Threat: These days, pretty much everyone knows that you can browse HTTPS sites backed by SSL certification with much more confidence than ordinary URLs. Sadly, cybercriminals are well aware of that fact too.
“The bad guys have figured out that you’re not going to go to a site if a big warning comes up in your browser which says ‘invalid certificate’ or ‘not an HTTPS site,’” says Lonas. As a result, he continues, hackers have begun setting up HTTPS sites of their own. Indeed, 93 percent of phishing domains identified by Webroot last September and October offered HTTPS.
“There’s all these sites now where you can get a free [SSL] certificate or a very cheap certificate,” Lonas notes.
Countermeasure: For now, according to Lonas, the best defense against fake HTTPS sites is a good endpoint security system, which should protect users from malicious payloads waiting for them on arrival. Longer term, he adds, Webroot and other vendors will get progressively better at sniffing out questionable SSL certificates from fly-by-night issuers.
“Not all certificates are created equal,” Lonas observes.
More Galleries like This
CharTec, CloudJumper, Connect Booster, EventTracker, Liongard, and newcomer RocketCyber all used the recently concluded conference as a launching pad for news about new solutions and services.
An updated security awareness training solution from Webroot, an enhanced SD-WAN solution from Citrix, and a forthcoming mobile DNS filtering product from WatchGuard are our final trio of product-related stories from last week’s giant security confab.
Experts from SolarWinds, Trend Micro, Vade Secure, WatchGuard Technologies, and Webroot discuss five things worth worrying about online, and suggested countermeasures for mitigating them.
Held last week in Los Angeles, the first of the distributor’s live events for 2018 showcased mobility, security, IoT, and vertical industry solutions, among other opportunities, as hot markets for SMB resellers in 2018
If you simply can’t get enough vendor news from this year’s CompTIA ChannelCon event you’re in luck. We’ve got one last round of updates for you from ESET, ID Agent, Intermedia, and Barracuda MSP.