DHS(Department of Homeland Security) has released an alert regarding a new cybersecurity threat. The latest threat states that all systems behind HTTPS(Hypertext Transfer Protocol Secure) are possibly a major concern. Many businesses and organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS connections to malicious servers.
What this means
All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected.
Hypertext Transfer Protocol Secure(HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. Because the HTTPS inspection product manages the protocols, the product must perform the necessary HTTPS validations. Failure to perform proper validation or adequately convey the validation status increases the probability that the client will fall victim to man-in-the-middle(MiTM) attacks by malicious third parties.
HTTPS inspection works by intercepting the HTTPS network traffic and performing a MiTM attack on the connection. In MiTM attacks, sensitive client data can be transmitted to a malicious party spoofing the intended server. In order to perform HTTPS inspection without presenting client warnings, administrators must install trusted certificates on client devices. Browsers and other client applications use this certificate to validate encrypted connections created by the HTTPS inspection product.
Solution
Businesses using an HTTPS inspection product should verify that their product properly validates certificate chains and passes any warnings or errors to the client.
To learn more about how your business can be protected, contact us today.
