SSL-based cyber attacks surged 30% over the past six months

Zscaler says hackers launch up to 800,000 encrypted attacks every day

Cyber criminals are increasingly using encryption technologies such as SSL to launch and hide attacks from malware detection tools, with threats rising by 30% compared to the first half of 2017, according to a new report.

Zscaler ThreatLabZ's bi-annual Secure Sockets Layer (SSL) trends report found that each day the company blocks up to 800,000 data transfers exploiting SSL encryption to transport cyber threats. By comparison, in the first six months of 2017, the company blocked 600,000 transactions on average.

The company said one of the most popular ways criminals launched attacks was using newly registered domains that were similar to well-known brand names such as DocuSign, Microsoft, Apple and Dropbox.

The SSL cryptographic protocol was first introduced in 1994 in response to growing concerns about the transfer of sensitive data online, providing a secure route between two domains - for example, a web browser and web server using HTTPS. The protocol was eventually replaced in 1999 by Transport Layer Security (TLS), although they're often used interchangeably.

However, since as early as 2011, SSL certificates have been found to contain vulnerabilities that allow hackers to bypass encrypted traffic, forcing many companies to remove thousands of certificates from their websites. 

Other methods of launching attacks included using SSL/TLS for communication with command and control (C&C) server activity such as documents, APKs and executable files. The most popular threats in this category were banking trojans (60%), ransomware (25%) and other trojan viruses (12%).

When Zscaler looked into how these attacks were able to happen, it revealed that although the majority of websites had a legitimate SSL certificate, in some cases, criminals were able to make use of free short-lived certificates to distribute malicious content.

"Web properties are quickly adopting SSL/TLS to curb privacy concerns, but without inspection of encrypted traffic, enterprises run the risk of an attack," said Deepen Desai, Zscaler senior director of security research and operations. "Yet, SSL inspection can cause significant performance degradation on security appliances. A multi-layer defense-in-depth strategy that fully supports SSL/TLS inspection is essential to ensure enterprises are secure."

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021