Recent research from Blue Coat revealed the increasing use of encryption used to address privacy concerns is creating perfect conditions for cyber criminals to hide malware inside encrypted transactions, and is even reducing the level of sophistication previously required by malware to avoid detection.
According to the Blue Coat research, the use of encryption across a wide variety of Web sites - both business and consumer - is increasing as concerns around personal privacy continue to grow. In fact, in support of this, eight of the top 10 global Web sites as ranked by analytics firm Alexa, deploy SSL encryption technology throughout all or portions of their sites. For example, technology giants Google, Amazon and Facebook have switched to an always-on HTTPS model to secure all data in transit using SSL encryption.
Furthermore, the research highlights that business essential applications using encryption to protect data-in-transit is not a new tactic, but the increasing volume of and lack of visibility into SSL traffic, represents a potential vulnerability in many enterprises where benign and hostile uses of SSL are indistinguishable to many devices.
As a result, encryption can enables threats to bypass network security and allow sensitive employee or corporate data to leak from anywhere inside the enterprise. In a typical seven-day period, Blue Coat Labs receives over 100 000 requests from customers for security information about sites using HTTPS encryption protocol for command and control of malware.
The "Blue Coat 2014 Security Report - The Visibility Void" explains that encrypted traffic is becoming more popular with cyber criminals for three main reasons. The first is that malware attacks, using encryption as a cloak do not need to be complex because the malware operators believe the encryption prevents the enterprise from seeing the attack.
In addition, this significant data loss can occur as a result of malicious acts by hostile outsiders or disgruntled insiders, who can easily transmit sensitive information. Lastly, by simply combining short-lived Web sites - known as "one-day wonders" - with encryption and running incoming malware and/or outgoing data theft over SSL, organisations can be completely blind to the attack, and unable to prevent, detect or respond to said attack.
The growing use of encryption means many businesses are unable to track legitimate corporate information entering and leaving their networks, creating a growing blind spot for enterprises.
One example of an unsophisticated malware threat hiding in encrypted traffic is Dyre, a widely distributed, password-stealing Trojan originating in the Ukraine. After authorities shut down Zeus, one of the most successful Trojan horse malwares, Dyre quickly took its place by simply adding encryption. Today, Dyre exploits human behaviour to target some of the world's largest enterprises to compromise accounts that can expose social security numbers, bank account information, protected health information, intellectual property and much more.
This tug of war between personal privacy and corporate security is leaving the door open for novel malware attacks involving SSL over corporate networks that put everyone's data at risk. For businesses to secure customer data and meet regulatory and compliance requirements, they need the visibility to see the threats hiding in encrypted traffic and the granular control to make sure employee privacy is also maintained.
Corporate security demands must be balanced with privacy policies and applicable compliance requirements. Because corporate policies and applicable compliance regulations can vary geographically per organisation and per industry basis, businesses need flexible, configurable, customisable and targeted decryption capabilities to meet their unique business needs.
To help enterprises comply with their policy and compliance requirements while still combating threats hiding in encrypted traffic, Blue Coat has developed a list in the "Visibility Report" of key factors that IT security departments should consider when framing the issue within their organisation.
Share