If every exchange or communication of data on the web was encrypted, would it make our virtual world a more secure place in Australia? A report by PwC found Australia had the highest number of cyber security incidents in the previous 12 months amounting to 9434, more than double the previous year.
As the global traffic surpasses the one zettabyte mark by the end of 2016, it represents a rapid, global surge in Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption of websites, which until recently, was a security measure reserved largely for financial institutions and online checkout processes.
According to the 2016 Dell Security Annual Threat Report, in the fourth quarter of 2015, around 65 percent of total web connections worldwide were SSL/TLS encrypted. That means that every time a website is accessed, there’s a good chance SSL/TLS is being used. Overall, this is a positive trend that should create safer web interactions. Below the surface however, lurks a hidden threat that might take both you and your firewall by surprise.
The Darker Side of Encryption
Exactly a year ago, attackers used an advertisement on Yahoo to redirect users to a site infected by the Angler exploit kit. Just weeks before, users were exposed to more malicious software through compromised advertisements that showed up across the web. In total, at least 910 million users were potentially exposed to malware through these attacks. The common thread? The malware was hidden from firewalls by SSL/TLS encryption.
When victims don’t have the right protection measures in place, attackers can cipher command and control communications and malicious code to evade intrusion prevention systems (IPS) and anti-malware inspection systems. In effect, the SSL/TLS encryption serves as a tunnel to hide malware as it can pass through firewalls and into organisations’ networks undetected if the right safeguards aren’t in place. As SSL/TLS usage grows, the appeal of this threat vector for hackers too increases.
Protecting Against Encrypted Attacks
Companies can stop SSL/TLS attacks, however most don’t have their existing security features properly enabled to do so. Legacy network security solutions typically don’t have the features needed to inspect SSL/TLS-encrypted traffic. The ones that do, often suffer from such extreme performance issues when inspecting traffic, that most companies with legacy solutions abandon SSL/TLS inspection.
However, with an updated infrastructure with next-generation firewalls (NGFW) in place, incorporating Deep Packet Inspection technology on a multi-core architecture that scales out as needed to meet performance or resiliency requirements, companies can perform this inspection without reducing performance beyond a reasonable threshold. In this case, IT teams simply need to activate the SSL/TLS inspection capability, but if they aren’t aware of the threat, they typically don’t.
It is possible for organisations to enjoy the security benefits of SSL/TLS encryption without providing a tunnel for attackers. Just follow these steps:
1. If you haven’t conducted a security audit recently, undertake a comprehensive risk analysis to identify your risks and needs.
2. Upgrade to a capable, extensible NGFW with integrated IPS and SSL-inspection design that can scale performance to support future growth.
3. Update security policies to defend against a broader field array of threat vectors and establish multiple security defense methods to respond to both HTTP and HTTPS attacks.
4. Train staff continually to be aware of the danger of social media, social engineering, suspicious websites and downloads, and various spam and phishing scams.
5. Inform users never to accept a self-signed, non-valid certificate.
6. Make sure all software is up-to-date. This will keep you protected from older SSL exploits that have already been neutralised.
The growth of SSL/TLS encryption can and will be a positive security trend for the global community, but it will remain a mixed bag until companies recognise and address the risks. By investing in updated solutions and enabling SSL/TLS inspection, you can have the best of security and performance at the same time.