How TLS is used in attacks?
A lot of cyber criminals have been using TLS channels as a part of full attack cycle. They use it for delivering exploits or payloads to pointing a lot of victims to phishing pages or compromised sites to bid a fake authenticity. However, a lot of malware families are also using TLS based commands and controls. This helps them to reduce the defense interference when the attackers are looking to leak confidential data or encrypted files while using TLS connections in the ex-filtration stage. This whole process is again done to reduce the visibility and the possibility of disruption. Although, cyber attackers have still managed to hide such big attacks with the successful use of TLS. Hence, the larger question is that how are attackers able to manipulate the malware through TLS. Well, the major reason behind this is that companies do not inspect or track the traffic they get through TLS and SSL certifications. They automatically assume that they are getting the traffic through trusted sources. At the same time, it is very easy to obtain TLS/SSL certifications. Hence, this is a blind spot for a lot of CISOs and their teams. Many attackers are continuously looking to leverage TSLS for full delivery. There are various methods through which it is possible to use these digital certifications to bypass the traditional detection methods which fail to inspect the certificate ion values. The TSLS/SSL attacks are increasing with every passing day. Hence, it is important for CISO teams to find something reliable and valuable.How HTTPS is used in attacks?
It is quickly becoming the standard choice for safe web browsing. However, the recent Google transparency report showed that 80% of pages loaded in Chrome in the last two months had HTTPS. In fact, the search engine itself has also penalized publishers using HTTP. Although, the problem with this is that cyber criminals are now creating attacks that rely on TSLS to bypass corporate protections and infiltrate networks that are undetected. Though HTTPS uses TLS , still we look at HTTP separately . Hackers themselves are using HTTPS encryption to cover their tracks to get past firewalls. In the process, they are sandboxing technologies and behavior analytics tool as well. So, this is a very easy way to get malware on to the network without even giving a hint or ringing any alarm bells. This is happening because the defensive measures that were once effective are no more relevant. Anti-malware solution, firewalls and IDS tools is known for allowing the HTTPS traffic straight through, in spite of collaborating with modern bypass sandboxing technologies and behavioral analytics. The attack problem persists because even these technologies are not configured to detect or even neutralize HTTPS attacks.Conclusion
Hence, businesses need to maintain a tight watch over the digital keys and cryptographic certificates that power encryption. It is equally important to inspect and decrypt traffic on a regular basis to detect or stop any kind of attack before it uses the encrypted systems as a leverage.
Contact for expert Advise
We at SNS have experienced Cyber Security Experts to help Design , Implement and Support affordable Cyber Security solutions to protect our customers of all sizes.
Write to us as [email protected]