Increasing Use Of Encryption For Malicious Purposes

Uploaded on 2022-03-01 in TECHNOLOGY--Hackers, FREE TO VIEW

Cyber criminals are focusing on by-passing strong encryption and it is very important for organisation and governments to focus on updated, resilient Hypertext Transfer Protocol Secure (HTTPS), configurations.

Now, F5 Labs have uncovered the extent of Internet encryption and the potential abuse of web encryption for malicious purposes. 

According to F5 Labs' 2021 report Transport Layer Security  (TLS) Telemetry Report, the issue is not so much the lack of adopting new ciphers and security features but the rate at which old and vulnerable protocols are removed. "Attackers know there is a correlation between poor HTTPS configurations and a vulnerable web server. Websites that routinely fail to follow TLS best practices are also found to be running old (and likely vulnerable) web servers,’says the Report.

TLS is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

Based on the screening of the top million websites in the world, F5 Labs found that more than 50% of the web servers still allow unsecured RSA (Rivest–Shamir–Adleman) Exchange. The RSA initials comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who described the algorithm in 1977, which is a form of public-key cryptography, which is used to secure communication between multiple parties.

The exchange uses public keys to encrypt data as it travels electronically. RSA is what's known as asymmetric cryptography, which uses a combination of public and private keys for security.

The research also found out that attackers have learned how to exploit TLS for their phishing campaigns. At the same time, new fingerprint techniques raise questions regarding the prevalence of malware servers hidden in the top million websites. Also, F5 Labs has found that the negation of authorisation is a persistent problem, due to the prevalence of legacy servers which and rarely updated.

F5 Labs has discovered that the TLS 1.3 protocol, the more secure and rapid one, has been the chosen encryption protocol for the majority of web servers among the Tranco top million list. Almost 63% of the servers contain TLS 1.3, similarly to more than 95% of all the browsers in use. However, in some countries, such as the United States and Canada, as many as 80% of web servers choose it, while in others, such as China and Israel, only 15% of servers support it.

Security risks continue to grow. According to the report, the proportion of phishing sites using HTTPS and valid certificates has risen from 70% in 2019 to 83% in 2021, with roughly 80% of malicious sites coming from just 3.8% of the hosting providers.

Facebook and Microsoft Outlook/Office 365 were the most common counterfeit brands in phishing attacks. F5 Labs also found that webmail platforms accounted for 10.4% of impersonating Internet functions, a rate almost as high as Facebook.

This means that phishing attacks against webmail are as common as attacks against a Facebook account.

‘The desire to intercept, weaken, and circumvent encryption has never been greater. Nation-states and cybercriminals alike are attempting to work around the problems caused by strong encryption... ‘While this rarely results in direct attacks against cryptographic algorithms or protocols, it often leads attackers to instead think of creative ways to intercept or capture information before or after it has been encrypted.

"It has never been more important to focus on strong and up-to-date HTTPS configurations, particularly when digital certificates are shared across different services,’ says the F5 Labs Report.

F5 Labs:     I-HLS:      University of Brstol:   

You Might Also Read: 

SSL Encryption For Big Data Security In Cloud Computing:

 

« New Tools To Simulate Electronic Warfare
UK Warns Of Russian Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Telefonica Tech

Telefonica Tech

Telefónica Cyber Security Tech is focused on the prevention, detection and appropriate response to security incidents aimed at protecting your digital services.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

Cyber Risk Opportunities

Cyber Risk Opportunities

Cyber Risk Opportunities was formed to enable middle-market executives to become more proficient cyber risk managers so their organizations can thrive.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.