In recent years, encryption has become key to many endpoint security (opens in new tab) strategies, and its use is unsurprisingly on the rise. Gartner estimates that over 80% of enterprises’ web traffic was encrypted in 2019, a number which will only grow as organisations look to more securely protect their data and privacy, as well as meet stricter compliance regulations. Encryption and encrypted software (opens in new tab) could, however, turn out to be a double-edged sword in the year to come.
This security cornerstone has given way to a hidden threat: encrypted malware. As more companies adopt better encryption practices, cyber criminals are using the benefits of encryption to evade detection and are using cryptographic protocols to deliver malicious attacks, essentially using encrypted traffic as a cover for their malware (opens in new tab). Gartner predicts that over 70% of malware campaigns in 2020 will use some type of encryption, so organisations need to be wary when looking at the future of their cybersecurity.
Omar Yaacoubi is the CEO and co-founder of Barac.
The undoubted benefits of encryption
Encryption certainly has its advantages, especially when it comes to data protection and privacy. From protecting credit card processing (opens in new tab) and verifying vendors to keeping passwords and personal information secure, organisations using cryptographic protocols Secure Socket Layer (SSL) and its successor, Transport Layer Security (TLS), can be sure they are protecting the data on their networks.
As regulations clamp down on the protection of customer information, organisations have to be extra vigilant, with the ICO’s own website stating that encryption is an important measure in protecting data under GDPR (opens in new tab).
Encryption has also become a part of everyday parlance, most recently hitting the news with WhatsApp and Facebook refusing to give up the keys to their encrypted messages in an effort to retain user privacy. Edward Snowden has even weighed in on the argument, stating that if governments were to have access to the public’s encrypted messages, it would be “to undermine the only method that currently exists for reliably protecting the world’s information”.
Undoubtedly, the increased use of encryption is perfectly logical and its implementation will surely continue to rise. There is, however, the rapidly growing problem of encrypted malware to consider. Organisations must be extremely cautious not to put all of their eggs in one basket and only rely on encryption as this new threat emerges.
Encryption’s crucial flaw: encrypted malware
Many organisations have already seen the effects of hackers capitalising on the rising use of encryption. A CIO survey by Vanson Bourne found that 90% of organisations had experienced – or expect to experience – a network attack using SSL or TLS encryption during the course of this year, and the 2019 Cyber Security Breaches survey found that spyware or malware attacks were identified by 27% of businesses over the past year.
This new attack vector will unfortunately only grow in 2020 in correlation with the increased use of legitimate encryption. Organisations using a high-level of encryption are particularly susceptible, with governments across South America, Europe and Asia being the most recent victims to this type of attack. Infamous malware, such as the GOZI banking trojan, is also adding encryption to its repertoire, a problem that will only be compounded as encryption levels grow.
The biggest issue with this new threat however, is being able to detect it, and many solutions are already ineffective, including decryption.
As encryption grows, so does the use of decryption tools. These allow organisations to see inside the encrypted data entering and leaving their network by decrypting all of the traffic, checking for malicious activity, then re-encrypting and forwarding the legitimate data. Whilst it may sound infallible, this solution comes with many flaws.
For one, the decryption process is painfully slow and compute intensive. Drawbacks such as a degradation of the user experience, poor performance, and unexpected blocking of legitimate traffic are not uncommon. As a result, some organisations forgo decryption altogether, allowing unscanned traffic into their networks and putting their entire cyber infrastructure at risk.
There are also privacy issues to take into account. Not only could the decryption process put sensitive data at risk by being decrypted into plain text, but it could also be putting organisations in breach of compliance regulations.
The introduction of the TLS 1.3 protocol is a further complication, as it may prevent decryption from taking place at all. Whilst TLS 1.3 ensures a greater level of security, it also flags any decryption attempt as a man-in-the-middle attack, immediately terminating the session before malicious or legitimate traffic can be distinguished.
Not having true visibility into encrypted traffic is a deep concern. According to Venafi, 87% of CIOs believe their security defences are less effective since they cannot inspect encrypted network traffic for attacks. A new solution is therefore required if organisations are to take advantage of the benefits of encryption, yet ensure they are not subject to this new type of threat.
AI is the future of cybersecurity
While many organisations are aware of the critical importance of investing in new technology, it’s another matter to actually adopt these solutions. Accenture’s 2018 State of Cyber Resilience Report found that although 83% of organisations agree that new technology is an essential tool, only two out of five are investing in artificial intelligence (AI) (opens in new tab), machine learning and automation technologies.
It is crucial that this tune changes, especially since encrypted malware is one threat that can already be nullified by these new technologies. Using machine learning (opens in new tab) techniques and behavioural analytics (opens in new tab) to scan the metadata of encrypted traffic (rather than the actual contents), new tools are emerging that can learn the difference between ‘good’ and ‘bad’ traffic. This gives organisations the ability to look at their encrypted traffic for hidden malware without ever having to use decryption. They can spot and stop malicious code, all in real time and with no concerns over compliance or network performance.
If organisations are to reap the rewards of encryption, they must also take into consideration its shortcomings. Encrypted malware is just beginning to gain momentum, but will undoubtedly get further traction as encryption becomes more commonplace. Organisations need to act now and pre-emptively look to protect against this most modern of threats with the most modern of technologies.
Omar Yaacoubi is the CEO and co-founder of Barac (opens in new tab).
- Protect yourself online with the best antivirus (opens in new tab).