The appearance of https in your web browser used to provide an assurance that it was safe to carry out a transaction on that website. Yet, in the ever-changing internet landscape we navigate, this is now often far from the case. Cyber attacks continue to evolve in order to evade security measures, and criminals have found ways to use https to do just that.
Https was developed to protect the privacy and integrity of the data being transferred via the internet. It encrypts data – using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) – so criminals can’t see the information you are send. This inability to see what is being sent, however, is now being exploited by those criminals.
Claim your free cyber security assessment
Encryption has, in effect, created a secure private tunnel which can bypass older legacy firewalls and provide ready access to a corporate network. With https connections accounting for 64.6% of web connections in the fourth quarter of 2015, this is serving up plenty of opportunity for cybercrime. A typical phishing campaign will now entice victims to click through to an https website that, when visited, will begin downloading malware on to their computer in the background without their knowledge.
Florian Malecki, international product marketing director at Dell Security, says although the growth of SSL and TLS encryption is a positive trend in many ways, it has provided this tempting new threat vector for hackers.
“Using SSL or TLS encryption, skilled attackers can cipher command and control communications and malicious code to evade intrusion prevention systems and anti-malware inspection systems,” he said. “This tactic was used in a crafty malvertising campaign in August 2015 to expose as many as 900 million Yahoo users to malware by redirecting them to a site that was infected by the Angler exploit kit.”
That malvertising campaign, which tricked an automated ad network into delivering malware, found a way to target Yahoo users via vulnerabilities in the Microsoft Azure platform and was reported to be one of the largest ever attacks of its kind.
While older firewalls are not equipped to cope with this type of threat, many vendors have responded to this by producing next generation firewalls. This technology can dig deeper, scan encrypted traffic and carry out deep packet inspection (DPI) – ensuring nothing slips through the net.
Malecki advises businesses to avoid falling victim to this type of attack by making sure software is updated and security best practice procedures are followed. He adds: “In addition to this, companies must upgrade to a capable, extensible next-generation firewall with integrated SSL-DPI inspection combined with adaptive sandboxing services, to ensure their networks monitor clear and encrypted traffic simultaneously at all times.”