A new study by Zscaler, which analysed 6.6 billion security threats, found a 260% increase in attacks in the first nine months of 2020. Among the encrypted attacks, there is a 500% increase in the number of programs that can be exchanged, of which the best known variants are FileCrypt/FileCoder, followed by Sodinokibi, Maze and Ryuk.
That’s what security experts have said about these results:
Oleg Kolesnikov, Vice President of the Threat Assessment at Securonics.
The high visibility of SSL/TLS traffic is certainly one of the most important elements needed to detect modern attacks. However, SSL/TLS validation/termination alone is often not enough. For example, even with SSL/TLS inspection, cybercriminals (MTAs) often use additional layers of encryption and obfuscation over SSL/TLS and often use legitimate websites such as github user content, cloud drives and the like to display payloads from malicious staplers.
An example is the Trickbot/Powertrick MTA, where we have seen attackers downloading post-crash Powerhell stackers from SSL/TLS sites. Therefore, in addition to monitoring and shutting down SSL/TLS, it is important to be able to monitor SSL/TLS activity in combination with other activities that take place in your environment from different protocol/data sources, and to be able to correlate effective behaviour between different protocol/data sources, especially when it comes to cloud collaboration applications.
Richard Bailitch, Chief Security Strategist at Corelight.
Better reporting is useful, but needs to be reconciled with legal, technical and ethical considerations. Since there are organizations that cannot or do not want to crack and verify encrypted traffic, it is important that organizations continue to invest heavily in research and implement innovative analytical approaches to ensure transparency while maintaining encryption.
Niam Muldoon, executive director of Trusts and Security at OneLogin.
I recognise that the use of security controls such as SSL certificates to protect communications and connections can help to mask the vectors of threat and attack, which is why a thorough control framework is so important; other security controls and alerts will highlight this activity as being malicious for investigations. An identity and access management platform that provides access to risk management, both authentication and authorization, will help identify these malicious attacks as risk factors change and the associated risks are reduced.
A cyber security team can only be effective if it has monitoring and alerting technologies and tools throughout the organisation’s architecture so that it can identify the threat and respond appropriately to reduce the impact and consequences for the business, in particular by preventing data piracy. Protection against cybercrime may include monitoring encrypted communication channels.
There are no privacy implications; the definition of privacy is to allow access to data to meet the needs of business. In this case, access is granted to view the communication channels and identify the cyber security threat in the encrypted channel. If security teams have been involved in the design and architecture of the network or channels using encryption, they are implemented in such a way that they can identify authenticated communications with unauthorized users and, if necessary, control specific communications.
Jamie Akhtar, co-founder and CEO of CyberSmart :
For most organizations, especially small and medium sized companies that have virtually no cyber security resources or expertise, the definition of site security is limited to the presence or absence of a padlock icon in the search area. Unfortunately, these tools are used primarily to ensure the confidentiality and integrity of the data, but they can also be manipulated for malicious purposes. This is indeed a trick, as malicious acts are masked in the form of a universally accepted symbol meaning safety and security. Organizations will benefit from the implementation of security tools that analyze the legitimacy of connections.
Stephen Banda, Head of Security Solutions at Lookout:
The use of phishing attacks on SSL certificates is an effective way to entice the end user to click on a link, as most users consider the https prefix and lock symbol as security features.
SSL was first developed in 1994 and has long been considered the gold standard for certifying the identity of digital sites and encrypting website traffic. When used on legitimate websites, this encryption helps protect against man-in-the-middle attacks, fake websites and eavesdropping devices to keep your information safe. Unfortunately, in the absence of a central authority to regulate the establishment of https sites, hackers quickly register and promote https phishing sites.
Lookout detects phishing attacks on mobile devices without investigating the content of the messages to protect user privacy. Lookout processes at least 15 million TLS certificate events and 150,000 new domain registrations per day, resulting in 15,000 phishing domain registrations per month.
Complex cybersecurity solutions should be able to detect SSL certificates in case of phishing attacks without checking the content of the message. This is all the more important as employees increasingly use personal tablets, smartphones and chrome books for their work. They do not want their employer to evaluate the content of their website and demand confidentiality.
covid-19 security threats,how is covid-19 affecting cyber security,covid-19 values,cyber attack coronavirus,physical security news,breach news today