The use of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption is growing fast, and that’s a good thing for protecting user privacy and business communications. But it’s also a good thing for hackers and cybercriminals—because SSL provides a great hiding place for malware. In fact, 50% of all network attacks will hide in encrypted traffic by 2017, according to Gartner.
Security professionals know about the “SSL blind spot” and most have taken action. They’ve bought tools to inspect SSL-encrypted traffic. They’re using those tools at the critical junctions: at ingress and egress points in the network and near web and cloud gateways. They’ve succeeded in identifying and thwarting attacks. And that has created a new phenomenon in the battle against SSL-borne malware attacks:
New data shows two troubling trends: a massive increase in malware hiding in SSL, coupled with a false sense of security on the part of security professionals. Consider:
- Blue Coat Labs found dramatic increases in malware using SSL in the last two years*.
- 85% of security professionals believe their organizations have this issue covered, according to the 2016 Cyberthreat Defense Report from CyberEdge.
- A large percentage of advanced persistent threats (APTs) that use SSL still go undetected.
The reality is that it’s harder than ever to get a handle on the magnitude of the risk of encrypted traffic traveling through an enterprise. Take a look at this infographic for more details. Then take a second look at how well you’re really equipped to battle SSL-based malware. Because when you’re fighting the SSL blind spot, it’s good to have both eyes wide open.
* To be specific, between January 2014 and September 2015, a little more than 500 samples of malware families were seen to be using SSL each month. In the remaining three months of 2015 this figure soared to nearly 29,000 samples. A similar trend was observed in C&C servers: in Q3 2014, Blue Coat observed approximately 1,000 C&C servers using SSL, shooting up to over 200,000 observed in Q3 2015.
 Gartner, Security Leaders Must Address Threats from Rising SSL Traffic, Jeremy D’Hoinne and Adam Hills. Published: 9 December 2013