SSL Malware

SSL Encryption: A Hidden Online Security Threat

Most businesses that have been around for any length of time will be aware that the next online security threat is just around the corner. 

Encryption has long been the byword of IT security teams and making sure your business has a SSL certificate is one way to demonstrate to customers that you are safe to deal with. 

If the stats are to be believed, some 93% of the internet is currently encrypted. This basically ensures that any information you send to and from a machine can’t be intercepted, read and stolen. 

The trouble is that hackers and malware producers are starting to use SSL encryption themselves to hide their nefarious programs. This online security threat presents a real problem for businesses and is one that needs to be taken seriously. 

How SSL Encryption is Used by Cybercriminals.

In the normal process of identifying a threat, virus and cybersecurity measures ensure that any changes made by hackers are spotted and the transaction or process rejected. 

There are two ways that cybercriminals are currently using SSL, however:

  • They get a free SSL certificate for a site that has malware on it. 
  • The SSL certificate is used for a phishing site which delivers malware to a victim’s computer while they think they are visiting a reputable site. The process is initiated by sending out phishing emails. 

How Do You Protect Your Business?

For a start,  while you should always look for the SSL padlock, you shouldn’t take this as full confirmation that the site is secure and there is no online security threat. 

Check with your IT support that you are using approaches such as deep packet inspection and SSL inspection to give you more chance of identifying threats. You also need to be more aware when performing a transaction on any website. 

Finally, you need to have a strong virus inspection system in place – while not foolproof, it gives the best current protection.