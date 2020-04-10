Experts On Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates

Dark Reading recently wrote about cybercriminals increasingly relying on SSL certificates to lull people into a false sense of security when clicking malicious links. The assumption that HTTPS links and the accompanying lock icon protect employees from an attack can threaten businesses without sufficient SSL inspection. Nearly 52% of the top 1 million websites were available over HTTPS in 2019, Menlo Security researchers report. Nearly all (96.7%) user-initiated online visits are served over HTTPS; however, only 57.7% of URLs in emails are HTTPS links. This means a web proxy or next-gen firewall — which many businesses have long relied on for online access visibility and control, researchers note — could miss the threats present on malicious websites if SSL inspection is not enabled.

Javvad Malik, Security Awareness Advocate,  KnowBe4
April 10, 2020
It's why it's important to layer on the human element to be able to recognize phishing attacks and report them to the IT teams.
By hiding malware and phishing sites under SSL certificates, it makes it more difficult for tools to detect and block without inspecting SSL traffic. It's why it's important to layer on the human element to be able to recognize phishing attacks and report them to the IT teams. No one offering will be able to stop all threats, which is why a layered approach that includes employees undergoing regul ....
Erich Kron, Security Awareness Advocate,  KnowBe4
April 10, 2020
Services such as Let's Encrypt allow people to get these SSL certificates easily and without cost.
For many years, we taught people to look for the lock symbol in their browser URL bar and told them that if it was missing or red, this was a sign of an untrustworthy website. Unfortunately, that advice is far less valuable in our modern world where getting an SSL certificate, the part that makes the lock appear is free, easy and automated. Services such as Let's Encrypt allow people to get these ....
