Increasing Use Of Encryption For Malicious Purposes

Uploaded on 2022-03-01 in TECHNOLOGY--Hackers, FREE TO VIEW

Cyber criminals are focusing on by-passing strong encryption and it is very important for organisation and governments to focus on updated, resilient Hypertext Transfer Protocol Secure (HTTPS), configurations.

Now, F5 Labs have uncovered the extent of Internet encryption and the potential abuse of web encryption for malicious purposes. 

According to F5 Labs' 2021 report Transport Layer Security  (TLS) Telemetry Report, the issue is not so much the lack of adopting new ciphers and security features but the rate at which old and vulnerable protocols are removed. "Attackers know there is a correlation between poor HTTPS configurations and a vulnerable web server. Websites that routinely fail to follow TLS best practices are also found to be running old (and likely vulnerable) web servers,’says the Report.

TLS is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

Based on the screening of the top million websites in the world, F5 Labs found that more than 50% of the web servers still allow unsecured RSA (Rivest–Shamir–Adleman) Exchange. The RSA initials comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who described the algorithm in 1977, which is a form of public-key cryptography, which is used to secure communication between multiple parties.

The exchange uses public keys to encrypt data as it travels electronically. RSA is what's known as asymmetric cryptography, which uses a combination of public and private keys for security.

The research also found out that attackers have learned how to exploit TLS for their phishing campaigns. At the same time, new fingerprint techniques raise questions regarding the prevalence of malware servers hidden in the top million websites. Also, F5 Labs has found that the negation of authorisation is a persistent problem, due to the prevalence of legacy servers which and rarely updated.

F5 Labs has discovered that the TLS 1.3 protocol, the more secure and rapid one, has been the chosen encryption protocol for the majority of web servers among the Tranco top million list. Almost 63% of the servers contain TLS 1.3, similarly to more than 95% of all the browsers in use. However, in some countries, such as the United States and Canada, as many as 80% of web servers choose it, while in others, such as China and Israel, only 15% of servers support it.

Security risks continue to grow. According to the report, the proportion of phishing sites using HTTPS and valid certificates has risen from 70% in 2019 to 83% in 2021, with roughly 80% of malicious sites coming from just 3.8% of the hosting providers.

Facebook and Microsoft Outlook/Office 365 were the most common counterfeit brands in phishing attacks. F5 Labs also found that webmail platforms accounted for 10.4% of impersonating Internet functions, a rate almost as high as Facebook.

This means that phishing attacks against webmail are as common as attacks against a Facebook account.

‘The desire to intercept, weaken, and circumvent encryption has never been greater. Nation-states and cybercriminals alike are attempting to work around the problems caused by strong encryption... ‘While this rarely results in direct attacks against cryptographic algorithms or protocols, it often leads attackers to instead think of creative ways to intercept or capture information before or after it has been encrypted.

"It has never been more important to focus on strong and up-to-date HTTPS configurations, particularly when digital certificates are shared across different services,’ says the F5 Labs Report.

F5 Labs:     I-HLS:      University of Brstol:   

You Might Also Read: 

SSL Encryption For Big Data Security In Cloud Computing:

 

« New Tools To Simulate Electronic Warfare
UK Warns Of Russian Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

Backup Systems

Backup Systems

Backup Systems is a leading backup and disaster recovery systems provider across the UK.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions

CryptoMill Cybersecurity Solutions provides advanced, innovative data security solutions for enterprises, professionals and individuals.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

ACA Group

ACA Group

ACA Group are a leading governance, risk, and compliance (GRC) advisor in financial services.

LTIMindtree

LTIMindtree

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

Parafox Technologies

Parafox Technologies

Parafox Technologies delivers data security, compliance, and risk solutions to help businesses grow securely and stay audit-ready.