Expert Comments

Malicious Use Of SSL Increases As Attackers Deploy Hidden Attacks

Expert(s): Security Experts
Expert(s): Security Experts

New research by Zscaler, analyzing 6.6 billion security threats, has discovered a 260% increase in attacks during the first nine months of 2020. Among the encrypted attacks was an increase of the amount of ransomware by 500%, with the most prominent variants being FileCrypt/FileCoder, followed by Sodinokibi, Maze and Ryuk.

Experts Comments

Dot Your Expert Comments
Niamh Muldoon
November 11, 2020
Senior Director of Trust and Security EMEA
OneLogin

Other security controls and alerts would highlight this as malicious activity for investigation.
I agree that using security controls such as SSL cert to secure communications and links could support masking the threat and attack vector and this is why in-depth control frameworks are so important; Other security controls and alerts would highlight this as malicious activity for investigation. An identity and access management platform that accesses risk control from both an authentication and authorization perspective would support identifying these malicious attack attempts as risk.....Read More
I agree that using security controls such as SSL cert to secure communications and links could support masking the threat and attack vector and this is why in-depth control frameworks are so important; Other security controls and alerts would highlight this as malicious activity for investigation. An identity and access management platform that accesses risk control from both an authentication and authorization perspective would support identifying these malicious attack attempts as risk factors would change and reduce the associated risks. For any cybersecurity team to be successful they must have security monitoring, alerting technologies and tooling throughout their organisation’s architecture so they can identify a threat and respond accordingly to reduce business impacts and consequences, up to and including preventing a data breach. In a cybersecurity protection role this too can include the ability to monitor encrypted communication channels. There are no privacy implications here; The definition of privacy is the permitted access to data to carry out the business requirements, and in this case access is granted to review communication channels and identify the cybersecurity threat contained within the encrypted channel. That being said, if the security team have been involved in the design and architecture of the network/communication channels using encryption, they will be implemented in a way that they can identify authentication communications to unauthorized users, along with the ability to monitor a specific communication should they need to.  Read Less
Jamie Akhtar
November 11, 2020
CEO and Co-founder
CyberSmart

It’s a clever trick as malicious acts are masked behind a symbol universally recognised to mean ‘secure’ and ’safe’.
For most organisations, particularly SMEs with little to no resources or knowledge dedicated to cybersecurity, determining the safety of a site comes down to whether or not it has padlock symbol in the search bar. Unfortunately, while tools such as this are primarily employed to ensure privacy and data integrity, it can also be manipulated for nefarious uses. Indeed, it’s a clever trick as malicious acts are masked behind a symbol universally recognised to mean ‘secure’ and ’safe’......Read More
For most organisations, particularly SMEs with little to no resources or knowledge dedicated to cybersecurity, determining the safety of a site comes down to whether or not it has padlock symbol in the search bar. Unfortunately, while tools such as this are primarily employed to ensure privacy and data integrity, it can also be manipulated for nefarious uses. Indeed, it’s a clever trick as malicious acts are masked behind a symbol universally recognised to mean ‘secure’ and ’safe’. Organisations would benefit from deploying security defences that analyse the legitimacy of connections.  Read Less
Oleg Kolesnikov
November 11, 2020
VP of threat research
Securonix

SSL/TLS inspection/termination alone is often not sufficient.
Having more visibility into the SSL/TLS traffic definitely is one of the key elements needed to detect modern attacks. However, SSL/TLS inspection/termination alone is often not sufficient. To illustrate, even with SSL/TLS inspection in place, malicious threat actors (MTA) often implement additional layers of encryption and obfuscation on top of SSL/TLS and are also often leveraging legitimate sites, such as githubusercontent, cloud drives, and others, to \"reflect\"/host malicious stager.....Read More
Having more visibility into the SSL/TLS traffic definitely is one of the key elements needed to detect modern attacks. However, SSL/TLS inspection/termination alone is often not sufficient. To illustrate, even with SSL/TLS inspection in place, malicious threat actors (MTA) often implement additional layers of encryption and obfuscation on top of SSL/TLS and are also often leveraging legitimate sites, such as githubusercontent, cloud drives, and others, to \"reflect\"/host malicious stager payloads. One example is Trickbot/Powertrick MTA where we\'ve been seeing attackers download post-attack powershell stagers from SSL/TLS sites. For this reason, in addition to SSL/TLS inspection and termination, it\'s important to be able to monitor SSL/TLS activity in context of some of the other activity that happens in your environment from a variety of log/data sources and be able to correlate behaviours across different log/data sources effectively, especially when it comes to cloud collaboration apps.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords