Only a third of applications offer SSL encryption, while many network administrators are unaware of what applications on their networks use unpatched versions of OpenSSL.
The report by Palo Alto Networks found that while only a third of applications (539 of 2,076 applications observed) communicated over SSL, 27 per cent of all applications it found within the assessments can use SSL to communicate in the dark, and this was most common in management, file sharing and photo and video applications.
Asked if he was surprised that not all applications are now offering SSL encryption, TK Keanini, CTO of Lancope, said: “SSL (or TLS) should be on by default on every application. Nothing and no one in the middle of two communicating applications should be able to see the payload of the transmission.
“There is just no good reason why any transit device needs to get at the payload of the session. Programmers who don’t use a security network transport are just uneducated to the threat models they should have considered in their design.”
Sean Power, security operations manager at DOSarrest said that in his day to day life, there is some information he wanted to remain private, and other information he was fine with being passed in the open.
Asked if he felt that the OpenSSL bug had concerned some people about SSL, and even put people off using it, Power said: “Heartbleed was a major security concern and it had a major impact. The reality is that bugs and flaws happen in software, some with greater impact than others. SSL is currently the most secure way of communicating over the internet and abandoning it to go with a different mechanism that has greater (but less well known) flaws is not a sound choice.”
However the report said that SSL brings the benefit of privacy, but also the risk of hiding malicious activity and the risk of compromise via the Heartbleed vulnerability. Also businesses have no way of being certain that the traffic within the encrypted channels is free of malicious activity, as attackers are also using SSL, but also FTP, RDP and netbios to mask their activities as they work to exploit a system.
Keanini said: “Securing the network transport is such a good design decision that most of the adversaries use SSL (or TLS) to secure their transport protocols when they are operating on your network. Great technology does not know the difference between good and evil.”
Examining logs over a 12 month span, the Palo Alto Networks report found that common sharing applications such as email, social media and video remain favoured vehicles for delivering attacks, but are often the start of multi-phased attacks rather than the focus of threat activity.
Matt Keil, senior research analyst at Palo Alto Networks, said: “Most significant network breaches start with an application such as email delivering an exploit. Then, once on the network, attackers use other applications or services to continue their malicious activity – in essence, hiding in plain sight. Knowing how cyber criminals exploit applications will help enterprises make more informed decisions when it comes to protecting their organisations from attacks.”
