Security News > 2020 > April > Cybercriminals increasingly using SSL certificates to spread malware
Recent studies have shown that cybercriminals building phishing sites now use SSL as well, complicating efforts by enterprises to keep their employees safe.
The Menlo Security research revealed that while 96.7% of all user-initiated web visits are being served over https, only 57.7% of the URL links in emails turn out to be https, which means that web proxies or firewall will be oblivious to the threats unless enterprises turn on SSL inspection.
When it comes to decrypting and inspecting SSL sessions, the report said, "Many enterprises have held back partly driven out of privacy issues and partly around performance of these proxies with SSL decryption turned on. It's not uncommon for the overall throughput of these devices to drop by a factor of five or more when SSL decryption is turned on."
Of the threats on https websites, 47.1% are running vulnerable server software and 41.5% are listed as an uncategorized site 66.8% of the non-browser traffic is over SSL and, of the known threats, 90.6% of the machine-generated https sessions are to uncategorized websites, the report notes.
In an interview, Menlo Security's chief technology officer, Kowsik Guruswamy, explained that SSL decryption is usually done by on-premises appliances and what his company has found is that many enterprises have two primary reasons for not turning on SSL decryption.