SSL/TLS certificates are the backbones of secure communication, it encrypts the sensitive information that sent across the internet, so that, only the intended recipients can get access to it.
The SSL/TLS certificates provides trust with lock icon and also provides authentication, which makes you to ensure the information has been sent to the correct server.
But the certificates are poorly protected, which allows attackers to abuse them and use it for launching a high-profile attacks.
Evidence-based Cybersecurity Research Group published a detailed report on the volumes of SSL/TLS certificates that available for sale on the dark web, including the details on how they are packaged and sold to attackers. The report highlights the emergence of identity-as-a-service on the dark web marketplace.