Cryptography applied to data traffic is an essential security technique that every company can relate. On the one hand, it is a growing demand to maintain information confidentiality, especially with the increasing number of data leakage events. However, one should notice that the same technique used as protection for your data, can be used by cybercriminals to distribute malicious applications.
| What is Cryptography? Cryptography is a security technique that consists of ciphering information in a document or application, in order to make it unintelligible for individuals who do not have access to the codes that decipher a certain content. |
According to a recent Ponemon Institute study, cyberattacks using cryptography have grown by 41%. These attacks are build from same tools that are used to protect businesses: TLS and SSL protocols, which are often adopted to add security to the application layer – with HTTP (web browsing) or SMTP (e-mail transfer) protocols.
In fact, protecting web browsing is one of the greatest challenges that companies face, related to this type of risk. According to the Google Transparency Report, 79% of the pages accessed in the US by ther browser, Google Chrome, are HTTPS.
On the other hand, Mozilla Firefox, another popular browser, presents 70% of HTTPS page display worldwide.
It is also worth mentioning the techniques by email: cybercrime moves quickly to the adoption of cryptography, creating malicious pages in HTTPS to support phishing scams. Banking trojans hidden in social engineering schemes are happening now.
Summary of an encrypted attack:
- Malicious advertising on search engines, malicious websites, phishing pages;
- Use of SSL for malware and exploits to deliver malicious uploads.
A brief concern about encrypted attacks and awareness
In this case, as in cybersecurity in general, educating the user is a resourceful way to help security teams to prevent cybercrime’s attack techniques.
However, one of the frequent security tips for users, to try and identify the presence of encryption on links while browsing, does not have the same effect, since attackers can use the same feature.
The best way to deal with encrypted attacks is to identify the content of traffics with active monitoring products.
Inspecting is a must
In terms of security, the basic recommendation for this challenge is: to adopt preventative technologies with encryption capabilities. It may seem obvious, but the fact is that many companies do not adopt this type of control to protect their environments, users and data.
In the end of the day, it means that two opponents use the same weapons. However, if your business does not encrypt information, nor does it have tools to inspect encrypted traffic, the disadvantage in combating cybercrime is clear, and the risk to business is immense.
SSL inspection is the main security against cryptographic attacks. In a simple way, it consists of decrypting traffic content and analyzing it. Following up measures will be addressed according to that analysis – blocking suspicious content, granting permission to safe content.
In terms of cybersecurity products, it is important to take the following measures:
- Adopt Virtual Private Networks to enable the exchange of encrypted information between organizational units or between remote users and corporate systems;
- Adopt Advanced Threat Protection systems that use up-to-date intelligence signatures and able to identify known, unknown, and targeted attacks with high accuracy;
- Adopt Secure Web Gateway features, which analyze real-time URLs and IPs, using the complexity of the various filters with SSL Inspection.
With more than 5,000 clients, Blockbit is one of the leading manufacturers of cybersecurity solutions, empowering businesses to protect themselves against a wide range of threats, vulnerabilities, and cyberattacks, whether internal or external, generic or specific.