The investigation bureau FBI has issued an alert warning to internet users that “HTTPS” and a padlock icon in the address bar might not be enough to prove if a website is authentic or not. It has been observed that cyber-criminals are increasingly abusing the trust in TLS-secured websites for improving the success rate of phishing attacks.
“They [phishing attackers] are more frequently incorporating website certificates – third-party verification that a site is secure – when they send potential victims’ emails that imitate trustworthy companies or email contacts.”
In 2016, a report by the Ponemon institute revealed that nearly half of all the cyber-attacks used SSL encryption to evade detection within the period of last 12 months. Two-thirds of the organizations admitted that their organization was not prepared to detect malicious SSL traffic.
For many years, there has been a push toward adopting the HTTPS protocol on the web since it ensures a secured communication between the website and user’s browser.
Most of the browsers mark websites that use HTTPS with a padlock icon which indicates that the browser traffic is encrypted, and attackers cannot access the data in the transit. These websites also display warnings in case the user accesses a non-secured website.
With the advancement in the security measures, attackers have also started adopting HTTPS protocol to deploy sophisticated phishing attacks since the use of this secured protocol allows attackers to psychologically trick the victim into believing that the malicious emails or links that they received in their inboxes are coming from authentic sources.
They are designed with the motive to acquire sensitive login details or other information by redirecting victims to malicious websites that looks secure due to the padlock icon. However, only connection to these websites is secure and the HTTPS protocol is unable to authenticate the content on the website.
What is the reason behind the increasing use of HTTPS?
To deploy a successful cyber-attack, cyber criminals leverage the latest technology. With the number of websites that use SSL encryption, cyber attackers have started encrypting the phishing websites, making it harder for IT administrators to identify the difference between bad and good traffic. Attackers are increasingly using SSL to encrypt the communication between the compromised endpoint and command-and-control systems to hide payloads, instructions as well as other information that is being sent.
As an increasing number of attacks are using HTTPS to avoid the scrutiny by the traditional methods of cyber security, organizations should take steps to ensure that they are protected against bad traffic.
What is the solution?
Lack of awareness among employees is one of the major reasons for the success of such attacks. In recent years, attackers have shifted their focus from individuals to employees. Statistically, 90% of the cyber-attacks are a result of employee negligence. During the year 2018, there has been a 76% increase in the number of phishing attacks. 54% of the companies had experienced cyber-attacks that compromised with their IT infrastructure and data. According to a survey conducted by McAfee on 19,000 people, 97% of the people were unable to identify such cyber attacks.
This is where the cyber security awareness and training tool ThreatCop comes in handy. The tool helps in creating awareness among employees to combat real-life cyber-attacks. With the power of reporting tool TAB, employees become capable to protect the entire organization against probable cyber-attacks.
Every day the number of reported cyber-crimes are increasing. It is, therefore, important for organizations to invest in cyber security awareness and training programs which should be continuous and must be followed with the regular assessment of the employees’ knowledge on cyber-attacks.