Business Security

The 3 ways encrypted web traffic can wreak havoc for your managed security business

Avast Business Team, 24 June 2020

Part 2: Understanding SSL/TLS encrypted attack vectors

As cloud-based technologies become the tool of choice for today’s global workforces, keeping businesses protected from web-based attacks is a primary challenge for IT service providers.

First, let’s look at how encryption is used to keep web traffic safe. For example, hypertext transfer protocol secure — or HTTPS — uses encryption technologies like transport layer security (TLS), and previously secure socket layer (SSL), to keep Internet users and cloud services safe by securely connecting web browsers and apps to websites. In fact, because HTTPS ensures these connections stay safe, security best practices recommend that any website or web services that require login credentials should be using HTTPS. 

Yet, the issue for any managed service provider (MSP) or managed security service provider (MSSP) that is responsible for securing customers’ web traffic, is that encrypted traffic has become a problematic security issue. That’s because, while HTTPS encryption continues to be a key defense in protecting data traffic on the web — cybercriminals are also using encryption techniques to hide malware and launch malicious attacks.

The reality is, hiding malware in encrypted web traffic is an easy way for attackers to undermine vulnerable websites.  And as small and mid-size businesses (SMBs) adapt, and even find productivity benefits from cloud-based services and the current work-from-home experiment, the volume of malicious, encrypted web traffic is growing. Worse, it’s becoming more difficult for traditional security measures to detect and protect against these new techniques and attacks.

In our What’s Hiding in SSL/TLS Traffic? white paper, we examine the rise in encrypted attacks, the attack vectors and techniques, and best practices for MSPs and MSSPs to protect customers against these threats from encrypted traffic.

Web attack techniques that leverage encrypted malware

As SMBs and their employees turn up the dial on digital innovation, cybercriminals are in lock step with this workforce shift and focused on encrypted website attacks.

One look at recent data and it’s easy to see the growing trend — Gartner estimates that 60% of cyberattacks in 2019 leveraged encryption. Just five years ago, only 50% of Internet traffic was encrypted. Today, it’s well over 80%.

What malicious techniques are coming between your cloud-enabled customers and the security programs you have in place? How will this impact your service to customers? And what are the ways cybercriminals are staging these encrypted attacks?

Here are just a few techniques used in encrypted web attacks:

  • Watering hole attacks: Watering hole, or strategic website compromise attacks, target a specific group of users that often visit a common, popular website, and infect the website with malware. Named for predators in the natural world that wait for an opportunity to attack prey near watering holes, cybercriminals lure their victims with phishing emails that direct them to malware-laced sections of the website. Last year, Google discovered a watering hole attack that leveraged an iOS exploit in a number of hacked websites to attack iOS devices that visited these sites. And worse, these exploited websites had been targeting and hacking website visitors for a few years.
  • File-less malware distribution: Instead of using malicious software or downloadable executables, file-less malware can be disguised as legitimate-looking websites with malware that’s actually hidden in memory — written directly to random access memory (RAM). It doesn’t leave a footprint and is difficult to detect. In December 2019, a Mac operating system trojan was discovered hiding behind a fake crypto-trading platform, executing remote code in memory. The installer was hosted on a website called “unioncrtpto.vip," designed to look like a legitimate website and claiming it was “a smart cryptocurrency arbitrage trading platform.”  More bad news?  These types of file-less encrypted web attacks cannot be detected using traditional security solutions.
  • Remote Access Trojans (RATs): Another type of malware, RATs, can open access points to user computers, creating back doors to their systems. The back doors provide hackers with remote access to user systems whenever attackers want access. RATS have been linked to online banking fraud with the ability to neutralize device recognition and other protections, fooling existing fraud detection solutions and leaving banks vulnerable to remote access attacks.

Understanding the attack vectors, creating a smart defense

While encrypted web attacks are an unfortunate outcome of our digital progress, awareness of the attack vectors and techniques will help you identify responsive security methods for a modern defense.

For additional insight on best practices for protection against encrypted SSL/TLS attacks and tips for maximizing cloud-based security strategies, please download our white paper, What’s Hiding in SSL/TLS Traffic?