Cybersecurity

When good encryption is bad for security

In August 2015, attackers used an advertisement on Yahoo to redirect users to a site infected by the Angler exploit kit. Just weeks before, users were exposed to more malicious software through compromised ads that showed up across the web. In all, at least 910 million users were potentially exposed to malware through these attacks. The common thread? The malware was hidden from firewalls by SSL/TLS encryption.

When victims don't have the right protections in place, attackers can cipher command-and-control communications and malicious code to evade intrusion prevention systems, or IPS, and anti-malware inspection systems. In effect, the SSL/TLS encryption serves as a tunnel to hide malware, as it can pass through firewalls and into organizations' networks undetected if the right safeguards aren't in place. And as SSL/TLS usage grows, so does the appeal of this threat vector for hackers.