Encrypted web-communication routinely bypasses enterprise security controls, for reasons of regulatory compliance, business impact, or in some cases even ignorance. Left un-scanned and uncontrolled, these channels are perfect vehicles for hiding infection, command & control, and data exfiltration channels. Once an endpoint is infected, additional encrypted channels between endpoints can be used to spread infected content.
Hidden communication is only one side of the story. Cybercriminals are leveraging flaws in TLS/SSL protocols to enable session hijacking of encrypted channels, as well as access to elevated privileges. HTTPS is a highly successful evasion tactic and scanning an encrypted channel, while computationally heavy, is critical for organizations requiring a low-risk security posture.
NSS Labs has seen an increase in both the number and sophistication of threats utilizing encryption through the entire threat lifecycle. The second in a series on encryption, this paper examines the malicious use of encryption, including statistics, details on encrypted threats, and analysis of encrypted attack vectors.
Login below or subscribe to download.