What Surprises Lurk in Your Encrypted Traffic?

In the chess game of network security, it’s not unusual for hackers to respond to new security measures with novel types of threats. But one of the latest threats to emerge goes a step further, actually using some of the industry’s best security techniques for malicious purposes.

The Use of Encryption Has Increased The line between employees personal and work life is increasingly blurry. Employees are not only bringing their own devices into the workplace but also their own online communication habits and preferences. As workers have introduced social media, Google Drive, Dropbox, and other cloud-based consumer services to the business world, IT teams have been faced with the challenge of instituting policies and procedures that ensure these tools don’t become threat vectors.

Dell revealed in the new 2015 Dell Security Annual Threat Report that, although many Internet companies have started encrypting inbound and outbound connections to their sites to better protect user privacy, these security efforts have a problematic double edge.

Companies like Twitter, Facebook, Google, Dropbox, and others now use secure sockets layer (SSL) or transport layer security (TLS) encryption for all of their web traffic, signified by “HTTPS” web addresses. This practice has become so prevalent that Dell saw a 109% increase in the volume of HTTPS web connections from the start of 2014 to the start of 2015 and HTTPS traffic now comprises 60% of total network traffic for our customers. The flip side to this is that hackers have also begun using this encryption to hide malware from organization firewalls, effectively allowing them to tunnel through traditional security defenses unnoticed.

Hackers Leverage Encryption Practices for Their Own Gain In 2014, hackers completed several successful malware attacks that leveraged SSL encryption for the malware download, including one that distributed malware to about 27,000 Europeans per hour over the course of four days, simply by compromising a group of banner ads on Yahoo’s news site. It’s safe to assume that some of those users might have accessed Yahoo from work, potentially exposing their companies to major security concerns.

Modern firewalls are able to inspect SSL traffic and detect malware, but the additional scanning is processor intensive and can cause latency leading to a network slowdown and ultimate disruption to the business. All too often, the corporate IT security teams’ initial impulse is to restrict all SSL/TLS traffic in the workplace. Unless the company doesn’t rely on broad Internet usage, these policies can backfire when IT teams inevitably bow to employee pressure and remove restrictions completely.

Protecting Your Network from SSL Encrypted Attacks Rather than playing an all-or-nothing game, most companies will benefit from taking a more measured approach:

1. Update to a modern next-generation firewall that enables the following best practices
2. Enable SSL inspection for the traffic going through the firewall. Make sure you choose a next-generation firewall that supports high rates of SSL inspection.
3. If the list of business critical Internet sites is small, you may be able to limit SSL access to sites that are regularly accessed.
4. Use the application control capability on your firewall to allow access only to business critical applications and restrict or block unproductive or insecure apps.
5. Implement regular security training to educate employees on how to avoid phishing scams and malware downloads.

This new security issue can affect companies of all sizes, and there’s no one-size-fits-all answer for addressing it. As with a game of chess, the key lies in understanding the board, being vigilant, and engaging in predictive thinking. Create a strategy that works for your organization today and reevaluate it as new information arises in the future.

Download the 2015 Dell Security Annual Threat Report for more insight into today’s and tomorrow’s threats.