Access your Pro+ Content below.
Interception threatens TLS security; now what?
As global cyberattacks have exploded in recent months, the speed of infection is causing damage, not only to targeted industries and nation states, but to corporate valuations. In June, FedEx warned that the Petya cyberattack, which disrupted operations at its TNT Express subsidiary, may have "material impact" on the company's 2017 financial performance. Merck & Co. Inc., another victim of the cyberattack, issued a similar warning. A Trojan that morphed into a worm, Petya -- sometimes called NotPetya -- brought increased attention to the lack of security fundamentals practiced at major companies.
The majority of these threats enter networks through malware delivered via the internet. However, as the growth of HTTPS deployment continues, some companies are increasingly using Transport Layer Security (TLS) interception by middleboxes to maintain visibility into TLS security and malicious software. Researchers from top universities and technology companies, including Google, Mozilla and Cloudflare, published an HTTPS interception study in April that offered startling statistics on TLS security.
In this issue of Information Security magazine, we look at how worms play a role in advanced persistent threats and the ongoing issues related to HTTPS inspection and TLS security.
Access this PRO+ Content for Free!
Features in this issue
Should products intercept Transport Layer Security connections to gain visibility into network traffic? A new study by researchers and U.S.-CERT warn against it.
With years of cybersecurity and military IT experience, the District of Columbia's first information security officer brings a well-developed toolkit to the job.
A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission.
Columns in this issue
Security is a hot topic for media outlets that report on stock markets as companies founder on corporate earnings. The financial fallout of global malware is a call to action.
The CEO of a global pen tester used to work for the New York Yankees. Find out how Jennifer Steffens went from sports marketing to head of a security service provider.