Revealing the Shadows: Half of Cyber Attacks Tied to Hidden Malware in Encrypted Data
DUBAI, UAE, 1st September 2016 – A surprising outcome of the increasing utilization of encryption technology is a rise in cyber threats, according to a recent study by A10 Networks (NYSE: ATEN), a leader in application networking and security solutions. Conducted in collaboration with the Ponemon Institute, the network security study, titled “Hidden Threats in Encrypted Traffic: A Study of North America & EMEA,” surveyed 1,023 IT and cybersecurity experts across North America and Europe, revealing the substantial obstacles these professionals face in protecting against and detecting attacks on encrypted data traversing their organizations’ infrastructures.
A growing number of companies are adopting encryption technology to safeguard their network information. However, many security directors find that the challenge of analyzing this increasing volume of encrypted data leads to compromised network performance—often a misjudged assumption shaped by specific technological and solution selections, which may incur costly consequences. The crux of the issue is that SSL encryption not only obscures data traffic from potential attackers but also from standard security measures. The encryption methods essential for securing sensitive data in transit, encompassing web transactions, emails, and mobile applications, may allow malware concealed within that encrypted traffic to evade scrutiny within an organization’s security framework.
Nearly half of the respondents (47 percent) identified the lack of adequate security tools as the primary reason for not inspecting decrypted web traffic, closely followed by insufficient resources and the risk of network performance compromise (both at 45 percent). Nevertheless, 80 percent of participants indicated that their organizations had experienced a cyber attack or malicious insider event in the past year. Almost half also reported that attackers utilized encryption to avoid detection.
While 75 percent of survey respondents acknowledge that their networks are vulnerable to malware hidden within encrypted traffic, about two-thirds admit that their organization is ill-equipped to identify harmful SSL traffic, leaving them susceptible to dangerous data breaches and potential intellectual property loss. The largest segment among the IT professionals involved in the survey operates within financial services, followed by healthcare and the public sector—three industries urgently needing to protect sensitive information.
The threat is expected to intensify as the volume of encrypted data traffic continues to rise, with most respondents anticipating that cybercriminals will bolster their use of encryption in the coming year to evade detection and bypass controls. Many organizations may find themselves unprepared, as their security frameworks struggle against significant SSL vulnerabilities.
“IT leaders must embrace a more strategic approach,” stated Dr. Chase Cunningham, director of cyber operations at A10 Networks. “Adversaries seek returns on investment just like defenders, preferring not to exert excessive effort to obtain it. Rather than aiming for perfection by attempting to execute every detail correctly, IT decision-makers can achieve greater effectiveness by concentrating on a few initiatives strategically using the best technology available. It’s akin to the cybersecurity version of a zombie marathon—if you manage to avoid being the slowest in evading the zombies, you mitigate risk.”
“The Hidden Threats in Encrypted Traffic study sheds light on critical insights regarding the malicious risks residing within contemporary corporate infrastructures,” remarked Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Our aim is to assist organizations in augmenting their understanding of threats to effectively combat vulnerabilities in their systems.”
