Malware and HTTPS – a growing love affair

2020-02-18 13:32

If you're a regular Naked Security reader, you'll know that we've been fans of HTTPS for years.

Search engines now rate unencrypted sites lower than encrypted equivalents, and browsers do their best to warn you away from sites that won't talk HTTP. Even the modest costs associated with acquiring the cryptographic certificates needed to convert your webserver from HTTP to HTTPS have dwindled to nothing.

Of course, HTTPS only applies to the network traffic - it doesn't provide any sort of warranty for the truth, accuracy or correctness of what you ultimately see or download. An HTTPS server with malware on it, or with phishing pages, won't be prevented from committing cybercrimes by the presence of HTTPS. Nevertheless, we urge you to avoid websites that don't do HTTPS, if only to reduce the number of danger-points between the server and you.

In the paper, we didn't look at how many download sites or phishing pages are now using HTTPS, but instead at how widely malware itself is using HTTPS encryption.

The good news is that by comparing malware traffic via port 80 and port 443, SophosLabs found that the crooks are still behind the curve when it comes to HTTPS adoption.

News URL

https://nakedsecurity.sophos.com/2020/02/18/malware-and-https-a-growing-love-affair/

#http #https #malware