SSL-based cyber attacks surged 30% over the past six months

Zscaler says hackers launch up to 800,000 encrypted attacks every day

Cyber criminals are increasingly using encryption technologies such as SSL to launch and hide attacks from malware detection tools, with threats rising by 30% compared to the first half of 2017, according to a new report.

Zscaler ThreatLabZ's bi-annual Secure Sockets Layer (SSL) trends report found that each day the company blocks up to 800,000 data transfers exploiting SSL encryption to transport cyber threats. By comparison, in the first six months of 2017, the company blocked 600,000 transactions on average.

The company said one of the most popular ways criminals launched attacks was using newly registered domains that were similar to well-known brand names such as DocuSign, Microsoft, Apple and Dropbox.

The SSL cryptographic protocol was first introduced in 1994 in response to growing concerns about the transfer of sensitive data online, providing a secure route between two domains - for example, a web browser and web server using HTTPS. The protocol was eventually replaced in 1999 by Transport Layer Security (TLS), although they're often used interchangeably.

However, since as early as 2011, SSL certificates have been found to contain vulnerabilities that allow hackers to bypass encrypted traffic, forcing many companies to remove thousands of certificates from their websites. 

Other methods of launching attacks included using SSL/TLS for communication with command and control (C&C) server activity such as documents, APKs and executable files. The most popular threats in this category were banking trojans (60%), ransomware (25%) and other trojan viruses (12%).

When Zscaler looked into how these attacks were able to happen, it revealed that although the majority of websites had a legitimate SSL certificate, in some cases, criminals were able to make use of free short-lived certificates to distribute malicious content.

"Web properties are quickly adopting SSL/TLS to curb privacy concerns, but without inspection of encrypted traffic, enterprises run the risk of an attack," said Deepen Desai, Zscaler senior director of security research and operations. "Yet, SSL inspection can cause significant performance degradation on security appliances. A multi-layer defense-in-depth strategy that fully supports SSL/TLS inspection is essential to ensure enterprises are secure."

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Microsoft seizes domains used by Chinese hacking group
cyber attacks

Microsoft seizes domains used by Chinese hacking group

7 Dec 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage
digitisation

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021