SCOTTSDALE, Ariz.— A new report indicates that the cyber defenses of many banks and credit unions are not catching half of the malware attacks coming through their networks.
A report in ThirdCertainty suggests that cyber crooks are now leveraging HTTPS—hypertext transfer protocol with an “S” added to indicate security—employed by many websites, particularly social media, as a more secure encryption solution.
But ThirdCertainty reports that hackers have discovered that HTTPS is “tailor-made” for cloaking cyber attacks. A report from A10 Networks and the Ponemon Institute shows perhaps as much as half of the cyber attacks aimed at businesses in the past 12 months used malware hidden in encrypted traffic, ThirdCertainty explained.\
“HTTPS—the bad guys see it as a hidden spot in the network, and a great malware delivery mechanism,” Corey Nachreiner, chief technology officer at WatchGuard Technologies, told ThirdCertainty.
What types of malware are crooks pushing through?
“It would be a simple Trojan, like for instance, ransomware,” Nachreiner told ThirdCertainty. “It could be CryptoWall. It could be the latest botnet Trojan, the latest variant of Citadel. They’re now starting to push that malware over an encrypted version of the web communication. That means all the mechanisms you’ve had in place to catch that malware as it was going over the network are no longer effective.”
Nachreiner said that the good news is that there are modern network security solutions.
“What we call HTTPS deep-packet inspection. But this is a relatively new technology. It has been out for about four or five years, but to many of the organizations out there that don’t have this HTTPS inspection capability, they’re missing around half the attacks out there,” he told ThirdCertainty.
Nachreiner said that banks, credit unions and other businesses should support encrypted traffic in their network infrastructure.
“It does take more resources, but we’re easily at the point where most network gear can now do that. The second thing you need to do is inspect HTTPS traffic on a network level. Otherwise, you may miss the latest CryptoWall ransomware variant if it comes in an encrypted communication,” he told ThirdCertainty.