State of Encrypted Traffic – New Cyber Attacks Spreading via Use of Encryption
The earliest schemes of cryptography, such as substituting one symbol or character for another or changing the order of characters instead of changing the characters themselves, began thousands of years ago. Since then, various encoding and decoding systems were developed, based on more complex versions of these techniques, for the fundamental purpose of securing messages sent and received in written or electronic forms for all sorts of real world applications. Although the progress we have made in modern cryptography has its advantages, we are seeing that it creates many security risks too dangerous to be ignored. This blog reviews what this means to your organization and helps your security teams stay alert and be ready for the new threats and attack vectors that spread from the criminal use of encryptions.
The momentum in information and communication technology innovations have significantly changed the way we function in both the public and private sectors. How we store, share, communicate and transact information over the web, for personal use, for work or to run businesses, agencies and institutions, require that we adopt strong information security in everything that we do digitally. As the result, the majority of today’s web traffic are encrypted using the latest Transport Layer Security (TLS), formerly known as Secure Socket Layer (SSL), encryption protocol to establish a private connection between two computer networks for securing data transmission and web traffic and interactions.
According to the Google Transparency Report, encrypted connections, displayed as HTTPS on the browser address bar, account for approximately 87 percent (Figure 1) of web requests sent to Google’s data centers from around the world, as of June 17, 2017. Moreover, the report reveals that Windows, Mac, Linux and Chrome users spend more than three-quarter of their time on HTTPS pages (Figure 2). With these facts, we can reasonably generalize that the majority of the web traffic traversing our networks are encrypted today.
Figure 1: Percentage of page requests that used encrypted connections
Figure 2: Percentage of browsing time spent on HTTPS websites
Now imagine from a security standpoint, what is the likely scenario if your network security such as a firewall or intrusion detection/prevention system (IDS/IPS) is not examining the encrypted traffic? Obviously, the security system would have zero visibility of any malicious activities. Therefore, attacks carried out inside the encrypted session will go unnoticed and likely lead to a data breach event. This method of attack is among the top security issue facing many organizations right now. A recent survey1 of over 1000 security professionals from various industries in North America and Europe conducted by the Ponemon Institute on behalf of A10 Networks reveals:
- Of eighty percent of respondents who were victims of cyber-attacks, forty-one percent of those attacks hid in SSL encrypted traffic to evade detection.
- Only one-third of respondents believe their organization can properly decrypt and inspect SSL encrypted traffic, even though an overwhelming 89 percent of them agree it is an essential procedure required for the performance and safety of their business.
- Use of SSL encryption to mask malicious activity will parallel the growth of encryption of inbound and outbound web traffic.
So what must you do to address the security risks associated with encrypted threats? Watch the informative webcast, “Defeat Encrypted Threats,” presented by a SonicWall Security Solution Engineer, to learn how you can defeat it. This presentation provides detail analysis of the latest trends and tactics of the cyber threat landscape as seen from the eyes of a practicing security professional. Once you have seen what your adversaries have been up to today, you will receive a crash course in security policy management and network security architecture design that will help prevent the breach of tomorrow.
1 2016 Ponemon Study, Uncovering Hidden Threats within Encrypted Traffic