Skip to main content

Featured

They use new tricks to sneak malware using TLS encryption

Hackers are constantly updating their attacks and searching out new strategies to contaminate victims' systems and obtain their purpose. This time we echo new hints that take advantage of TLS encryption to sneak malware. A hassle that could severely compromise teams and that we ought to keep away from. We can even deliver a few exciting hints to improve safety whilst browsing .  They take advantage of TLS encryption to sneak malware TLS is the acronym for Transport Layer Security, which in Spanish may be translated as transport layer security. It is used to provide comfortable and encrypted communications in the community. Something fundamental these days to keep away from troubles whilst getting into an internet site and no longer compromise our privateness.  However, this is precisely what cybercriminals are taking advantage of to carry out their attacks. There has been a big increase in malware that takes advantage of TLS encryption. In the event that we browse an unencryp

SSL Stripping attacks. How to avoid them?



SSL stripping attacks, or also known as "SSL strip," are one of the lesser-known risks when it comes to surfing the Internet, but they can pose a serious danger to all users who do not take precautions when connecting to the Internet because they could face information theft, bank account theft and even impersonating us. Today in RedesZone, we are going to see in detail what the popular SSL stripping attack consists of, what the risks are if we do not takethe necessary precautions, and what we can do to prevent this dangerous cyberattack 

What is SSL Stripping?

When we surf the Internet, we can do it with the HTTP protocol, where all the information is sent and received in clear text, so it is very dangerous to use it because a cyber attacker could put me in the middle of the communication to read all the information and even modify it on the fly, with the aim of harming us. With the launch of the HTTPS protocol, which works on the TLS protocol that provides us with confidentiality, authentication, integrity, mass email and non-repudiation, this is already more complicated because all traffic is encrypted end-to-end from the web browser to the webserver. Furthermore, all communication is authenticated thanks to the SSL / TLS certificate of the webserver. 

The SSL Strip is a type of cyberattack that tries to take over a user's data when accessing a web address protected by an SSL / TLS certificate; that is when we are using the HTTPS application layer protocol. To do this, this technique uses an intermediary attack, also known as "Man in the Middle," where the information sent by the user is intercepted before it becomes encrypted, thanks to the HTTPS protocol of the webserver. This allows you to get hold of critical private data, usually login credentials or banking information.  

How does the SSL Strip work?

SSL Stripping attacks typically occur through a Man in the Middle attack where a cybercriminal impersonates a legitimate network, for example, by creating a fake WiFi hotspot or access point in a coffee shop or library. Through this type of attack, the cybercriminal is able to intercept the data sent by users in certain browsers and websites before the SSL / TLS protocol of HTTPS communication encrypts them, without the website or the user detecting any anomaly. Or notice via a web browser.

This same attack could be carried out if we connect to any network; it is not necessary for the cybercriminal to create the false access point because it can execute an ARP Spoofing attack to "trick" the victim into believing that the cyber attacker is the router or default gateway, in this way, all traffic will also go through the attacker's computer to be able to read and even modify all the information. 

Weak points in unprotected websites

The SSL Strip is a type of attack that works on all websites that have not activated the HSTS protocol and if we do not have the HSTS cookie installed in the browser. This protocol forces all communications to always work over HTTPS because when carrying out this attack, the user's web browser will see that it is not communicating with the web through HTTPS but through HTTP. In this way, a cybercriminal can receive unencrypted data from a user who browses any of the web pages and be able to appropriate the user's data.

How to avoid SSL Strip attacks?

There are several ways to avoid this type of attack, and they vary depending on whether you are visiting a website or if you manage one. 

 

Popular Posts