SSL-based cyber attacks surged 30% over the past six months

Cyber criminals are increasingly using encryption technologies such as SSL to launch and hide attacks from malware detection tools, with threats rising by 30% compared to the first half of 2017, according to a new report.

Zscaler ThreatLabZ's bi-annual Secure Sockets Layer (SSL) trends report found that each day the company blocks up to 800,000 data transfers exploiting SSL encryption to transport cyber threats. By comparison, in the first six months of 2017, the company blocked 600,000 transactions on average.

The company said one of the most popular ways criminals launched attacks was using newly registered domains that were similar to well-known brand names such as DocuSign, Microsoft, Apple and Dropbox.

The SSL cryptographic protocol was first introduced in 1994 in response to growing concerns about the transfer of sensitive data online, providing a secure route between two domains - for example, a web browser and web server using HTTPS. The protocol was eventually replaced in 1999 by Transport Layer Security (TLS), although they're often used interchangeably.

However, since as early as 2011, SSL certificates have been found to contain vulnerabilities that allow hackers to bypass encrypted traffic, forcing many companies to remove thousands of certificates from their websites.

Other methods of launching attacks included using SSL/TLS for communication with command and control (C&C) server activity such as documents, APKs and executable files. The most popular threats in this category were banking trojans (60%), ransomware (25%) and other trojan viruses (12%).

When Zscaler looked into how these attacks were able to happen, it revealed that although the majority of websites had a legitimate SSL certificate, in some cases, criminals were able to make use of free short-lived certificates to distribute malicious content.

"Web properties are quickly adopting SSL/TLS to curb privacy concerns, but without inspection of encrypted traffic, enterprises run the risk of an attack," said Deepen Desai, Zscaler senior director of security research and operations. "Yet, SSL inspection can cause significant performance degradation on security appliances. A multi-layer defense-in-depth strategy that fully supports SSL/TLS inspection is essential to ensure enterprises are secure."

Clare Hopping
Freelance writer

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.

Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.

As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.