"When you're encrypting the traffic and giving the keys only to the owner of the traffic, it provides a specific door for attackers to walk right in,” stated Eva Abergel, the Senior Solution Expert at Radware.
In this episode of The Security Strategist Podcast, Richard Stiennon, the Chief Research Analyst at IT-Harvest, an author and a trusted cybersecurity advisor, speaks with Abergel about how Hypertext Transfer Protocol Secure (HTTPS) encryption is creating new challenges for cybersecurity professionals.
They also talked about how DDoS attacks have changed to take advantage of new weaknesses that are hidden in plain sight within encrypted traffic. They discussed what organisations need to do to improve their defences.
HTTPS Encryption Creating Challenges for Defenders
Hypertext Transfer Protocol Secure (HTTPS) encryption is known to have made the internet safer, especially from DDoS attacks. However, it has also created new opportunities for attackers. Threat actors in the modern day are leveraging encrypted traffic to camouflage malicious activity. Unfortunately, traditional cybersecurity tools have been unsuccessful at spotting and blocking these hidden attacks. This is simply because they cannot decrypt the data of such modern-day cyber breaches.
Abergel says that unless an organisation can decrypt the traffic, it cannot see what's inside, allowing sophisticated DDoS attacks to go undetected. This presents a dilemma for IT decision-makers, as they are understandably reluctant to surrender the "keys to their castle" by allowing a third party to decrypt their protection walls.
Especially, with the rise of “tsunami attacks”, in other words, DDoS attacks, the network layer becomes more vulnerable. Attackers deliberately target the application layer of a protected network to overwhelm the application, not the entire network.
Essentially, hackers take advantage of a grey area in cybersecurity, explains Abergel. "WAFs are not equipped to deal with sophisticated web DDoS attacks. And network layer mechanisms and defences for DDoS attacks cannot recognise a DDoS attack on the application layer only by looking at the network layer."
This means attackers found a comfortable and effective spot to launch their campaigns, often without severe consequences.
Also Watch: From Prompt Injection to Agentic AI: The New Frontier of Cyber Threats
How to Protect Your Business Without Compromising Your Keys
What is the solution when an organisation can't share their encryption keys? This is a major concern, especially for regulated industries that are legally prohibited from sharing this sensitive information to even the most trusted cybersecurity firms.
To learn more about the solution, and how Radware can help you defend against modern cybersecurity threats, watch the podcast on EM360tech.com. You can watch the video version on our YouTube channel, @EM360Tech, or listen to the audio version on EM360Tech’s Spotify series, The Security Strategist podcast.
Takeaways
- DDoS attacks have evolved significantly since their inception.
- HTTPS encryption, while beneficial, has created new vulnerabilities.
- Modern DDoS attacks often mimic legitimate traffic, complicating detection.
- AI is accelerating the sophistication of DDoS attacks.
- Organisations must balance user experience with security measures.
- The financial sector faces severe consequences from DDoS downtime.
- Solutions exist that do not require sharing encryption keys.
- CISOs should seek tailored solutions for their specific needs.
- Understanding the threat landscape is crucial for effective defence.
- Proactive measures are essential to stay ahead of evolving threats.
Chapters
- 00:00 Introduction to DDoS Attacks and Their Evolution
- 02:52 The Impact of HTTPS on DDoS Attacks
- 06:08 Modern DDoS Attacks: Scale and Sophistication
- 08:46 AI's Role in DDoS Attacks
- 12:05 Challenges in Mitigating Application Layer DDoS Attacks
- 14:58 Finding Solutions Without Decryption Keys
- 17:02 Key Takeaways for IT Decision Makers
Comments ( 0 )