Malware attacks rocket, while SSL holds traffic keys

Read Time: 2 min.

Growth in SSL having considerable impact on attacker strategies, as malware charts considerable rise.

The greatest threat to enterprise in 2018 will be cyber attacks, according to a new report, which also charts massive rises in malware, vulnerabilities and SSL.

An 18.4 per cent year on year increase in the number of malware attacks last year takes the total to 9.32 billion, while the number of new Common Vulnerabilities and Exposures (CVEs) totalled 14,500 - a massive increase of 101.2 per cent.

The annual SonicWall ‘Cyber Threat Report’ found that ransomware attacks have in fact dropped over the last two years, down to 184m from 645m, in spite of rising awareness and media coverage of the larger incidents.

Globally, America bore the brunt of attacks, with almost half (46 per cent) of total incidents occurring there in 2017. European regions are not far behind, however, with a 37 per cent share of attacks.

In line with wider industry trends, SonicWall found that attackers are increasingly leveraging encryption technologies, with an average of 4.2 per cent of all file-based malware propagation attempts using SSL/TLS encryption. The data from each appliance showed 60 file-based malware propagation attempts per firewall each day. Without the ability to inspect encrypted traffic, the average organization would have missed over 900 attacks per year.

The stats echo a separate report from just weeks ago, which flagged a 30 percent rise in SSL encrypted advanced threats in just the last six months. According to Zscaler's ThreatLabZ's bi-annual Secure Sockets Layer (SSL) trends report an average of 800,000 SSL encrypted transactions per day are being blocked currently, compared to 600,000 threats daily in the first half of 2017.

SSL has been pushed energetically by companies including Google, which noted that the percentage of pages loaded over HTTPS in Chrome in the US was nearly 80 percent in December, while on 1 December 2017, Mozilla reported that 66.5 percent of all pages loaded on Firefox were using HTTPS.

However, adoption of SSL is not in any way a security panacea, and indeed without correct configuration can be highly ineffective. A recent example being the claim by a security researcher that international airline Emirates had not implemented https correctly across all subdomains, potentially exposing customer data.

Ilia Kolochenko, CEO, High-Tech Bridge commented on the wider implications - and pitfalls - in HTTPS deployment and configuration: “Similar allegations can unfortunately be imputed to the majority of airlines companies. Per se, data sharing with third parties can be perfectly legitimate, lawful and ethical. However, in this case we are likely dealing with some privacy weaknesses when the data is shared without the explicit consent of users with an opaque circle of [authorized] third-parties. Many large companies, and even financial institutions, have similar problems: data sharing with partners may be crucial both for business and customers, however maintaining a comprehensive and up2date list of data exchange, transfer, storage and processing is time consuming. Consequently, many third-parties have excessive access to personal data or store it longer that required. In worse cases, unauthorized third-parties will obtain the data by accident or negligence.

“Sending sensitive information over unencrypted HTTP protocol is, however, at the very least negligent and can put customers at risk. Interception of HTTP data usually requires additional conditions, such as attacker’s access to the wireless networks of a victim, and thus are much less critical than, for example, SQL injection vulnerabilities. Nonetheless, these risks are material: some cybercrime gangs compromise and backdoor public Wi-Fi routers to intercept plaintext passwords and other sensitive data.

However, many businesses still believe that HTTPS hardening is applicable only to their www website and forget about all other services. This is due to the long-standing problem of incomplete inventory of digital assets.”

Testing the Emirates domain with High-Tech Bridge’s free SSL checker finds that the site has a number of SSL issues, including that “The server supports cipher suites that are not approved by PCI DSS requirements, NIST guidelines and HIPAA guidance.”

However, the same test on Southwest Airlines reveals a far worse picture, while UK airline BA.com also comes in for criticism.

While malware may be rising fast, following best practice configurations for existing security devices and protocols will clearly provide a significant security boost for 2018 in many verticals...