities, but our prototype tool caters for all these challenges. It’s basically a one-stop guide to ensure 100 per cent website security. There’s a dire need to audit websites and ensure they are secure if we are to curb these breaches and save companies and governments millions of dollars,”Dr Amer stated.

Global Scam Operation "Classiscam" Expanded to Singapore


Classiscam, a sophisticated scam-as-a-service business, has now entered Singapore, after more than 1.5 years  migrating to Europe. 

"Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data," Group-IB said in a report shared with The Hacker News. 

The operators were described as a "well-coordinated and technologically advanced scammer criminal network" by the cybersecurity firm. Classiscam is a Russia-based cybercrime operation that was originally detected in the summer of 2019 but only came to light a year later, coinciding with an uptick in activity due to an increase in online buying following the COVID-19 epidemic. 

Classiscam, the pandemic's most commonly utilised fraud scheme, targets consumers who use marketplaces and services related to property rentals, hotel bookings, online bank transfers, online retail, ride-sharing, and package deliveries. Users of major Russian ads and marketplaces were initially targeted, before spreading to Europe and the United States. 

Over 90 active organisations are said to be utilising Classiscam's services to target consumers in Bulgaria, the Czech Republic, France, Kazakhstan, Kirghizia, Poland, Romania, Ukraine, the United States, and Uzbekistan. The fraudulent operation spans 64 countries in Europe, the Commonwealth of Independent States (CIS), and the Middle East, and employs 169 brands to carry out the assaults. Criminals using Classiscam are reported to have gained at least $29.5 million in unlawful earnings between April 2020 and February 2022. 

This campaign is remarkable for its dependence on Telegram bots and conversations to coordinate activities and generate phishing and scam pages. Here's how it all works: Scammers put bait advertising on famous marketplaces and classified websites, frequently promising game consoles, laptops, and cellphones at steep prices. When a potential victim contacts the seller (i.e., the threat actor) via the online storefront, the Classiscam operator dupes the target into continuing the conversation on a third-party messaging service like WhatsApp or Viber before sending a link to a rogue payment page to complete the transaction. 

The concept includes a hierarchy of administrators, workers, and callers. While administrators are in charge of recruiting new members, automating the building of scam pages, and registering new accounts, it is the employees that make accounts on free classifieds websites and submit the false advertising. 

"Workers are key participants of the Classiscam scam scheme: their goal is to attract traffic to phishing resources," the researchers said. 

In turn, the phishing URLs are produced by Telegram bots that replicate the payment pages of local classified websites but are housed on lookalike domains. This necessitates the workers to submit the URL containing the bait product to the bot. 

"After initial contact with the legitimate seller, the scammers generate a unique phishing link that confuses the sellers by displaying the information about the seller's offer and imitating the official classified's website and URL," the researchers said. 

"Scammers claim that payment has been made and lure the victim into either making a payment for delivery or collecting the payment." 

The phishing pages also offer the option of checking the victim's bank account balance in order to find the most "valuable" cards. Furthermore, some cases involve a second attempt to deceive the victims by phoning them and requesting a refund in order to collect their money back. 

These calls are made by assistant employees posing as platform tech support professionals.  In this scenario, the targets are sent to a fraudulent payment page where they must input their credit card information and confirm it with an SMS passcode. Instead of a refund, the victim's card is charged the same amount again.

While the aforementioned method is an example of seller scam, in which a buyer (i.e., victim) receives a phishing payment link and is cheated of their money, buyer scams also exist.

A fraudster contacts a legal vendor as a client and sends a bot-generated fraudulent payment form imitating a marketplace, ostensibly for verification purposes. However, after the seller inputs their bank card details, an amount equal to the cost of the goods is debited from their account.

Classiscammers' complete attack infrastructure consists of 200 domains, 18 of which were constructed to deceive visitors of an undisclosed Singaporean classified website. Other sites in the network masquerade as Singaporean movers, European, Asian, and Middle Eastern classified websites, banks, markets, food and cryptocurrency businesses, and delivery services.

"As it sounds, Classiscam is far more complex to tackle than the conventional types of scams," Group-IB's Ilia Rozhnov siad. "Unlike the conventional scams, Classiscam is fully automated and could be widely distributed. Scammers could create an inexhaustible list of links on the fly."

"To complicate the detection and takedown, the home page of the rogue domains always redirects to the official website of a local classified platform."

Cyberattack Struck Norway, Pro-Russian Hacker Group Fingered


According to Norwegian authorities, a cyberattack momentarily took offline public and private websites in Norway in the last 24 hours.

As per Norwegian Prime Minister Jonas Gahr Stre, the attack has not caused any serious harm. According to the Norwegian National Security Authority, the distributed-denial-of-service (DDOS) attack targeted a secure national data network, causing the temporary suspension of internet services for many hours. 

According to NSM chief Sofie Nystrm, the attacks appear to be the work of a criminal pro-Russian gang. She went on to say that the attacks "create the sense that we are a piece in Europe's present political crisis." 

So according to Norwegian media, the country's ambassador to Moscow was called to the Foreign Ministry on Wednesday for a protest about Russian supplies being denied transit via Norway to an Arctic Russian coal-mining settlement. 

The hamlet of Barentsburg is located in the Svalbard archipelago, some 800 kilometres (500 miles) north of the Norwegian mainland. Because of the war in Ukraine, the European Union has imposed restrictions on a number of Russian commodities. 

Norway is not a member of the EU, although it follows its policies on most issues. Norway has sovereignty over the Svalbard archipelago by a 1920 treaty, but other signatory countries have the right to use its natural resources. 

The cyberattack on Norway occurred two days after a similar attack briefly shut down official and private websites in Lithuania, with a pro-Moscow hacking group claiming responsibility. That event occurred just a week after Russian authorities warned of retaliation because Lithuania blocked the transit of steel and ferrous metals sanctioned by the EU via its territory to Russia’s exclave of Kaliningrad.

Night Sky: New Ransomware Targeting Corporate Networks


The new year has brought with it new ransomware named 'Night Sky,' which targets corporate networks and steals data in double-extortion attacks. 

The Night Sky operation began on December 27th, according to MalwareHunterTeam, which was the first to identify the new ransomware. The ransomware has since published the data of two victims. 

One of the victims got an initial ransom demand of $800,000 in exchange for a decryptor and the promise that the stolen material would not be made public. 

How Night Sky encrypts devices

A sample of the Night Sky ransomware seen by BleepingComputer has a personalised ransom note and hardcoded login credentials to access the victim's negotiation page. 

When the ransomware is activated, it encrypts all files except those with the.dll or.exe file extensions. The ransomware will not encrypt the following files or folders: 
Tor Browser
Internet Explorer
Opera Software
Mozilla Firefox
All Users
Program Files
Program Files (x86)

Night Sky appends the.nightsky extension to encrypted file names while encrypting them. A ransom letter named NightSkyReadMe.hta is included in each folder, and it provides details about what was stolen, contact emails, and hardcoded passwords to the victim's negotiation page. 

Instead of communicating with victims through a Tor site, Night Sky employs email addresses and a transparent website that runs Rocket.Chat. The credentials are used to access the Rocket.Chat URL specified in the ransom note. 

Double extortion tactic: 

Before encrypting devices on the network, ransomware operations frequently grab unencrypted data from victims. Threat actors then utilize the stolen data in a "double-extortion" scheme, threatening to leak the information unless a ransom is paid. 

Night Sky built a Tor data leak site to leak the data of victims, which now contains two victims, one from Bangladesh and the other from Japan. While there hasn't been much activity with the new Night Sky ransomware operation, one should keep a watch on it as we enter the new year.

Half of Sites Still Using Legacy Crypto Keys


While the internet is growing more secure gene but slightly more than half of the websites' cryptographic keys are still generated using legacy encryption algorithms, as per the new research.

Security firm Venafi enlisted the assistance of renowned researcher Scott Helme to examine the world's top one million websites over the last 18 months. The TLS Crawler Report demonstrated some progress in a few areas. 

Nearly three-quarters of websites (72 per cent) now actively redirect traffic to HTTPS, a 15 per cent increase since March 2020. Even better, more than half of the HTTPS sites evaluated are using TLSv1.3, the most recent version of TLS. It has now surpassed TLSv1.2 as the most widely used protocol version. 

Furthermore, nearly one in five of the top one million websites now use the more secure HSTS (HTTP Strict Transport Security), which increased 44 per cent since March 2020. Even better, in the last six years of monitoring, the number of top one million sites using EV certificates has dropped to its lowest level ever. These are known for their slow, manual approval processes, which cause end users too much discomfort. 

Let's Encrypt, on the other hand, is now the most popular Certificate Authority for TLS certificates, with 28 per cent of sites using it. There is, however, still more to be done. 

According to the report, approximately 51% of sites still produce authentication keys using legacy RSA encryption techniques. These, along with TLS, help to verify and secure connections between physical, virtual, and IoT devices, APIs, applications, and clusters. 

ECDSA, a public key cryptography encryption technique with increased computational complexity and smaller authorization keys, is a far more secure alternative to RSA. As per Venafi, this implies they require less bandwidth to establish an SSL/TLS connection, making them perfect for mobile apps and IoT and embedded device support. 

Helme explained, "I would have expected that the rise in adoption of TLSv1.3 usage would have driving the ECDSA numbers up much more. One of the main reasons to keep RSA around for authentication is legacy clients that don't support ECDSA yet, but that seems at odds with the huge rise in TLSv1.3 which isn't supported by legacy clients. We also continue to see the use of RSA 3072 and RSA 4096 in numbers that are concerning.” 

“If you're using larger RSA keys for security reasons then you should absolutely be on ECDSA already which is a stronger key algorithm and offers better performance. My gut feeling here is that there's a lot of legacy stuff out there or site operators just haven't realized the advantages of switching over to ECDSA.”