Attacks Abusing SSL Encryption on the Rise
SSL encryption is seen as one of the most notable defenses against cyber-crime. Website owners all over the world today go for SSL encryption as a means of protecting their websites against hacking and all kinds of cyber-crime. They do so because SSL encryption would safeguard all data transmitted through their websites, including sensitive personal data of their clients/customers (like credit card data, bank account data etc).
Anyhow, recent studies reveal that SSL encryption is now being made use of hackers too; they use it as cover, to evade detection. Studies reveal that more than 40% of hacking attacks now abuse SSL encryption.
A new study that has been done by A10 Networks and the Ponemon Institute surveyed 1,023 IT and IT security practitioners in North America and EMEA who are involved in preventing and/or detecting Web-based attacks. The study focused on evaluating the “understandings of threat actor behavior changes, abilities to defend attacks hiding in SSL traffic, barriers for implementing needed decryption controls and critical features for solution selection”. The study report says- “Of all the respondents who disclosed they were victims of a cyber attack in the preceding 12 months, nearly half claimed the attack leveraged SSL traffic to evade detection. Another 15 percent were unsure.” The study report also says- “The majority of respondents also agree that SSL decryption and inspection is either “essential” or “very important” to the performance and security of their business.”
There are some highlights of the survey that are worth noting. These are-
- Encryption of inbound and outbound Web traffic will continue to increase.
- Use of SSL encryption to mask malicious activity will parallel this growth.
- Half of all known cyberattacks used SSL encryption to evade detection in the last 12 months.
- Most (respondents in the survey) don’t believe their organization can properly inspect SSL traffic.
- The inability to inspect encrypted traffic will compromise capacity to meet existing and future compliance requirements.
- Three common barriers to implementing proper SSL inspection are a lack of security tools, insufficient resources and performance degradation.
- SSL bandwidth requirements diminish the effectiveness of existing security controls.
The survey covered 14 primary industries. Almost half of respondents of the survey (49 percent) were from financial services, health and pharmaceuticals, general services and the public sector.
The study also lists the five notable attacks that are masked in SSL encryption. These are- outbound port abuse (an attack hiding in “normal” port 443 traffic), Phishing, internal hide and seek (attack using malware that hides outbound data like passwords, credentials etc within encrypted traffic), phoning home and cookie theft (stealing cookies to highjack sessions, change user settings, poison cookies, etc.).
Thus it becomes imperative for companies to ensure security measures that would keep them safe from hacking done by abusing SSL encryption.