Warning! HTTPS Domains are Now Being Used by Cybercriminals


Source: https://commons.wikimedia.org/wiki/File:HTTPS_icon.png

PhishLabs conducted a survey in November 2017. One of the questions was:

Source: https://info.phishlabs.com/blog/have-we-conditioned-web-users-to-be-phished

The correct answer is, of course, “encrypted communication,” and only 18% answered correctly.

What is HTTPS?

Literally, HTTP stands for HyperText Transfer Protocol, and it is a procedure developed by network administrators for exchanging information.

Unfortunately, while exchanging information on the internet became easier for everyone, it also became easier for hackers to intercept information.  Thus, HTTPS [HyperText Transfer Protocol Secure] was developed to increase the degree of secure transfer and includes the implementation of an SSL Certificate.

With HTTPS, the traffic between the web server and a user’s browser is encrypted prior to transfer and decrypted after transfer. This prevents users from unknowingly exposing sensitive information and helps prevent hackers from gaining access to data.

Unfortunately, hackers have now found a way to go around this. In January 2017, Firefox and Chrome began alerting users when they put in sensitive information, such as credit card details or passwords on a non-HTTPS web page. By October, Google began displaying a “Not Secure” label in the URL bar every time a user enters text on a non-HTTPS site.

Not surprisingly, according to a respected cybercrime blog [PhishLabs], there was a push last year for more widespread adoption of HTTPS in an effort to increase the number of websites that safely transmit information on the internet.

As a result, there was a significant increase in the number of web pages using HTTPS. In fact, 65% of web pages loaded by Firefox in November 2017 used HTTPS compared to only 45% at the last quarter of 2016.

Cybercriminals, therefore, decided to use these trends to their advantage. PhishLabs found 25% of phishing campaigns identified in the third quarter of 2017 were using HTTPS websites to deceive internet users that they are legitimate.

PhishLabs threat intelligence manager Crane Hassold said they “observed nearly a quarter of all phishing sites hosted on HTTPS domains, nearly double the percentage we saw in the second quarter.”

Hassold added, “A year ago, less than three percent of phish were hosted on websites using SSL certificates. Two years ago, this figure was less than one percent.”

Hassold explains that majority of SSL certificates used in HTTPS phishing attacks are obtained for free from automated and open certificate authorities like Let’s Encrypt and Comodo. Technically, however, these certificates are not required to create phishing sites.

So, why go through all the trouble of obtaining an SSL certificate?

The HTTPS designation makes the phishing site look legitimate to potential victims thus making hackers more successful in their attempts to obtain sensitive information without users being aware of it.

Years ago, obtaining HTTPS certification was not easy. Website owners needed to invest significant time and money to earn an SSL certificate.

Any user can fall victim to these phishing sites if not careful. Employees with access to a large volume of customer information, therefore, should know how to identify these phishing sites.


How can organizations avoid HTTPS sites used by cybercriminals?

  1. Educate all employees on how to use the web securely.


Netswitch can help organizations train employees on how to prevent data breaches. We provide solutions such as VeriPhiTM  anti-phishing e-mail protection, an automated e-mail protection technology that uses advanced IP and Domain analytics to uncover phishing attempts and block them before they become a breach. We also offer Managed Security Services and other solutions.


  1. Explain what HTTPS is and make sure that everyone understands that this designation and the green padlock icon is not an indication that a web page or site is secure.


  1. Invest in security tools for times when your employees make mistakes. It is a fact that employees will make mistakes regardless of the education and training they receive.


  1. Your organization’s internal development processes need to be analyzed to make sure all internal applications are not easily exploited whether they contain employee or customer information.


Netswitch offers Security Assessment Services which focus on examining the security posture of a company’s attack surfaces to ensure that the perimeter is properly defended and that the company’s network is secure and free from malicious infection.


  1. Consult cybersecurity experts at Netswitch who can help you develop a security strategy that works for the organization.


At Netswitch we help organizations develop and implement their cybersecurity strategy and solutions that fit their goals.  Please contact us today for more details.

The post Warning! HTTPS Domains are Now Being Used by Cybercriminals appeared first on Netswitch Technology Management.

This is a Security Bloggers Network syndicated blog post authored by Press Release. Read the original post at: News and Views – Netswitch Technology Management