Part 2: Understanding SSL/TLS encrypted attack vectors
As cloud-based technologies become the tool of choice for today’s global workforces, keeping businesses protected from web-based attacks is a primary challenge for IT service providers.
First, let’s look at how encryption is used to keep web traffic safe. For example, hypertext transfer protocol secure — or HTTPS — uses encryption technologies like transport layer security (TLS), and previously secure socket layer (SSL), to keep Internet users and cloud services safe by securely connecting web browsers and apps to websites. In fact, because HTTPS ensures these connections stay safe, security best practices recommend that any website or web services that require login credentials should be using HTTPS.
Yet, the issue for any managed service provider (MSP) or managed security service provider (MSSP) that is responsible for securing customers’ web traffic, is that encrypted traffic has become a problematic security issue. That’s because, while HTTPS encryption continues to be a key defense in protecting data traffic on the web — cybercriminals are also using encryption techniques to hide malware and launch malicious attacks.
The reality is, hiding malware in encrypted web traffic is an easy way for attackers to undermine vulnerable websites. And as small and mid-size businesses (SMBs) adapt, and even find productivity benefits from cloud-based services and the current work-from-home experiment, the volume of malicious, encrypted web traffic is growing. Worse, it’s becoming more difficult for traditional security measures to detect and protect against these new techniques and attacks.
In our What’s Hiding in SSL/TLS Traffic? white paper, we examine the rise in encrypted attacks, the attack vectors and techniques, and best practices for MSPs and MSSPs to protect customers against these threats from encrypted traffic.
As SMBs and their employees turn up the dial on digital innovation, cybercriminals are in lock step with this workforce shift and focused on encrypted website attacks.
One look at recent data and it’s easy to see the growing trend — Gartner estimates that 60% of cyberattacks in 2019 leveraged encryption. Just five years ago, only 50% of Internet traffic was encrypted. Today, it’s well over 80%.
What malicious techniques are coming between your cloud-enabled customers and the security programs you have in place? How will this impact your service to customers? And what are the ways cybercriminals are staging these encrypted attacks?
Here are just a few techniques used in encrypted web attacks:
Understanding the attack vectors, creating a smart defense
While encrypted web attacks are an unfortunate outcome of our digital progress, awareness of the attack vectors and techniques will help you identify responsive security methods for a modern defense.
For additional insight on best practices for protection against encrypted SSL/TLS attacks and tips for maximizing cloud-based security strategies, please download our white paper, What’s Hiding in SSL/TLS Traffic?
The new Avast Cybersecurity Basics Training Quiz provides training on Data Security, Identity Management, and Social Media Security
How SMBs can effectively protect their networks from cyberthreats – without breaking their security budgets