Encryption increasingly used to hide attacks, says new report

HTTPS isn't just for the good guys
HTTPS isn't just for the good guys

Encryption is getting more popular, for legitimate users as much as cyber-criminals, according to Dell's most recent annual threat report.

The report's findings were gathered from its Global Response Intelligence Defence, or GRID, which collates data from one million security sensors around the world as well as a host of other sources.

SSL and TLS certificates, the means by which software is authenticated as trustworthy, has never been more popular - 50 percent of web traffic is encrypted with these certificates as HTTPS. However, hiding among that responsibly encrypted morass of traffic are plenty of malicious actors.

The report notes that in the last quarter of 2015, HTTPS connections made up 64 percent of of web connections, well outpacing last year's numbers, meaning more traffic than ever is being hidden from prying eyes. 

However, the report notes, “Attackers took full advantage of this lack of visibility.” Attacks performed under cover of HTTPS encryption, said the report, “can be extremely effective, simply because most companies do not have the right infrastructure to detect them. Legacy network security solutions typically either don't have the ability to inspect SSL/TLS-encrypted traffic or their performance is so low that they become unusable when conducting the inspection.”

Examples of such attacks include malvertising campaigns which seemed especially popular last year and were deployed through many legitimate websites like national newspapers and Yahoo.

The attack on Yahoo exposed an estimated 900 million users to malware. Using the infamous and easily available Angler Exploit Kit, attackers forced an ad on Yahoo to redirect visitors to a site infected with malware.

Jérôme Segura, senior security researcher at Malwarebytes, spoke to SCMagazineUK.com to comment on this finding: "The use of SSL is one of several factors that makes malvertising attacks much harder to detect and there is a correlation between its more widespread use and the number of incidents we have observed. Indeed, we started seeing an increasing number of rogue advertisers leveraging SSL in the second half of 2015. By encrypting the ad call URL and its content, threat actors are effectively able to bypass network based detection systems and infect endpoints in the stealthiest of ways."

Josh Aas, co-founder of Let's Encrypt, the organisation that offers free encryption, told SC, “Most good technology also helps bad actors in some way. Malvertisers use server software, ISPs and ad networks to do what they do. They can also use Let's Encrypt, though it's a small and not particularly interesting part of their strategies.” 

Aas added, “It would be impossible for us to effectively police the web for this kind of thing”.

Other findings of the report include a massive growth in Android malware, which continues to constitute the overwhelming global majority of smartphone operating systems. Gartner estimates that Android takes up 85 percent of the world's smartphones, providing a massive attack surface for the bad guys.