Increasing Use Of Encryption For Malicious Purposes

Cyber criminals are focusing on by-passing strong encryption and it is very important for organisation and governments to focus on updated, resilient Hypertext Transfer Protocol Secure (HTTPS), configurations.

Now, F5 Labs have uncovered the extent of Internet encryption and the potential abuse of web encryption for malicious purposes. 

According to F5 Labs' 2021 report Transport Layer Security  (TLS) Telemetry Report, the issue is not so much the lack of adopting new ciphers and security features but the rate at which old and vulnerable protocols are removed. "Attackers know there is a correlation between poor HTTPS configurations and a vulnerable web server. Websites that routinely fail to follow TLS best practices are also found to be running old (and likely vulnerable) web servers,’says the Report.

TLS is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

Based on the screening of the top million websites in the world, F5 Labs found that more than 50% of the web servers still allow unsecured RSA (Rivest–Shamir–Adleman) Exchange. The RSA initials comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who described the algorithm in 1977, which is a form of public-key cryptography, which is used to secure communication between multiple parties.

The exchange uses public keys to encrypt data as it travels electronically. RSA is what's known as asymmetric cryptography, which uses a combination of public and private keys for security.

The research also found out that attackers have learned how to exploit TLS for their phishing campaigns. At the same time, new fingerprint techniques raise questions regarding the prevalence of malware servers hidden in the top million websites. Also, F5 Labs has found that the negation of authorisation is a persistent problem, due to the prevalence of legacy servers which and rarely updated.

F5 Labs has discovered that the TLS 1.3 protocol, the more secure and rapid one, has been the chosen encryption protocol for the majority of web servers among the Tranco top million list. Almost 63% of the servers contain TLS 1.3, similarly to more than 95% of all the browsers in use. However, in some countries, such as the United States and Canada, as many as 80% of web servers choose it, while in others, such as China and Israel, only 15% of servers support it.

Security risks continue to grow. According to the report, the proportion of phishing sites using HTTPS and valid certificates has risen from 70% in 2019 to 83% in 2021, with roughly 80% of malicious sites coming from just 3.8% of the hosting providers.

Facebook and Microsoft Outlook/Office 365 were the most common counterfeit brands in phishing attacks. F5 Labs also found that webmail platforms accounted for 10.4% of impersonating Internet functions, a rate almost as high as Facebook.

This means that phishing attacks against webmail are as common as attacks against a Facebook account.

‘The desire to intercept, weaken, and circumvent encryption has never been greater. Nation-states and cybercriminals alike are attempting to work around the problems caused by strong encryption... ‘While this rarely results in direct attacks against cryptographic algorithms or protocols, it often leads attackers to instead think of creative ways to intercept or capture information before or after it has been encrypted.

"It has never been more important to focus on strong and up-to-date HTTPS configurations, particularly when digital certificates are shared across different services,’ says the F5 Labs Report.

F5 Labs:     I-HLS:      University of Brstol:   

You Might Also Read: 

SSL Encryption For Big Data Security In Cloud Computing:

 

« New Tools To Simulate Electronic Warfare
UK Warns Of Russian Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

Acutec

Acutec

Acutec is an award winning IT support, services and solutions provider including managed IT Security and backup/disaster recovery.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

StrongKey

StrongKey

StrongKey (formerly StrongAuth) is a leader in Enterprise Key Management Infrastructure, bringing new levels of capability and data security at a price point significantly lower than other solutions.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

L3Harris Technologies

L3Harris Technologies

L3Harris Technologies is a global aerospace and defense technology innovator, delivering solutions to meet mission-critical needs across air, land, sea, space and cyber domains.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Cyber Readiness Institute (CRI)

Cyber Readiness Institute (CRI)

At the Cyber Readiness Institute, our mission is simple: empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

Detego Global

Detego Global

Detego Global are the creators of the Detego® Unified Digital Forensics Platform, a suite of modular tools used globally by military, law enforcement and intelligence agencies, and enterprises.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

DHCO IT

DHCO IT

The DHCO IT team are experts in IT support, cyber security, cloud support and disaster recovery, and are Microsoft 365 partners.