Study reveals growing ‘visibility void’ with encrypted traffic a potential threat
Increasing use of some of encrypted traffic to bypass network security by 2017
THE growing use of HTTPS encryption to address privacy concerns over the Internet is creating perfect conditions for cybercriminals to hide malware inside encrypted transactions, even reducing the level of sophistication required for malware to avoid detection, according to Blue Coat Systems Inc.
Findings from its 2014 Security Report – The Visibility Void revealed that the growing ‘visibility void’ with encrypted traffic represents a potential threat to local enterprises, the company said in a statement.
Blue Coat country manager for Malaysia Ivan Wen (pic) said that the use of encryption across a wide variety of websites, both business and consumer, is increasing as concerns around personal privacy grow.
Business-essential applications, such as file-storage, search, cloud-based business software and social media, have long-used encryption to protect data in transit.
“In fact, eight of the top 10 most visited websites in Malaysia [see figure below] are encrypted using HTTPS throughout all or portions of their sites,” said Wen.
“For example, technology goliaths Google, Amazon and Facebook have switched to an ‘always on HTTPS’ model to secure all data in transit using SSL encryption.
“However, the lack of visibility into SSL traffic represents a potential vulnerability to many enterprises where benign and hostile uses of SSL are indistinguishable to many security devices,” he added.
Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network. Transport Layer Security (TLS) or Secure Sockets Layer (SSL) are encryption technologies being used to standardise HTTP communications to protect data in transit on the Web or via email.
The visibility void
As a result, encryption enables threats to bypass network security and allows sensitive employee or corporate data to leak from anywhere inside the enterprise. By 2017, more than 50% of the attacks on networks will employ some form of encrypted traffic to bypass security, Blue Coat said.
“Encrypted traffic is becoming more popular with cybercriminals because malware attacks, using encryption as a cloak, do not need to be complex as the malware operators believe the encryption prevents the enterprise from seeing the attack,” Wen said.
“Significant data loss can occur easily as a result of malicious acts by hostile outsiders or disgruntled insiders.
“Moreover, by simply combining short-lived websites (or One-Day Wonders) with encryption and running incoming malware and/ or outgoing data theft over SSL, organisations can be completely blind to the attack, and unable to prevent, detect or respond,” he added.
The growing use of encryption means many businesses today are unable to track the legitimate corporate information entering and leaving their networks, creating a growing blind spot for enterprises.
One example of an unsophisticated malware threat hiding in encrypted traffic is Dyre, a widely distributed, password-stealing trojan originating in the Ukraine. After authorities shut down Zeus, Dyre quickly took its place by simply adding encryption.
“The tug of war between personal privacy and corporate security is leaving the door open for novel malware attacks involving SSL over corporate networks that put everyone’s data at risk,” said Wen.
“For local businesses to secure customer data and meet regulatory and compliance requirements, they need an encrypted traffic management strategy that offers visibility to see the threats hiding in encrypted traffic and the granular control to make sure employee privacy is also maintained,” he added.
HTTPS: The ‘S’ is more than just a letter
Increased security threat from ‘one-day wonder’ websites
More companies using encryption to protect sensitive data
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.