Windows News and info 15th Anniversary 2009-2024

Windows 11 | Windows 10 Modifying => Patch Tuesday| Updates | Security | Privacy | Anti-virus => Topic started by: javajolt on June 21, 2019, 11:15:59 AM

Title: Phishing Websites Increase Adoption of http
Post by: javajolt on June 21, 2019, 11:15:59 AM

(http://i.postimg.cc/K4S9QcBC/Malicious-http.jpg)

As the adoption of cryptographic protocols for secure website communication increased, cybercrooks also moved to http to keep their operation floating.

Over half of the phishing websites detected in the first quarter of the year used digital certificates to encrypt the connections from the visitor. This is a trend that kept growing since mid-2016.

http is designed to protect user privacy by encrypting the traffic between a website and the browser. This prevents third parties from viewing the data that's exchanged. It started as a defense against snooping traffic on pages with forms for sensitive information (payment card details, logins)  and soon became a communication standard for the entire website.

Crooks catch up on http adoption

Statistics from PhishLabs - a company that monitors phishing activity at a large scale, show that up to 58% of the phishing websites in the first months of 2019 were using the secure HTTP protocol. This is a 12% jump compared to the last quarter of 2018.

(http://i.postimg.cc/FKZxcgPt/http-adoption-trends.png)

As browsers became more aggressive about http adoption by warning users when their connection is not secure, phishing scams had to follow the trend. Impersonating an http website is virtually impossible now without a TLS certificate.

If a while ago getting a digital certificate was both a complicated and expensive endeavor, the process became much easier lately and TLS certificates are now available even for free (http://letsencrypt.org/ (http://letsencrypt.org/)).

"Attackers can easily create free DV (Domain Validated) certificates, and more web sites are using SSL in general. More web sites are using SSL because of browsers warning users when SSL is not used, and most phishing is hosted on hacked, legitimate sites," says John LaCour, founder, and CTO of PhishLabs.

The researchers expect the adoption of http to grow among cybercrooks as failing to do so would mean an end to their business.

source (http://www.bleepingcomputer.com/news/security/phishing-websites-increase-adoption-of-http/)