Cloud Security Company ZScalar had warned all internet users that cybercriminals are using SSL Encryption and Free Certificates to launch malware attacks. Researchers from San Jose based security firm have confirmed that the Secure Socket Layer (SSL) encryption which is meant to protect users from cyber attacks is, in fact, helping the cyber crooks in spreading malware.
The distribution of malware payloads was found by ZScalar in its sandbox last year out of which many leveraged SSL/TLS for communications with their command & control server activity.
“The SSL encryptions are nowadays acting as means to launch cyber attacks and free certificates are being used by cyber crooks to disguise themselves from being detected by AV engines”, said Deepan Desai, the security director of Research and Security Operations, ZScalar.
Desai added that his cloud security platform is known to block over 800,000 SSL encrypted transactions on a daily note, a 30% increase since the first half of 2017.
According to Scott Wilson, the head researcher at ZScalar, attackers are using SSL channels to launch malvertsing campaigns, to deliver phishing pages, and diverting the victims to malicious websites. They are said to be doing it with the help of Command and Control Communication Protocol.
ZScalar carried out its study on 6700 arbitrary SSL transactions to understand how attackers were using Security certificates. It detected that most of the attacks were done through valid websites with compromised certificates, and in some cases, the malicious content was passed on with the help of free certificates.
According to the ZScalar report, businesses nowadays are failing to inspect SSL Traffic as they assume it to free from malware as it comes from the trusted source. This sheer ignorance is creating a blind spot for cyber defense, as free certificates are proving carriers of malicious content.
The malware which was detected in the study includes bank Trojans (60%), Ransomware(25%), Infostealer Trojans(12%) and others(3%).
Deepan Desai concluded that SSL inspection can result in performance degradation of security appliances. And to get a control over the situation, a multi-layer defense in depth strategy that fully supports SSL/TLS inspection is needed to up the security quotient of enterprises.
