A Zscaler research report has shown that 54 percent of threats blocked in its internet security cloud are hidden in SSL traffic, with 600,000 malicious activities per day using SSL.
Today, more than half of the internet traffic is already HTTPS encrypted for the sake of higher security. However, the encrypted traffic is used by cyber-criminals as well to hide their malicious activities from detection.
“Though the introduction of SSL encryption was well-intentioned and used to improve - rather than hinder - our security approaches, the fact that cyber-criminals have now caught up and are using SSL traffic to hide malicious activity, presents a very real threat. In fact, we're starting to see an increase in all types of malicious SSL traffic, from exploit kits and malware and adware distribution to malware callbacks, and we expect this trend to continue,” said Chris Hodson, EMEA CISO at Zscaler.
The increase in legitimate websites that support SSL has also increased the risk of additional SSL-enabled threats like phishing attacks. Yet, even though organisations are using hardware to detect and block these attacks, SSL inspection is not always enabled. Either because the standalone SSL inspection appliances are too expensive to be deployed at every location, or because they disable the feature because the process is compute intensive and they fear its use will add latency and compromise the user experience.
However, as organisations aim to redress the balance and defend against malware families that are increasing their use of SSL based activity, Zscaler recommends that organisations reassess their priorities.
“Now that criminals have the capacity to wreak havoc by hosting malware and injecting code through malvertising, we've reached a tipping point where all traffic must be treated as suspect, with every byte subject to the same scrutiny. There's now no excuse not to prioritise SSL encryption, especially when platforms exist that can scale to meet this demand without adding latency,” added Hodson.
Zscaler monitored traffic on the Zscaler cloud for a six-month period between August 2016 and January 2017.