The Security Risks that Hide in Encrypted Traffic

December 1, 2014 | By Editor 


According a new study, the growing visibility gap around encryption offers a potential threat to companies. The growing use of encryption not only addresses the privacy concerns but also creating perfect conditions for hackers to hide virus inside encrypted transactions.

Risks Hidden in Encrypted Traffic

The Risks Hidden in Encrypted Traffic

  • Business-essential applications, such as cloud software, file-storage, and social media, are encrypting their data in transit ever since NSA leaks surfaced.
  • Encryption across a variety of business and consumer sites is on the rise as concerns around privacy grow. Tech giants Google, Facebook, Microsoft, Facebook, and Amazon are all running an always on HTTPS model to protect all data in transit via SSL encryption.
  • However, there needs to visibility into SSL traffic or else in would represent a weak spot in many firms, where the SSL uses of benign and hostile are indistinguishable to many security devices. This might enable hackers to bypass network security.

What Happens If There is a Security Void

  • Most often, malware attacks use encryption as a cloak and doesn’t need to be complex because the hacker believes that encryption prevents the firm from seeing the attack.
  • Also, massive data loss can occur as a result of unethical acts either by dissatisfied insiders or hostile outsiders who can easily transmit important information.
  • The growing use of encryption means many firms are still unable to track the legitimate corporate data entering and leaving their networks, creating a growing vulnerability for firms.
  • Beginning September 2013, between 11 and 14 percent of the security information requests were asking about encrypted sites.
  • A good example of an unsophisticated malware hiding in encrypted traffic is Dyre, a successful Trojan that replaced Zeus bug.
  • A widely distributed, password-stealing malware originating in the Ukraine, Dyre exploits human behavior targeting some of the world’s largest firms to compromise accounts.
  • The hack could expose Social Security numbers (SSN), intellectual property, bank account details, protected health information, and much more.
  • The battle between company security and personal privacy is paving way for novel malware attacks that involves SSL over corporate networks placing everyone’s data at risk.
  • For companies to protect customer information and comply with regulatory and compliance requirements they need the visibility in order to see the threats hidden in encrypted traffic.
  • Corporate security demands should be balanced with applicable compliance requirements and privacy policies.

Because they can vary geographically per company, and per industry basis, firms need to flexible, customizable, and configurable in order to meet their unique business requirements.


Posted in SSL

Be Sociable, Share!

Leave a Comment


* fields are mandatory