This article originally appeared in Information Security Buzz on March 4, 2019.
Encryption is being leveraged by cybercriminals to evade security according to the July-December 2018 Crimeware Trends report put out by security researchers at Gigamon.
Usman Rahim, Digital Security & Operations Manager at The Media Trust:
“Companies that are truly committed to putting customers first need to take a layered approach to protecting their website and mobile app users. Encryption is still important, but it should be combined with other security measures, like continuously scanning these digital assets to identify and root out any unauthorized code. Why? Because third party code for plugins, content recommendations, payment processing, chat boxes, etc., fall outside the scope of encryption. Since an average of 80% of code running on a website or mobile app is owned and operated, only 20% of code is secured by encryption. Recently, malicious actors have hit the jackpot by injecting skimmer code into payment pages, the majority of which are enabled by third-party code. While the victimized sites were encrypted, third-party code enabling those payment pages lay outside of the website operators’ IT infrastructure. In the near future, innovative malware developers will apply skimmer code anywhere users enter or retrieve their information. It’s worth noting that there are domains with SSL certificates that trick users into downloading malicious files or that redirect them to domains that host/deliver malware.”