SC Mag had an exclusive: Threat actors are "playing by the rules", or at least tricking your browser into thinking they are, in order to deliver more effective attacks.
Wandera researchers noticed an increase in threat actors leveraging HTTPS and SSL certificates to “secure” their phishing sites leading to 60 percent of their monitored malicious traffic being encrypted using HTTPS.
Over 1,150 new HTTPS phishing sites over the course of one day
Researchers discovered over 1,150 new HTTPS phishing sites over the course of one day, not including the plethora of the malicious HTTP phishing URLs that we already know exist meaning a new secure phishing site goes up every two minutes.
“Seeing a padlock in the URL bar used to be a reliable safety check but because the vast majority of websites now use encryption, hackers are also ‘securing’ their sites to lure victims into a false sense of security,” researchers said in a SC Media exclusive. “These days, there is no real barrier to entry for getting an SSL certificate, which means it’s incredibly simple for hackers to obtain them while keeping their tracks covered.”
Some certificate issuers are even offering SSL certificates without requiring payments or genuine personal identifiable information needing to exchange hands. Threat actors are also using domain control validation, in which only the control of the subject has been verified, to hide their identity.
Organization validation involves checking that the identity of the company behind the domains was checked against registers, while extended Validation requires the strongest, most rigorous checks of the company identity making it harder for threat actors to spoof. Full Story
It's a must to step your users through new-school security awareness training.