SSL was introduced in 1994 and TLS in 1999 in response to growing concerns on the security of data being transmitted over the internet. However, the very protocol that was heralded as the ultimate cyber guard has ironically become an increasingly popular tool for cybercriminals to hide their nefarious acts. SSL encrypted traffic is often not inspected by organizations because it is assumed to come from trusted sources, however, that is no longer the case. While great for privacy, SSL is becoming a significant blind spot for companies as the percentage of encrypted traffic has risen sharply over the years. And, while obtaining the digital certificates for SSL used to require a rigorous vetting process for web sites, they can now be more easily obtained, in some cases, for free. In this bi-annual research update, Zscaler ThreatLabZ examines SSL trends for the latter half of 2017. As the amount of SSL traffic continues to grow, cybercriminals are increasingly using encryption to launch and hide attacks, and free certificates have become an easy disguise for attackers. According to Google’s Transparency Report, during the month of December the percentage of pages loaded over HTTPS in Chrome in the US was nearly 80 percent, while on December 1, 2017, Mozilla reported that 66.5% of all pages loaded on Firefox were using HTTPS. In fact, since July 2017, the amount of SSL encrypted traffic on the Zscaler Cloud has increased by 10% to a total of 70% of all web traffic.
This is a Security Bloggers Network syndicated blog post authored by Naresh.Kumar@zscaler.com. Read the original post at: Research Blog