Blue Coat finds Security Risks hiding in Encrypted Traffic

Blue Coat Systems, Inc. shares its latest security research findings which revealed that growing ‘visibility void’ with encrypted traffic represents potential threat to local enterprises.

The new security research report from Blue Coat, “2014 Security Report – The Visibility Void” shows that the growing use of HTTPS encryption to address privacy concerns over Internet is creating perfect conditions for cyber criminals to hide malware inside encrypted transactions, and even reducing the level of sophistication required for malware to avoid detection. 

Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network with especially the deployment on the Internet. Transport Layer Security (TLS) or Secure Sockets Layer (SSL) are encryption technologies being used to standardize HTTP communications to protect data in transits on Web and email content.

Blue Coat’s country manager for Malaysia, Ivan Wen says that the use of encryption across a wide variety of websites—both business and consumer—is increasing as concerns around personal privacy grow.

Business-essential applications, such as file-storage, search, cloud-based business software and social media, have long-used encryption to protect data-in-transit.

“In fact, eight of the top 10 most visited Websites in Malaysia (Refer to Figure 1) are encrypted using HTTPS throughout all or portions of their sites. For example, technology goliaths Google, Amazon and Facebook have switched to an “always on HTTPS” model to secure all data in transit using SSL encryption.”

“However, the lack of visibility into SSL traffic represents a potential vulnerability to many enterprises where benign and hostile uses of SSL are indistinguishable to many security devices,” he highlights.

As a result, encryption enables threats to bypass network security and allows sensitive employee or corporate data to leak from anywhere inside the enterprise. By 2017, more than 50 percent of the attacks on networks will employ some form of encrypted traffic to bypass security.

Wen explains, “Encrypted traffic is becoming more popular with cyber criminals because malware attacks, using encryption as a cloak, do not need to be complex as the malware operators believe the encryption prevents the enterprise from seeing the attack.”

“Significant data loss can occur easily as a result of malicious acts by hostile outsiders or disgruntled insiders. Moreover, by simply combining short-lived websites (“One-Day Wonders”) with encryption and running incoming malware and/or outgoing data theft over SSL, organizations can be completely blind to the attack, and unable to prevent, detect or respond,” he adds.

The growing use of encryption means many businesses today are unable to track the legitimate corporate information entering and leaving their networks, creating a growing blind spot for enterprises.

One example of an unsophisticated malware threat hiding in encrypted traffic is Dyre, a widely distributed, password-stealing Trojan originating in the Ukraine. After authorities shut down Zeus, one of the most successful Trojan horse malwares, Dyre quickly took its place by simply adding encryption.

“The tug of war between personal privacy and corporate security is leaving the door open for novel malware attacks involving SSL over corporate networks that put everyone’s data at risk.”

“For local businesses to secure customer data and meet regulatory and compliance requirements, they need an encrypted traffic management strategy that offers visibility to see the threats hiding in encrypted traffic and the granular control to make sure employee privacy is also maintained.” Wen ends.

Leave a Reply