Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Malware & HTTPS: The Rising Trend in Malware Delivery

While over half of global web traffic is now encrypted, the real extent to which malware is being hidden in HTTPS has been an open question—until now. HTTPS is the standard protocol used for secure communication over computer networks. It works by encrypting traffic in between browsers and a website, which ensures no third parties can access the data being exchanged. The use of HTTPS became especially important in 2014 when it became a ranking signal for Google, as well as for any websites that asked users for personal information or credentials.

In a recent study from the Internet Security Report (Q4 2021), WatchGuard also reported that 77.7% of malware that comes across an encrypted connection can bypass signature detection. This means that unfortunately, cybercriminals are able to evade many different legacy defenses when it comes to protecting against malware. 

The Impact of COVID-19 on HTTPS Malware Delivery

Many companies had to adapt during the 2020 pandemic by shifting to a remote workforce. This massive shift created a large new target for cyber criminals, since many of these employees working from home used insecure personal smartphones and computers. As companies embraced remote work, the risks increased due to higher levels of stress as well as behavioral changes. This pandemic-related stress also unfortunately made remote employees more vulnerable to phishing scams.

IT resources and IT professionals’ workload also saw a sudden shift at this time. According to Ivanti, IT workloads have increased significantly since remote work was embraced. The same survey also revealed the following:

  • 66% of IT professionals have witnessed a rise in security incidents due to the remote work environment
  • 58% of these incidents were related to malicious emails
  • 45% of the incidents occurred due to non-compliant employee behavior
  • 31% were related to software vulnerabilities

While phishing scams were on the rise at this time, cybercriminals used HTTPS to further manipulate users into giving their credentials and more. 

What is an SSL Inspection and How Does It Work?

An SSL inspection is the key to protecting your users and network from threats that use HTTPS to sneak past your defenses. An SSL inspection allows security products to ’look inside’ the secure tunnel, check for threats and block them before re-encrypting the traffic and sending it on its way. Unfortunately, HTTPS can be regarded as a major security gap, as not everyone is performing SSL inspections

In surveys conducted by Osterman Research and sponsored by Cyren, just over half of U.S. businesses report that they are doing SSL inspection via their web security solution, while less than 20% of UK-based companies are, meaning most businesses are leaving the door wide open for threats arriving via SSL connections.

Advantages of HTTPS/SSL Inspections

Now that you understand what an SSL/HTTPS inspection is. Let’s take a look at some of the benefits that come with inspecting HTTPS traffic:

  • Detects malicious requests
  • Helps protect against DoS attacks
  • Better visibility of malicious users and IP addresses
  • Enforces company security policies

Disadvantages of HTTPS/SSL Inspections

Unfortunately, if you are using an older software, you might run into some issues. Here are some disadvantages of HTTPS inspection if implemented incorrectly:

  • Reduces encryption strength when inspection product is not updated regularly
  • Some inspection products don’t verify certificate chains properly
  • If an inspection product is using obsolete cryptographic standards, post encryption may be less secure

Is Privacy the Same Thing As Security?

The volume of HTTPS traffic has been growing steadily since 2013, due in large part to privacy concerns following Edward Snowden’s disclosures, as well as Google’s promotion of the protocol. But its growth accelerated sharply. in the past 12 months, which we attribute to a new free SSL certificate authority, called “Let’s Encrypt”, which launched in April 2016.

SSL secure logoHTTPS maintains privacy for your data while you’re using the internet by applying SSL (Secure Sockets Layer) encryption to web traffic. When you see that little green lock by your website address, that means that you are connecting to the site via HTTPS.

But privacy is not the same thing as security. Cyren researchers found massive growth in the use of free Let’s Encrypt certificates across the board—but an even higher rate of adoption among malware authors. So when someone makes the claim that an SSL connection is “100% secure,” it means the transmission is encrypted. But you can’t rely on it being secure in the sense of “safe”.

HTTPS Traffic Already Two-Thirds of Web Traffic

The volume of HTTPS traffic in general has been rising quickly. According to data published by the main web browser providers, globally more than 50% of total web traffic became HTTPS at the beginning of this year, and accelerated to over two-thirds of all traffic in the first week of May. That means that the average volume of encrypted internet traffic is now greater than the average volume of unencrypted internet traffic—making the need for SSL inspection even more apparent.

Can HTTPS Encryption Protect You From Phishing Attacks and Other Malware?

So the growth in HTTPS traffic is a good thing, and it means we’re all a lot more secure when we surf the web. Right? Unfortunately, as we said above, it’s not quite that simple. HTTPS secures your privacy and guarantees your authentication, but it doesn’t necessarily guarantee that you’re totally secure.

In fact, with the introduction of Let‘s Encrypt and free SSL certificates, and their increasing use by malware authors, the notion that HTTPS is “safe” is moving even further away from reality. 

Best Practices to Protect Against Phishing Attacks & Malware

1. Check for Inconsistent Domains

One of the most common signs of a phishing attack is when cybercriminals replicate popular domain as closely as possible by using other characters, such as numbers, that closely resemble letters.

2. Look for Grammatical Errors in Emails

Spotting wrong tense or verb form and incorrect singular-plural agreements is an easy way to spot a phishing attempt.

3. Unfamiliar Email Greetings

If you’re subscribed to a few newsletters, by now you should know the brands tone of voice. If the greeting seems off brand, that may be a phishing email.

4. Email Attachments You Weren’t Expecting

This is a clear red flag. In general, if you do not expect the email attachment, never open or download it. This could deliver malware to your device.

5. A Sense of Urgency

If there is a false sense of urgency for you to act now, you should also steer clear.

Final Thoughts

The growing trend of phishing attacks and malware being delivered through HTTPS connections won’t be slowing down any time soon. As technology advances, the tactics of cybercriminals will continue to evolve as well. As the current workforce opts in to remote work and our day to day activities becoming increasingly digitized, cybercriminals and fraudsters will continue to take advantage. 

If you want to protect your office 365 mailboxes from phishing attacks and malware, contact us today.



You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...