In recent years, encryption has become the key to many endpoint security strategies, and its use is increasing dramatically. Gartner estimates that more than 80 percent of business web traffic has been encrypted in 2019, a number that will only increase as companies look to protect their data and privacy more securely, as well as protect their privacy. to meet more stringent compliance regulations. However, encryption and encrypted software could be a double-edged sword in the coming year. This security cornerstone has given way to a hidden threat: encrypting malware. As more and more companies adopt encryption best practices, cybercriminals are leveraging the benefits of encryption to evade detection and use cryptographic protocols to launch malicious attacks, essentially using encrypted traffic as cover for their encryption. malware. Gartner predicts that more than 70% of malware campaigns in 2020 will use some form of encryption, so companies need to be careful when considering the future of their cybersecurity.
About the author Omar Yaacoubi is the CEO and co-founder of Barac.
The undeniable advantages of encryption
Encryption certainly has its advantages, especially in terms of data protection and confidentiality. From protecting credit card processing and vendor verification to protecting passwords and personal information, organizations that use Secure Socket Layer (SSL) and its successor, Transport Layer Security (TLS) cryptographic protocols, you can be sure to protect the data on your networks. While the regulation restricts the protection of customer information, organizations need to be extremely vigilant, with the ICO website stating that encryption is an important measure in data protection under the GDPR. Encryption has also become part of everyday language, most recently news with WhatsApp and Facebook refusing to give out the keys to their encrypted messages in an effort to preserve users' privacy. Edward Snowden even weighed in on this argument, saying that if governments were to have access to encrypted messages from the public, it would "undermine the only method that currently exists to reliably protect the world's information." There is no doubt that the increasing use of encryption is perfectly logical and its implementation will continue to increase. However, there is the growing problem of encrypted malware to consider. Organizations must be very careful not to put all their eggs in one basket and rely on encryption only when this new threat emerges.
Critical cryptographic flaw: encrypted malware
Many organizations have already seen the effects of hackers taking advantage of the increasing use of encryption. A CIO survey conducted by Vanson Bourne revealed that 90% of organizations had experienced, or expected to experience, a network attack using SSL or TLS encryption this year, and the Cyber Security Breaches 2019 survey revealed that they had been identified. spyware or malicious attacks. in 27% of companies in the last year. This new attack vector will unfortunately only develop in 2020 in correlation with the increased use of legitimate encryption. Organizations using a high level of encryption are particularly vulnerable, with governments in South America, Europe and Asia being the most recent victims of this type of attack. Infamous malware such as the GOZI banking Trojan also adds encryption to your directory, a problem that will only get worse as encryption levels increase. However, the biggest problem with this new threat is being able to detect it, and many solutions are no longer effective, including decryption.
Decryption deficiencies
As encryption grows, the use of decryption tools also increases. This allows organizations to see inside encrypted data on and off their network by decrypting all traffic, looking for malicious activity, then re-encrypting and transmitting legitimate data. Although this may seem foolproof, this solution has many flaws. For one thing, the decryption process is painfully slow and requires a lot of calculations. Disadvantages such as degraded user experience, poor performance, and unexpected blocking of legitimate traffic are not uncommon. As a result, some organizations are moving away from decryption, allowing unscanned traffic into their networks and jeopardizing their entire cyber infrastructure. There are also privacy issues to consider. The decryption process could not only put sensitive data at risk by decrypting it in plain text, but it could also put organizations at odds with compliance regulations. The introduction of the TLS 1.3 protocol is an added complication because it can prevent decryption from happening. While TLS 1.3 guarantees a higher level of security, it also flags any decryption attempt as a man-in-the-middle attack, immediately terminating the session before distinguishing between malicious and legitimate traffic. Not having real visibility into encrypted traffic is a major concern. According to Venafi, 87% of CIOs believe that their security defenses are less effective because they cannot inspect encrypted network traffic to detect attacks. A new solution is needed for organizations to reap the benefits of encryption while ensuring they are not subject to this new type of threat.
AI is the future of cybersecurity
While many organizations are aware of the critical importance of investing in new technologies, embracing these solutions is another matter. Accenture's 2018 State of Cyber Resilience report found that while 83% of organizations agree that new technologies are an essential tool, only two in five invest in artificial intelligence (AI), learning automatic and automation technologies. It is crucial that this air change, especially since encrypted malware is a threat that these new technologies can already undo. Using machine learning techniques and behavioral analysis to analyze the metadata of encrypted traffic (rather than the actual content), new tools are emerging that can tell the difference between "good" and "bad" traffic. This gives companies the ability to view their encrypted traffic for hidden malware without having to use decryption. They can detect and stop malicious code, all in real time and without worrying about compliance or network performance. If organizations want to reap the benefits of encryption, they must also consider its shortcomings. Encrypting malware is only just beginning to gain momentum, but it will certainly gain momentum as encryption becomes more common. Organizations must act now and try to proactively protect themselves from this latest threat with the latest technologies. Omar Yaacoubi is the CEO and co-founder of Barac.