Malware is Moving Heavily to HTTPS

by Arna Magnúsardóttir MalwareThreat Analysis

While over half of global web traffic is now encrypted, the real extent to which malware is being hidden in HTTPS has been an open question—until now. Cyren’s security researchers  have found that HTTPS is now being utilized in 37% of all malware. And recent growth in HTTPS use for malware has been dramatic, with malvertizing use of HTTPS jumping 30 percent in the first half of this year. Researchers also substantiated that every major ransomware family since January 2016 has been distributed at some point via HTTPS. 

SSL Inspection Not Yet Standard

SSL inspection is the key to protecting your users and network from threats that use HTTPS to sneak past your defenses. SSL inspection allows security products to ’look inside’ the secure tunnel, check for threats and block them before re-encrypting the traffic and sending it on its way. Unfortunately, HTTPS can be regarded as a major security gap, as not everyone is performing SSL inspection. In surveys conducted by Osterman Research and sponsored by Cyren, just over half of U.S. businesses report that they are doing SSL inspection via their web security solution, while less than 20% of UK-based companies are, meaning most businesses are leaving the door wide open for threats arriving via SSL connections.

Privacy Does Not Mean Security

The volume of HTTPS traffic has been growing steadily since 2013, due in large part to privacy concerns following Edward Snowden's disclosures, as well as Google's promotion of the protocol. But its growth accelerated sharply in the past 12 months, which we attribute to a new free SSL certificate authority, called "Let’s Encrypt", which launched in April 2016.

HTTPS maintains privacy for your data while you're using the internet by applying SSL (Secure Sockets Layer) encryption to web traffic. When you see that little green lock by your website address, that means that you are connecting to the site via HTTPS. 

SSL secure logo

But privacy is not the same thing as security. Cyren researchers found massive growth in the use of free Let’s Encrypt certificates across the board—but an even higher rate of adoption among malware authors. So when someone makes the claim that an SSL connection is "100% secure," it means the transmission is encrypted. But you can't rely on it being secure in the sense of "safe".

HTTPS Traffic Already Two-Thirds of Web Traffic

The volume of HTTPS traffic in general has been rising quickly. According to data published by the main web browser providers, globally more than 50% of total web traffic became HTTPS at the beginning of this year, and accelerated to over two-thirds of all traffic in the first week of May. That means that the average volume of encrypted internet traffic is now greater than the average volume of unencrypted internet traffic—making the need for SSL inspection even more apparent. 

So the growth in HTTPS traffic is a good thing, and it means we're all a lot more secure when we surf the web. Right? Unfortunately, as we said above, it's not quite that simple. HTTPS secures your privacy and guarantees your authentication, but it doesn’t necessarily guarantee that you’re totally secure. In fact, with the introduction of Let‘s Encrypt and free SSL certificates, and their increasing use by malware authors, the notion that HTTPS is “safe” is moving even further away from reality.

To maintain security, it's absolutely critical to inspect web traffic that's encrypted with SSL. Ready to learn more about how to protect your organization? Check out Cyren’s on demand webinar, "Threats Over SSL: Why Inspecting HTTPS Traffic Is No Longer Optional."

Go back