The latest “ThreatLabz: The State of Encrypted Attacks,” 2021 report has shown a 300 per cent increase in online attackers using HTTPS to cloak their activities and blend in with other traffic.
HTTPS, the encrypted version of the Hypertext Transfer Protocol (HTTP), enables secure communication over a computer network, using Transport Layer Security (formerly, Secure Sockets Layer). HTTPS is particularly important for protecting the kind of personal data that’s submitted in online activities like shopping, banking, and remote work.
The ThreatLabz report showed that threats inside encrypted traffic have increased 314 per cent as online attackers choose HTTPS to cloak their activities.
Cybercriminals can use HTTPS to hide threats like malware from web security tools that don’t fully inspect encrypted traffic.
The rise of this type of attack has been driven by factors such as:
– Google making it known that the presence of HTTPS is an important consideration for search-results rankings, and Chrome and Firefox showing warnings about sites without HHTPS, thereby fuelling a general belief that HTTPS is totally safe.
– Attackers (as well as legitimate businesses) can now enable and auto-renew HTTPS for their sites, regardless of whether the content is suspect.
– New types of malware are now being shared behind a lock symbol.
Types of Attack
The types of attack that criminals are using HTTPS to hide include:
– Malware (including ransomware). This type of attack has grown by 212 percent and nine out of ten attacks via HTTP(S) involved malware. Spyware has also shown a 435 per cent increase.
– Phishing has grown by 90 per cent on last year and is being driven by attacks launched through legitimate services. For example, Microsoft 365 was the most common attack vector for phishers.
– Web applications like credential stuffing. For example, the ThreatLabz report shows that attackers interacted with almost 70 per cent of HTTPS-based web-facing applications.
Who Was Attacked The Most?
The report showed that technology companies were attacked the most using HTTPS cloaking (a 2,344 per cent rise) followed by retail and wholesale companies which saw an 841 percent increase in this type of stealth attack. Increased scrutiny by law enforcement on healthcare companies/organisations and government (which have been heavily targeted before) appears to be the reason for a decrease in the numbers of HTTPS-based attacks on these targets.
What To Do?
Ways that businesses can protect themselves against cybercriminals hiding attacks using HTTPs include:
– Not assuming that SSL traffic is automatically secure traffic – the padlock icon of HTTPS does not guarantee security.
– Start from a position of zero trust, where there is no lateral movement, apps are invisible to attackers, and authorised users directly can only access needed resources, not the entire network.
– If possible, use AI-driven quarantine rather than firewall-based passthrough approaches.
– Use a proxy-based architecture and cloud-native performance to decrypt detect and prevent threats from SSL traffic.
– Make sure all company network users have the same high level of security at all times, at all locations (e.g., when working remotely or even when on the go). All traffic on and off-premises needs to be inspected to stop encrypted threats.
What Does This Mean For Your Business?
Even though HTTPS has been designed to provide a valuable layer of encryption, it has also become relatively easy for cybercriminals to create websites with the HTTPS distinction. Also, cybercriminals have been helped by an assumption that HTTPS and a padlock must mean that everything is secure, and by web security tools which don’t fully inspect and check encrypted traffic, on and off-premises. Businesses should not assume the HTTPS is totally secure and one of the key ways that many businesses are now protecting themselves from a wide range of threats, including HTTPS-based attacks, is to adopt a Zero Trust approach to IT Security where the approach is “never trust, always verify.”