Watchguard recently released its latest report for Q1 2020, providing analytics from 44,000 global appliances. In general, upwards of two-thirds of the total malware detected was hidden in the HTTPS encrypted tunnels to avoid traditional antivirus.
Here are the significant takeaways:
- 32 million malware variants were blocked during the reporting period
- 1.7 million network attacks were blocked during the reporting period
- 67% of malware was delivered via HTTPS connections
- 72% of malware featured zero-day malware (meaning legacy signature-based AV would have missed it)
- Read the full Watchguard report here.
HTTPS improves security by encrypting the traffic between web browsers and web servers. If someone were trying to snoop your traffic on a public Wi-Fi, for example, and the website you’re using is over HTTPS, the snooped data would appear obfuscated. If it were over HTTP (unencrypted), web traffic, form submissions, and cookies would appear in plain text to the attacker.
The new normal is that cybercriminals are using HTTPS to deliver malware and communicate with infected computers. This occurs more now because the barrier to obtaining HTTPS has been lowered due to companies like Let’s Encrypt (created by the nonprofit Internet Security Research Group), making SSL certificates free of charge. Removing the financial transaction for SSL certificates enables attackers to obtain SSL certificates without the financial transaction, which
Overall, it’s a good thing more websites are using SSL, even if it’s via a free certificate. Small businesses must recognize that as malware continues to evolve, their cybersecurity approach needs to evolve. In most cases, this needs to include an implementation of multiple security layers, of which HTTPS inspections should be included for maximal protection.
Vendors initiating the use of HTTPS inspection reported 6.9% fewer malware detections and 11.6% fewer network attacks than previous quarters. These encouraging statistics come during the unique landscape of COVID-19, during which there has been a definite increase in widespread malware attacks, COVID-themed threats, and network attacks.
With COVID-19 here to stay for the foreseeable future, it’s essential to consider how your business responds to the potential for increased threats to your network.
We recommend considering the “layers” of your cybersecurity strategy: do you have multiple layers in place to protect your network? Are you performing regular surveillance and updates to your network?
If you have questions regarding best practices for protecting your business in today’s cybersecurity landscape, please reach out to PK Tech.