A new report was compiled today, from the data and intelligence that cybersecurity researchers have gathered in the second half of 2018.
If we look at recently released data from Google, we will see that the number of pages that are using HTTPS, compared to HTTP, is over 90 percent higher. The obvious reason is the advent of free SSL certificate providers like Let’s Encrypt or the commercial CA’s free short-life certificates. Another reason that must be taken into consideration is strict user data privacy requirements, which force website owners to move their sites to HTTPS.
But like anything good there is a big downside too: cybercriminals are actively taking advantage of this encrypted channel to conduct malicious activity. For example in the second half of 2018, there were 1.7 billion threats recorded în this report alone.
From looking at this data researchers concluded that there is a trend where the hackers are leveraging encrypted channels across the different stages of the infection cyberattack.
In most of the cases, it starts with the initial delivery vector, which is where common vectors include compromised sites, phishing pages. The point of beginning is almost always the same: malvertising attempts, where the user visits a perfectly legitimate site, and there is an ad that is getting loaded from a compromised ad server which starts the infection cycle.
Rarely it was seen that there are encrypted channels used to actually deliver the exploit payload or the malware payload to the end user.
At the end when the victim is infected, the encryption will be used in SSL/TLS based connections for command and control purposes.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
For those who don’t know SSL or digital certificates. SSL certificates are used to establish an encrypted channel between the web server and the internet browser. These certificates include information about the owner’s identity as well as the digital signature of the entity that has verified the certificate.
Mainly there are three types of certificates based on the verification methods:
– the first one is domain validated cert (DV cert), which is usually only valid if the person requesting the certificate has the ownership of the domain for which the certificate is being requested.
– the second one is organization validated (OV certs), this is granted after verifying organization level details such as business name, physical address.
– the third one is an extended validated cert (EV certs); this cert includes all DV and OV checks and also require verification of the requester’s identity.
DV certificates are the most abused one because the hackers only need to prove that he or she has ownership of the domain. But the most concerning fact is that there was eleven percent of OV malicious certificates detected în this report. This happens because the site that is using an OV cert was compromised.
Even the EV ones are not bulletproof, the recent Bank of America phishing example is a good demonstration of this fact.
The report concludes that 80 percent of the internet bound traffic from the enterprise network is over an encrypted channel. This represents a big blind spot for modern enterprises that are not inspecting SSL/TLS traffic. Just take the case of a payload that is being delivered through a site like Dropbox, or Google Cloud, or AWS, or an encrypted channel. This is where domain IP-based filtering will fail completely for example.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.