SSL-Based Phishing Surges 400% from 2017

Written by

Hackers are increasingly using encrypted traffic to hide their attacks from security filters, with phishing emails soaring in popularity, according to new data from Zscaler.

The cloud security provider processes more than 60 billion transactions per day and claimed that hiding threats in SSL traffic has become standard practice among the black hats.

Its biannual 2019 Cloud Security Insights Threat Report revealed that the vendor blocked 1.7 billion advanced threats hidden in SSL traffic from July to December 2018, amounting to an average of 283 million per month.

This included 2.7 million phishing attempts each month, an increase of over 400% from 2017 figures.

This chimes somewhat with a new report from Trend Micro released this week, which revealed the vendor blocked 269 million phishing URLs last year, a 269% increase over 2017.

Other malicious activity blocked by Zscaler in the second half of 2018 included 32 million botnet callback attempts per month, and 240,000 browser exploitation attempts. In addition, nearly 32% of newly registered domains blocked by the firm were ‘protected’ with SSL encryption.

Zscaler CTO, Amit Sinha, argued that the trend towards having everything encrypted by default is great for user privacy, but it presents a challenge to security teams.

“Decrypting, inspecting, and re-encrypting traffic is non-trivial, causing significant performance degradation on traditional security appliances, and most organisations are not equipped to inspect encrypted traffic at scale,” he added. “With a high percentage of threats now delivered with SSL encryption, and over 80% of internet traffic now encrypted, enterprises are blind to over half of malware sent to their employees.”

Zscaler also noted an increase in SSL-based JavaScript skimming attacks on e-commerce sites, a reference to the growing number of bad actors using Magecart code to harvest shoppers' card details as they are entered in. Popular brands including BA, Ticketmaster and Newegg have already been breached this way.

“With the increase in JavaScript skimmer-based attacks, criminals can conduct their nefarious activity within the confines of the SSL environment, leaving most e-commerce sites unaware of the activity,” warned Zscaler VP of security research, Deepen Desai.

What’s hot on Infosecurity Magazine?