Encrypted Threats

  • Published: Wednesday, Nov. 18, 2020

Cyber crooks are hiding their attacks using SSL/TLS. Encryption normally offers protection for legitimate traffic; it protects online data in transit from being compromised. More than 85% of web traffic is encrypted. However, the cyber criminal has been leveraging this protocol for nefarious purposes.

The common encryption protocols, Secure Socket Layers (SSL)/Transport Layer Security (TLS) have been weaponized by bad actors. (Note: TLS has become the protocol for encryption but these related technologies are still referred to as SSL/TLS.)

An organization may not inspect the SSL traffic because there is an assumption of it originating from a trusted source. Attackers will obtain SSL certificates in order to bypass an organization's defenses and deliver the payload.

Attackers will use HTTPS (Hypertext Transfer Protocol Secure) in a similar fashion. HTTPS will provide a secure connection between your browser and the website. By using HTTPS encryption, they can bypass firewalls and other behavior analytic tools. Appearing as legitimate, an invader can easily sneak onto the network and deliver its malware.

Examples of encrypted threats

  • Email attachments
  • Ransomware and malware
  • Malicious websites

How to protect against these threats

  • Modern firewalls have deep packet inspection and other advanced solutions for detecting malicious traffic.
  • Inspections of network traffic is core to your security strategy.
  • Use anti-virus software.
  • Education for end users is always a proven defense.

Of course, zero-day attacks always prove to be an issue when it comes to defense. If there is no signature for the anti-virus or firewall it will be unable to circumvent the attack.