Once seen as the ultimate protection for data being transmitted over the internet, Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) have become the ultimate playground for cybercriminals to carry out their nefarious acts.
The cryptographic protocol—originally developed in 1994—was designed to help secure communications and give organizations peace of mind about incoming traffic. In recent years, with the ever-increasing concerns over data privacy, there has been a massive trend toward internet properties having encryption by default. This is a great thing for privacy, but it presents a challenge to IT security. Decrypting, inspecting, and re-encrypting traffic is nontrivial, causing significant performance degradation on traditional security appliances, and most organizations are not equipped to inspect encrypted traffic at scale. Bad actors know this, which is why SSL-based threats are on the rise.
Though hackers have found many ways to infiltrate systems and steal data, breaking encryption remains difficult and time-consuming and is, therefore, an inefficient approach. Instead, they have begun to use encryption themselves to serve malicious content, hide malware, and carry out attacks without detection.
For years, the symbol of a lock next to a website’s URL address communicated that the site was secure, but it is no longer any guarantee of safety. Traffic moving through encrypted channels should not be trusted simply by virtue of a digital certificate. In this report, we will discuss our observations on recent trends for encrypted traffic and encrypted threats.