Malicious SSL Traffic Doubles, So Do We Really Need SSL Certificates?
Studies point out that malicious SSL traffic is on the rise; ie, the volume of malicious content that’s transmitted in an encrypted manner via SSL/TLS has increased considerably. Well, that brings us face to face with a question: Do we really need SSL certificates?
Well, before giving an answer, let’s probe a bit more into what the study results are…
Zscaler, the security firm that provides cloud-based security to organizations, has revealed that in the last six months, the volume of malicious content being delivered over SSL/TLS has more than doubled. It says that the use of SSL/TLS encryption to deliver malicious content has increased along with the increase in the use of SSL/TLS encryption.
Deepen Desai, senior director of security research and operations at Zscaler, stated in a blog post – “Whether you call it SSL, TLS, or HTTPS, you’re talking about what has become the single greatest means for harboring the transmission of malware: encryption.” He also says- “While encryption is effective for protecting data, it also is effective for hiding malicious payloads. During 2017, an average of 60 percent of the threats detected in the Zscaler global cloud had been encrypted with SSL/TLS, and we’ve been blocking an average of 600,000 encrypted malicious activities every day. In the last six months, we’ve observed that encrypted malicious content has more than doubled.”
The study by the security firm says that of the malicious SSL traffic detected, 60 percent happen to be banking Trojans, like Dridex, Zbot, Vawtrak and Trickbot. Ransomware families account for about 25 percent and 12 percent of the payloads are from infostealer Trojan families and remaining 3 percent come from other malware families.
Security firm Venafi, in a detailed study, published in December 2016, said that 90 percent of CIOs “…have already been attacked or expect to be by bad guys hiding in encryption”. The study report says- “By using unprotected keys and certificates bad guys are able to use encrypted traffic to disguise their actions.”
Well, why and how does this happen despite SSL/TLS being considered one of the most effective of security solutions? Infosecurity Magazine seems to have an answer to this question- “The problem lies with the explosive growth in SSL, driven by the web and IoT, which means many organisations can’t keep track of how many certs and keys they own. This means many are left unsecured and managed manually, allowing attackers to sneak in and use them for their own ends.”
So, let’s come back to the question- So, do we really need SSL certificates?
Our answer would be in the affirmative, a very LOUD and emphatic “YES!!!”
We believe, that despite all these findings and inferences, using SSL technology is one of the best methods to combat online threats, attacks and data breaches.
Julia Sowells165 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.