PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
September 2017, Vol. 19, No. 7

Interception threatens TLS security; now what?

As global cyberattacks have exploded in recent months, the speed of infection is causing damage, not only to targeted industries and nation states, but to corporate valuations. In June, FedEx warned that the Petya cyberattack, which disrupted operations at its TNT Express subsidiary, may have "material impact" on the company's 2017 financial performance. Merck & Co. Inc., another victim of the cyberattack, issued a similar warning. A Trojan that morphed into a worm, Petya -- sometimes called NotPetya -- brought increased attention to the lack of security fundamentals practiced at major companies.

The majority of these threats enter networks through malware delivered via the internet. However, as the growth of HTTPS deployment continues, some companies are increasingly using Transport Layer Security (TLS) interception by middleboxes to maintain visibility into TLS security and malicious software. Researchers from top universities and technology companies, including Google, Mozilla and Cloudflare, published an HTTPS interception study in April that offered startling statistics on TLS security.

In this issue of Information Security magazine, we look at how worms play a role in advanced persistent threats and the ongoing issues related to HTTPS inspection and TLS security.

Features in this issue

Columns in this issue

More PRO+ Content

View All