Courtesy : Hack2Secure
Encryption is a valued, supported in maintaining integrity and privacy. It maintains the data safe from the attacker’s eyes. It stops people mugging the app usage habits, passwords, and credit card details. As the advancement in technology continues, the complexity to stay secure also continues to rise. This makes the people encrypt their network with secure standard protocols, SSL/TLS. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols, which enables secure communication over the network.
As per the reports of security experts, most of the organization begins to encrypt their internet traffic.
According to the ESG Report :
Nearly 87 % of the enterprise they measured encrypt at least 25 % of their entire network traffic
Likewise, Zscaler, Inc, the top cloud security enterprise announced
An average of 60 % of the communication over their cloud has been using SSL/TLS
These statements sound that organizations begin to believe that they are halfway to the web safer with SSL/TLS against the cookie stealing, content hijacking, eavesdropping, and censorship.
While this internet security protocol is a boon for the organization who have privacy concerns, their IT teams will need to face a huge traffic influx; since, they can’t look inside the network without decryption technology.
Unfortunately, online attackers are now stepping up their SSL/TLS facility to conceal their malicious activities. This scenario forces the organizations to understand the fact that the increase in the SSL/TLS usage comprises both legitimate as well as malicious happenings, as attacks rely on legal SSL certificate to spread their malicious content.
In addition to the reason of exploiting new vulnerabilities that pave the way to use SSL adoption as the weapon in the enemy’s hand, attackers find a new benefit of using SSL/TLS as it masks and complicate the detection of attack traffic in the application and network level traffic.
According to the Global Application and Network Security Report published by Radware:
In 2016, 39% of the surveyed organization accepted that they have been victimized by the SSL vectors
The following figure illustrates the Radware measure regarding enterprises, which experienced SSL-based attacks.
Radware explained that the SSL based attacks come in several forms:
- Encrypted SSL Floods
- SSL Renegotiation
- HTTPs Floods
- Encrypted Web Application Attacks
In addition, the researchers of Zscaler.Inc states that the cyber criminals are turning to SSL/TLS vulnerabilities to deliver malicious attacks. They revealed that they have blocked approximately 8.4 million SSL/TLS based traffic request per day. Among those requests, they find that 600,000 request comprises advanced threats.
Image Source: Zscaler
They have found that various attack types concealed within the packets of SSL/TSL. Most primary types include malware, adware, exploits kits and malware call-backs.
The other key findings of the researchers on the communication over Zscaler cloud are:
- The malicious content being transferred over the SSL/TLS protocol has expanded in the last 6 months.
- They have blocked around twelve thousand phishing attacks, per day transferred over SSL/TLS
- Among the web exploits that are happening per day, approximately 300 hits include SSL as a portion of infection chain
- New malicious payloads exploiting SSL/TLS for the C&C process
- 60 % were encompassed of various Banking Trojan families
- 25 % were encompassed of ransomware families
- 12 % were encompassed of info-stealer Trojan families
- 3 % were from other assorted families
How It Complicating Detection And Mitigation?
With these findings, there is no doubt that the leveraging of encrypted traffic as an outbreak vector is on the upfront. This rise is further challenging several mandatory solutions for detecting as well as mitigating threats. Most of the organizations don’t include the action of the inspecting SSL/TLS traffic in their security process because it demands decryption of encrypted traffic that challenges the IT team.
Because the SSL and encryption are effective at complicating several attributes, which support determine whether traffic is legitimate or malicious. Most of the cyber-attack solutions failed to identify the malicious traffic from the sources of encrypted traffic and isolating that traffic in order to mitigate them. The decrypting & re-encrypting the SSL/TLS traffic raises the needs of traffic processing and in many cases, requires effort beyond the performance of the devices that are used for mitigating attacks. Most of those devices are stateful, inline and unable to manage SSL encrypted attacks.
A survey of Radware, regarding the capacity of available security solutions for decrypting, inspecting and re-encrypting traffic states that most are functioning blindly. Around 75% of the industry experts doubt their security strategy to offer complete protection against the encrypted attack.
As more and more attacks rely on the SSL/TLS, enterprises require taking the essential steps to ensure that their entire data is protected and the bad traffic is not sneaking past their fortifications.