Threat: These days, pretty much everyone knows that you can browse HTTPS sites backed by SSL certification with much more confidence than ordinary URLs. Sadly, cybercriminals are well aware of that fact too.
“The bad guys have figured out that you’re not going to go to a site if a big warning comes up in your browser which says ‘invalid certificate’ or ‘not an HTTPS site,’” says Lonas. As a result, he continues, hackers have begun setting up HTTPS sites of their own. Indeed, 93 percent of phishing domains identified by Webroot last September and October offered HTTPS.
“There’s all these sites now where you can get a free [SSL] certificate or a very cheap certificate,” Lonas notes.
Countermeasure: For now, according to Lonas, the best defense against fake HTTPS sites is a good endpoint security system, which should protect users from malicious payloads waiting for them on arrival. Longer term, he adds, Webroot and other vendors will get progressively better at sniffing out questionable SSL certificates from fly-by-night issuers.
“Not all certificates are created equal,” Lonas observes.
More Galleries like This
All three companies published new research studies at CompTIA’s 2017 ChannelCon event today. Here are a few of their most interesting findings.
Held last week in Los Angeles, the first of the distributor’s live events for 2018 showcased mobility, security, IoT, and vertical industry solutions, among other opportunities, as hot markets for SMB resellers in 2018
Intel, Kaspersky Lab, Barracuda, AlienVault, and RapidFire Tools are among the many vendors who made security news on the second day of this year’s RSA Conference.
Auvik, Breach Secure Now!, Continuum, and Intermedia all made news at the just-concluded partner conference, much of it involving integrations with Datto solutions.
If you simply can’t get enough vendor news from this year’s CompTIA ChannelCon event you’re in luck. We’ve got one last round of updates for you from ESET, ID Agent, Intermedia, and Barracuda MSP.