Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Encrypted sites perfect for hidden malware, Blue Coat Malaysia finds

AvantiKumar | Nov. 21, 2014
Study: More than 50% of the attacks on networks will use some form of encrypted traffic to bypass security by 2017, said Blue Coat's Ivan Wen.

Ivan Wen - Blue Coat Malaysia 

Photo - Ivan Wen, Country Manager, Malaysia, Blue Coat Systems


According to web security and WAN optimisation provider Blue Coat Malaysia's latest security report, the increasing use of encryption in many websites is providing an easier path for cyber criminals to hide malware inside transactions.

During the recent release in Kuala Lumpur of Blue Coat's '2014 Security Report - The Visibility Void,' Ivan Wen, Malaysia country manager for Blue Coat Systems, said that the growing use of HTTPS encryption to address privacy concerns over Internet is creating perfect conditions for cyber criminals to penetrate Malaysian enterprises by growing a 'visibility void' with encrypted traffic.

Cyber criminals can hide malware inside encrypted transactions, and even reduce the level of sophistication required for malware to avoid detection, said Wen.

He said that business-essential applications, such as file-storage, search, cloud-based business software and social media, have used encryption to protect data-in-transit.

"In fact, eight of the top 10 most visited Websites in Malaysia (Refer to Figure 1) are encrypted using HTTPS throughout all or portions of their sites," said Wen. "For example, technology goliaths Google, Amazon and Facebook have switched to an "always on HTTPS" model to secure all data in transit using SSL encryption."

Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network. Transport Layer Security (TLS) or Secure Sockets Layer (SSL) are encryption technologies being used to standardise HTTP communications to protect data in transits on Web and email content.


Top 10 most visited websites in Malaysia 

  Encrypted traffic management strategy

"However, the lack of visibility into SSL traffic represents a potential vulnerability to many enterprises where benign and hostile uses of SSL are indistinguishable to many security devices," Wen said, adding that encryption allowed treats to bypass network security. "By 2017, more than 50 percent of the attacks on networks will employ some form of encrypted traffic to bypass security."
"Encrypted traffic is becoming more popular with cyber criminals because malware attacks, using encryption as a cloak, do not need to be complex as the malware operators believe the encryption prevents the enterprise from seeing the attack," he said.

"Significant data loss can occur easily as a result of malicious acts by hostile outsiders or disgruntled insiders," Wen said. "Moreover, by simply combining short-lived websites ('One-Day Wonders') with encryption and running incoming malware and/or outgoing data theft over SSL, organisations can be completely blind to the attack, and unable to prevent, detect or respond."

In addition, the use of encryption means businesses cannot track legitimate corporate information entering and leaving their networks, which could build blind spots, he said.

Wen said an example of an unsophisticated malware threat hiding in encrypted traffic is Dyre, a widely distributed, password-stealing Trojan originating in the Ukraine. After authorities shut down Zeus, one of the most successful Trojan horse malwares, Dyre quickly took its place by simply adding encryption.
"The tug of war between personal privacy and corporate security is leaving the door open for novel malware attacks involving SSL over corporate networks that put everyone's data at risk," he said.
"For local businesses to secure customer data and meet regulatory and compliance requirements, they need an encrypted traffic management strategy that offers visibility to see the threats hiding in encrypted traffic and the granular control to make sure employee privacy is also maintained." Wen said.


Sign up for Computerworld eNewsletters.