Threat: These days, pretty much everyone knows that you can browse HTTPS sites backed by SSL certification with much more confidence than ordinary URLs. Sadly, cybercriminals are well aware of that fact too.
“The bad guys have figured out that you’re not going to go to a site if a big warning comes up in your browser which says ‘invalid certificate’ or ‘not an HTTPS site,’” says Lonas. As a result, he continues, hackers have begun setting up HTTPS sites of their own. Indeed, 93 percent of phishing domains identified by Webroot last September and October offered HTTPS.
“There’s all these sites now where you can get a free [SSL] certificate or a very cheap certificate,” Lonas notes.
Countermeasure: For now, according to Lonas, the best defense against fake HTTPS sites is a good endpoint security system, which should protect users from malicious payloads waiting for them on arrival. Longer term, he adds, Webroot and other vendors will get progressively better at sniffing out questionable SSL certificates from fly-by-night issuers.
“Not all certificates are created equal,” Lonas observes.
More Galleries like This
At the managed services vendor’s Navigate conference this week, CEO Michael George (pictured) walked attendees through what he contends is an inescapable set of both existential threats and massive opportunities for managed service providers
Experts from SolarWinds, Trend Micro, Vade Secure, WatchGuard Technologies, and Webroot discuss five things worth worrying about online, and suggested countermeasures for mitigating them.
If you simply can’t get enough vendor news from this year’s CompTIA ChannelCon event you’re in luck. We’ve got one last round of updates for you from ESET, ID Agent, Intermedia, and Barracuda MSP.
Datto, NinjaRMM, The 20, Connect Booster, SOCSoter, and Nexogy share details on what's happening now and what's coming up next for channel pros.
Intel, Kaspersky Lab, Barracuda, AlienVault, and RapidFire Tools are among the many vendors who made security news on the second day of this year’s RSA Conference.