Encryption. It’s something that many businesses take for granted these days. Now that it’s a term that’s commonly understood, there seems to be an increase in businesses not paying attention to what it really entails. This can lead to assumptions that as long as email and browser information is encrypted, all will be well.
Unfortunately, that is not the case.
Secure sockets layer (SSL) encrypted traffic is often not inspected by organisations.
An issue we often see occurring is that some SSL encrypted traffic is not being inspected. We understand the difficulty in inspecting all SSL traffic, but allowing any through without the proper checks can potentially lead to cyber criminals exploiting this opportunity and hiding malicious content within the encryption, something that is increasingly occurring in Australian businesses.
How did SSL go from being the trusted cyber guard to a popular tool for exploitation?
SSL and TSL (transport security layer, SSL’s younger sibling) are cryptographic protocols that were designed to protect information transferred between two parties. SSL certificates play an important role in encrypting a connection and establishing trust.
Would you purchase something online if the website didn’t display the lock symbol near the URL? Nope. We didn’t think so!
Unfortunately, like many things related to the digital world, SSL has vulnerabilities that make it a target for cyber criminals trying to find alternative ways to exploit a weakness. Attacks such as POODLE (padding oracle on downgraded legacy encryption), beast (browser exploit against SSL/TLS) and heartbleed have caused considerable damage to businesses over the years.
POODLE vulnerabilities first made an appearance in late 2014 and are, in essence, an occurrence where an attacker performs a traffic intercept and undertakes a man-in-the-middle (MITM) attack, impersonating the server.
MITM attacks can be particularly dangerous as they can decrypt confidential information that is being sent between two parties via the internet. A less commonly known, but equally dangerous form of MITM is called SSL stripping. Effectively, this type of attack downgrades HTTPS to HTTP. The attacker can then reroute users to an unsecured proxy server.
Heartbleed was a serious vulnerability found within the heartbeat extensions of the OpenSSL library, which tricked servers into leaking information that would otherwise be privileged. It allowed attackers to gain access to private encryption keys for servers and it was possible for them to impersonate the server under attack.
Protecting your business
Disabling older protocol versions of SSL/TSL can limit the chances of your business being affected by cyber attacks, and we’re here to help you do just this. Our team of experts have access to industry-leading tools and techniques that can help protect your business.
Educate your business – ask staff to limit the use of public Wi-Fi, make VPNs available for use wherever possible, and of course, encourage employees to avoid clicking on any links that look dodgy. If they’re unsure if a link is safe, it pays to have a contact person that they can easily reach out to if they want to query a link or email – this act alone could save your business a lot of heartbreak.
We can advise on how to encrypt your sensitive data on-premises, virtually, or in public cloud or hybrid environments. It takes a measured approach to ensure that you’re encrypting all digital assets, not just the obvious ones, such as the home page on your main website.
If you’re interested in having a chat about how we can help, reach out today.
If you liked this article, you may also like:
Action plan: what to do when your devices are lost or stolen
The IT manager’s survival guide for the future: our top five tips
Insider threats: types and attack detection you need to know for prevention
