Visit us at RSA USA 2019 in the North Expo on stand 4309

Blog

Get news about our products, which events we are attending plus industry insights and commentary

SSL Based Cyber-attacks Increase by 400% Over the Last Year

Written by Sarah Chandley on Friday, 15 March 2019. Posted in Cyber

A new report found that last year there had been a 400% increase in SSL-based phishing threats, criminals are increasingly using encryption as part of their toolkit to evade detection and launch malware. When data is encrypted, it cannot be accessed and exploited by unauthorised users. If you are sending sensitive information over the internet or using portable devices to store sensitive information it is essential to encrypt the data. Using this formula criminals are using encryption protocols like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to disguise malware, conceal malicious traffic and carry out phishing scams because these encryption protocols secure all application data, whether it is legitimate or malicious. This allows threats to blend in with legitimate traffic, essentially using a defenders security tactics against them.

Criminals use the SSL/TLS protocols as a tool to obfuscate their attack payload. A security device like a SIEM or multi-layered anomaly detection tool may be able to identify a cross-site scripting or SQL injection attack in plaintext, but if the same attack is encrypted using SSL/TLS, the attack will go through unless it has been decrypted first for inspection. In addition, holes and vulnerabilities have been found within the SSL/TLS protocol itself. As an internet protocol, SSL/TLS is vulnerable to bugs and exploits, such as renegotiation flaws, the POODLE vulnerability, Beast, Crime and Heartbleed.

The way to detect and mitigate against this type of attack is not to suspend the encryption of data in motion, as this protects a company's data and provides a level of protection and obscurity to malicious content entering the network. What is needed is a tool set that can provide SSL/TLS inspection capabilities, giving defenders the ability to examine potentially malicious content before it causes harm in the network. This is especially important as internet traffic is moving toward encrypted channels, which highlights how agile cybercrime truly is; the rate at which criminals adapt and take advantage of vulnerabilities is impressively scary.

This type of threat will mean different things to different types of organisations, security vendors like Telesoft scan for this type of threat at carrier scale for mobile operators, Internet Service Providers and large enterprise, meaning Terabytes of encrypted data has to be examined in order to detect potential incoming threats. These attacks are persistent, so the ability to able to do this in real-time is also critical in order to provide 360⁰ network protection. The way in which Telesoft provides this functionality is via the FlowProbe, this NetFlow Probe (IPFIX, SFlow & JFlow) uses flow data for network flow monitoring. The Probe extracts fields from the certificate which is reported in the SSL/TLS flow records for behaviour analysis, anomaly detection and alerting using Telesoft’s TDAC analysis suite. Using tools like the FlowProbe and TDAC gives defenders in security operations teams (SecOps) the ability to put in place a strong encryption inspection strategy providing accurate network security monitoring and visibility.

Talk to Telesoft about monitoring encrypted traffic in your network...cThis email address is being protected from spambots. You need JavaScript enabled to view it.

About the Author

Sarah Chandley

Sarah Chandley

Sarah is an experienced B2B technology marketing professional, creating content for the Cyber Security, Telco and Government Infrastructure sectors. 

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.