SSL-based cyber attacks surged 30% over the past six months

Zscaler says hackers launch up to 800,000 encrypted attacks every day

Cyber criminals are increasingly using encryption technologies such as SSL to launch and hide attacks from malware detection tools, with threats rising by 30% compared to the first half of 2017, according to a new report.

Zscaler ThreatLabZ's bi-annual Secure Sockets Layer (SSL) trends report found that each day the company blocks up to 800,000 data transfers exploiting SSL encryption to transport cyber threats. By comparison, in the first six months of 2017, the company blocked 600,000 transactions on average.

The company said one of the most popular ways criminals launched attacks was using newly registered domains that were similar to well-known brand names such as DocuSign, Microsoft, Apple and Dropbox.

The SSL cryptographic protocol was first introduced in 1994 in response to growing concerns about the transfer of sensitive data online, providing a secure route between two domains - for example, a web browser and web server using HTTPS. The protocol was eventually replaced in 1999 by Transport Layer Security (TLS), although they're often used interchangeably.

However, since as early as 2011, SSL certificates have been found to contain vulnerabilities that allow hackers to bypass encrypted traffic, forcing many companies to remove thousands of certificates from their websites. 

Other methods of launching attacks included using SSL/TLS for communication with command and control (C&C) server activity such as documents, APKs and executable files. The most popular threats in this category were banking trojans (60%), ransomware (25%) and other trojan viruses (12%).

When Zscaler looked into how these attacks were able to happen, it revealed that although the majority of websites had a legitimate SSL certificate, in some cases, criminals were able to make use of free short-lived certificates to distribute malicious content.

"Web properties are quickly adopting SSL/TLS to curb privacy concerns, but without inspection of encrypted traffic, enterprises run the risk of an attack," said Deepen Desai, Zscaler senior director of security research and operations. "Yet, SSL inspection can cause significant performance degradation on security appliances. A multi-layer defense-in-depth strategy that fully supports SSL/TLS inspection is essential to ensure enterprises are secure."

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Lookout reveals mobile-first endpoint detection and response solution
Security

Lookout reveals mobile-first endpoint detection and response solution

21 Oct 2020
Cisco finds an increase in security concerns due to remote working
Security

Cisco finds an increase in security concerns due to remote working

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
'Robin Hood' hackers donate stolen Bitcoin to charity
ransomware

'Robin Hood' hackers donate stolen Bitcoin to charity

21 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020