SSL Does Not Mean A Website Is Secure

Most of the traffic that goes in and out of your network is SSL encrypted. The SSL encryption can defend against hackers who’re trying to intrude on your internet activity and also protect your data. But does SSL mean a website is secure? No, SSL certified does not mean a site is safe; even cybercriminals use encryption now. They use SSL to hide malware, and if your firewall isn’t scanning SSL-encrypted traffic, then your network is vulnerable.

In this article, our cybersecurity experts from Perth will help you to understand more about the SSL certificate and how to protect yourself from the hidden dangers in SSL sites.

What is an SSL Certificate?

Any site or application that requires to transfer sensitive information such as passwords, credit card numbers, and other financial data must have their site encrypted.

In brief, an SSL (Secure Socket Layer) Certificate is a data file that enables encrypted communication between a web browser, and a web server. When a web server is installed with an SSL certificate, the information will be sent through port 443 using the https protocol.

Websites installed with an SSL certificate have a padlock next to the web address and begin with https instead of http. This means the data transmitted is encrypted. Third parties can’t access the data you enter when connected to the website. The SSL Certificate lets the website visitor know that the site belongs to a specific organisation.

Google, Facebook and Twitter use SSL certification, and that’s why you see a padlock next to the URL when you visit those sites. You can see the owner of the site by clicking on the padlock and will know that ownership has been verified.

How do phishing websites obtain SSL Certificates?

To understand how phishing websites obtain SSL Certificates and encrypt malware with SSL, we need to look at the Transport Layer Security. TLS refers to the encryption process that goes on behind SSL.

Google says that 93% of the internet is now encrypted. These encrypted sites are all designed to be locked to all outside parties, including firewalls that don’t support SSL decryption. So, hackers cannot directly inject malware into existing streams of HTTPS content. For example, when you are shopping on SSL encrypted site and enter your credit card details to make a purchase, that information is encrypted. Hence, when a hacker attempts to modify the traffic and inject malware, the request will be automatically rejected because your browser will notice the modified keys.

Unfortunately, cybercriminals can also obtain an SSL Certificate for their site that contains malware. Legitimate SSL certificates are not expensive, and many certificate authorities do not have a particular inspecting process. These factors make it easier for cybercriminals to get an SSL certificate without using any financial information that could be utilised to trace them.

Another means that criminals use to deliver SSL malware is by using SSL certificates on phishing sites to look like a legitimate website. The attacker will send a series of fraudulent emails which resemble the emails from a reputable source to the target’s system. When a recipient clicks on a link in the email, they will be directed to a website with an SSL certificate, but is actually a fraudulent site. The attacker can inject malware into encrypted traffic and try to avoid the firewall system.

These types of attack are becoming more prevalent. Many visitors are fooled into thinking the website with SSL certificate is genuine since SSL certificates are widely seen as a means to check whether a website can be trusted.

It is essential to understand that a website with a valid SSL certificate does not guarantee safety. It simply assures that your requests are encrypted. Yet the actual information being transmitted can contain malicious factors, including viruses and other malware. So, you should always be on alert when visiting a new website.

Ways to Protect Yourself from encrypted malware

Here are some ways to protect against SSL malware and other threats:

• While you should make sure the site you are using is SSL enabled, it would be safer to remember that’s not sufficient to decide your network is secure.
• Always take an extra minute to ensure the site is genuine before you enter personal information or make a financial transaction.
• Add a virtual private network (VPN) to your online security regimen. It’s easily available by subscription and consists of different forms of encryption other than SSL to secure and keep your online session anonymous.
• Ensure your organisation has accurately configured firewalls and intrusion detection systems.
• Implement a robust cybersecurity software and anti-virus tools from reputable sources and update them regularly.
• Make sure your organisation is performing SSL inspection to detect threats in encrypted web traffic.

With cybersecurity incidents becoming prevalent, being vigilant is a must. SSL does not mean a website is secure. Even when an SSL connection is present, remain aware that you still can be a target of a cyberattack.

If you are looking for a sturdy cybersecurity solution to protect your organisation, contact us or email at cybersecurity@computingaustralia.group. Computing Australia, with more than 20 years of experience, can help your organisation stay protected against cyber threats. Our Cybersecurity consulting team is 24/7 available to assist you.

Jargon Buster

Port 443 – The standard port for all secured HTTP traffic which is essential for most modern web activities.

HTTP – Hypertext Transfer Protocol is a protocol for transferring hypermedia documents, such as HTML.

Encryption – The process of transforming data, or encoding, into an unreadable format for an unauthorised user. Such encoded data can be decrypted only with a key.