F5 protects against incoming and outbound malware as global phishing attacks dramatically increase
JOHANNESBURG – January 20, 2021 – The IT world saw a drastic increase in phishing and spear phishing attacks last year, driven by the threat of a worldwide pandemic seeing nations under quarantine or lockdown; work from home mandates; and contemporary political events.
In a recent blog entry, F5 Principal Product Marketing Manager Jay Kelley examines modern threats in the context of F5 Labs' recent Phishing and Fraud Report, as well as how organisations can better protect users, applications and data. F5 Networks makes apps operate faster, better and more safely for the world’s largest businesses, service providers, governments and consumer brands.
Kelley notes: “Even the announcement of vaccines to address COVID-19 being ready is being leveraged to… spread malware and other malicious attack vectors, and steal user and corporate information or enable illicit access to sensitive networks, clouds, applications, and data.”
One of the reasons most cited for the recent explosion in phishing attacks, Kelley says, has been the work-from-home arrangements precipitated by the COVID-19 pandemic. He explains that there is a strong likelihood that people working remotely would be both under increased work pressure and, at the same time, more ready to let down their guard. As a result, remote workers are more likely to begin clicking on links in almost any email, even those that might normally raise suspicion.
He says attackers also know that those working from home might be using bring-your-own-device (BYOD) products that would not have the tools typically used by organisations to protect them from attacks like phishing. Attackers and hackers are also often correct in thinking that home-based workers might not have enough bandwidth to keep security software running or updated, he adds, and that they may turn off or miss updates to their security software.
Furthermore, attackers are able to weaponise the use of encryption in phishing attacks. Kelley notes: “As phishing attacks have rapidly increased, the number of phishing sites using encryption has kept pace. According to the F5 Labs recent Phishing and Fraud Report 2020, nearly 72 percent of phishing links send victims to HTTPS encrypted websites. That means that the vast majority of malicious phishing sites now appear to be valid, credible websites that can easily fool even the savviest employee. This data has been corroborated by research from other reports as well.”
Marcel Fouché, Networking and Storage General Manager at value-added distributor Networks Unlimited Africa, a channel partner of F5 in sub-Saharan Africa, says: “Finding threats in encrypted traffic isn’t easy. If traffic is encrypted, it needs to be decrypted before it can be checked for malware and other malignant codes.
“At the same time, government privacy regulations such as the General Data Protection Regulation (GDPR) in the European Union and our local Protection of Personal Information Act (POPIA) mean that the decryption of personal user information, such as financial or healthcare data, is frequently forbidden by law. Therefore, any decryption of encrypted traffic needs to be done in such a way that these privacy issues are addressed, in order to protect the organisation from legal action and serious fines.
“Another issue with malware and encryption is that of encrypted traffic leaving an organisation’s site with stolen data for an encrypted ‘drop zone’, or reaching out to a command-and-control (C2) server for more instructions, or prompts to unleash further attacks.”
Kelley notes: “Today, in order to halt encrypted threats borne by phishing attacks, organisations need to inspect all incoming SSL / TLS traffic to ensure that any malicious or possible phishing-initiated web traffic is stopped and eliminated. But that inspection must include the ability to intelligently bypass decrypting encrypted traffic that contains sensitive user information, such as financial or health-related information.
“In addition, today’s organisations need to either outright block or at least monitor non-standard outbound web ports to stop malware from encrypted communications with C2 and drop zone servers, to stop data exfiltration or attack triggers. There are also other key things to consider, as well, such as the type of encryption supported by devices in the security stack… Without these protections in place, in addition to security awareness training and email security or anti-phishing solutions implemented, organisations are leaving themselves open to attacks and breaches, and the theft of critical corporate and user data.”
Happily, notes Fouché, there is a solution. “The F5 SSL Orchestrator can eliminate the security blind spot delivered with encrypted traffic, as well as being able to deal with the issue of attempts at critical data being exfiltrated and stolen.”
F5 makes apps operate faster, smarter, and safer for the world’s largest businesses, service providers, governments, and consumer brands. F5 delivers cloud and security solutions that enable organisations to embrace the application infrastructure they choose without sacrificing speed and control. For more information, go to f5.com.
About Networks Unlimited Africa
Networks Unlimited is a value-added distributor, committed to empowering African businesses through innovative technology solutions. Our focus includes the world's leading security, networking, storage, enterprise system management (ESM) and cloud technologies. As a company, we are dedicated to taking our partner ecosystem to new heights. We support our partners through operational excellence, a competitive pricing strategy and strong focus on education, with the view of investing in long-term relationships. We work with competitive, resilient businesses, who are leaders in their field of excellence.
Our offerings include a portfolio of products highly regarded by Gartner, such as Altaro, Attivo Networks, Carbon Black, Cofense, Fortinet, F5, Hitachi Vantara, NETSCOUT, NVIDIA, ProLabs, RSA, Rubrik, SentinelOne, SevOne, Silver Peak, Tenable, Tintri and Uplogix.