With every passing day, more and more websites are moving towards SSL. With each month, there is a new milestone from of mass migration from HTTP to HTTPS. More and more websites are adopting SSL/TLS and making the connections and communication safe. On the other hand, threat of phishing sites with SSLs is also increasing. It is reported that more than half of phishing websites are now using HTTPs. While it will become extremely important to move towards HTTPs but there will still be increasing chances of industry being plagued with threat of phishing sites with SSLs.
Half of the phishing sites use HTTPS
In order to make sites look more genuine and trustworthy, scammers enable HTTPS with the website’s URL. They get hold of SSL/TLS by using fake documents and records and make their site look secured for transactions. The phishing through HTTPS has increased exponentially in the past few years. It is an estimate that more than 1.5 million new phishing websites are created in every month. The data from Phish Labs show that in 2017, the phishing was 25% but uptil the end of 2018, it doubles and reached to around 49%. The growing threat of phishing sites with SSLs is all the more increasing rather than getting in control.
Getting HTTPS for websites is becoming easier day by day. All over the globe, the industry is widely pushing towards HTTPS and they are no signs of abating the provided ubiquity of free Domain Validated SSL/TLS certificates. It is worthy to mention here that there is no harm in getting the free SSL certificates. With so much of the word for securing websites, there may not be an economic gatekeeper to keep away from HTTPS. The main issue today is that how HTTPS is now being framed. And getting easier for scammers who are massively growing threat of phishing sites with SSLs
How the padlock and HTTPS deceive
Unfortunately, the symbols of security, specifically the little green padlock is synonymous with HTTPS, have not been able to accomplish the goal to what they were intended to do. Let me explain it to you from the start. The green padlock gives you a feeling that the connection your device is making with the server hosting the website or application you’re visiting will be encrypted and secure. In this way, any data that is being transferred between you and the party. At the other end of that connection exchange will be safe. From all this, you deduce that there can be no attackers or third parties that may be attempting to eavesdrop on said connection.
Organization validation is an extremely important step performed by Certificate Authority. Without any sort of organization authentication, there is no guarantee about who the party on the other end of that connection is. The attackers and scammers can use HTTPS, too. In a way, the green padlock does show that your connection will be secure; there are no 100 percent guarantees about your safety on that website or what the party on the other end of the connection may do with the data you send. To be sure, you must check the Symantec Secure Site Pro Wildcard bought by the party.
Why companies adopted SSLs
Back in 2014, Google introduced that it was once adding HTTPS as a rating signal. Since this announcement, the significance of adding HTTPS has increased overwhelmingly. According to some experts and research, it is estimated that HTTPS can provide a boost up to 5%. The announcement made marketers passionate towards getting their websites secure. They want to know how SSL can boost SEO rankings and Symantec Secure Site Multi-Domain Wildcard is best for them. Marketers want to learn how the SSL can improve the user experience. Websites that are covered with HTTPS had a greater likelihood of appearing in search results than websites that didn’t. The latest releases of Chrome and Firefox took the initiative to warn users that sites are not secure unless served over HTTPS. These and similar steps for website security sent a message to everyday Internet users that HTTPS websites could be trusted and encouraged businesses to adopt HTTPS. The adoption not only increased rankings but also the security at both ends. Despite of all these steps for wesite security, threat of phishing sites with SSLs has increased. Let’s read below to know how all it happened.
How cybercriminals misused the SSL and shift towards HTTPS
All in time of webmasters shifting their websites to SSLs, it became easier for cybercriminals to create websites with the HTTPS distinction. The Certificate authorities always welcome companies and organizations that say “Let’s Encrypt the websites” . The Certificate Authority allow developers, engineers and disguised attackers to enable and auto-renew HTTPS for their sites, regardless of whether or not they host legitimate content. This step enormously increases threat of phishing sites with SSLs. From Reductor to Godlua and various other variants, it has become known to all vigilant webmasters that new types of malware are being secreted behind the green padlock that was once considered as secure.
What the Figures Say
To break down the threat of phishing sites with SSLs in HTTPS websites, researchers did analysis. They found 47.1% of the sites are running vulnerable server software. For instance, the older versions of Apache, Drupal, or WordPress. They also learned that 41.5% of HTTPS websites are uncategorized, and around 10.8% are phishing websites. It is estimated that around 67% of non-browser traffic — that is typically generated by endpoint agents, downloading updates but also includes command-and-control callbacks from infected devices — is over SSL. A major part of about 92% of the emailed links that users clicked were served over HTTPS, this includes both known and unknown phishing websites.
Organizations in some areas shy away from SSL inspection for privacy reasons. Many businesses still avoid it because they have their own performance problems. Commonly, at the time of SSL decryption. The throughput of on-premises proxies and next-gen firewalls to drop by a factor or five or more. For having the same throughput with same number of employees that are using the Web. The business would need five times more devices and retain performance.