2016 Security Predictions: #1 – Attacks Hidden in SSL Traffic Will Exceed Attacks in Clear Text

A10 Networks Blog

From Ashley Madison to TalkTalk and Stagefright to fishy root certificates, 2015 was a memorable—although not a devastating—year for cyber-security. We witnessed less widespread, panic-inducing vulnerabilities in 2015 than in years past; while 2014 will go down in the security history books as the year of Heartbleed, ShellShock and point-of-sale malware, 2015 was comparatively tame.

However, trends like the Internet of Things (IoT) and cloud networking did generate a host of new threats. Researchers revealed attacks that could compromise connected devices such as cameras, cars, and rifles. Stagefright was at the top of the list of mobile security risks; it allowed malicious users to exploit Android devices simply by sending a malicious MMS message.

With the blurring of network boundaries and the increasing number of connected devices, we predict even more attacks and vulnerability disclosures next year. Take a look at our top 5 security predictions for 2016.

#1: Attacks hidden in SSL traffic will exceed attacks in clear text

Over the past few years, SSL encryption has become all the rage for both application owners and hackers and for good reason. Encryption improves security by providing data confidentiality and integrity.

Unfortunately, encryption also allows hackers to conceal their exploits from security devices like firewalls, intrusion prevention systems, and data loss prevention platforms. Some of these products cannot decrypt SSL without degrading performance while others simply cannot decrypt SSL traffic at all because of their location in the network.

Today, encryption accounts for roughly one-third of all Internet traffic and it’s expected to reach two-thirds of all traffic next year when Internet powerhouses like Netflix transition to SSL. As a result, encrypted traffic will become the “go-to” way of distributing malware and executing cyber-attacks simply. Whether sharing a malicious file on a social networking site or attaching malware to an email or an instant message, many attacks will be cloaked in SSL.

On top of this threat, movements like “Let’s Encrypt” make it even easier for hackers to generate SSL certificates to sign malicious code or to host malicious HTTPS sites.

To counter the threat posed by SSL encryption, organizations can decrypt and inspect inbound and outbound traffic for cyber-attacks. A dedicated SSL inspection platform enables third-party security devices to inspect encrypted traffic and eliminate the blind spot in corporate defenses.

Check Out All of Our Security Predictions

We will be counting down a new security prediction every day for the next week.

2016 Predictions


Paul Nicholson
December 17, 2015

About Paul Nicholson

Paul Nicholson brings 24 years of experience working with Internet and security companies in the U.S. and U.K. In his current position, Nicholson is responsible for global product marketing and strategy at San Jose, Calif.-based application networking and security leader A10 Networks. Prior to A10 Networks, Nicholson held various technical and management positions at Intel, Pandesic (the Internet company from Intel and SAP), Secure Computing, and various security start-ups. READ MORE