Cybersecurity, websites at risk: the fault of potentially harmful servers

The Tls Telemetry Report prepared by F5 Labs sheds light on the criticalities in cryptography. The use of insecure RSA keys that open the doors to hackers is still too widespread 30 Dec 2021 F. Me

While the adoption of web encryption is growing, the flexible nature of HTTPs and cipher suite trading, combined with stagnation or recession in many areas, is hindering progress and putting websites at risk. According to the 2021 TLS Telemetry Report produced by F5 Labs, the F5 research laboratories, more than half of the servers used by these sites still allow the use of non-secure RSA keys. At the same time, certificate revocation remains problematic and old and outdated servers are visible everywhere. The research also found that hackers are learning to use Transportation Layer Security (Tls) to their advantage in their phishing campaigns. At the same time, new fingerprinting techniques are raising many questions about the presence of hidden malware on the servers of the million WEB sites analyzed. “Today more than ever, both governments and cybercriminals are working to get around the blocks caused by strong cryptography. Due to this increasing risk, it has become critical to focus on robust and up-to-date Https configurations, particularly when digital certificates are shared between different services, ”explains David Warburton, Senior Threat Research Evangelist at F5 and author of the report. F5 Labs have found that the faster and safer Tls 1.3 protocol is gaining ground. For the first time, Tls 1.3 was listed as the preferred encryption protocol for most web servers in the Tranco 1M list. Nearly 63% of servers now prefer Tls 1.3, as do over 95% of all browsers in use. The data, however, varies greatly locally: in some countries, such as the United States and Canada, it is chosen for 80% of web servers, while in others, such as China and Israel, only 15% of servers support it. Meanwhile, CAA Dns records on certification authority authorization, which can help prevent fraudulent issuance of certificates, grew from 1.8% of sites in 2019 to 3.5% of sites in 2021. F5 Labs believe this figure demonstrates a positive and steady increase in their use but still limited to a few websites. In 52% of cases, even if almost all the servers in the top list prefer secure Diffie-Hellman key exchanges, the servers still allow the use of non-secure RSA key exchanges (because they are supported and requested by the client). Furthermore, research by F5 Labs has shown how revocation methods are almost totally outdated and this implies a growing demand from certification authorities (CAs) and browsers to progressively adopt certifications with a very short deadline. The revocation of a stolen certificate, in fact, becomes much less problematic if it is destined to expire in a few weeks. In the report, the lifespan of the most commonly used certificates by sites averaged 90 days, which was confirmed by 42% of all sites.

Risks on the rise

The report also shows growing concern about the covert activities of cybercriminals. In particular, the number of phishing sites using Https with valid certificates to appear legitimate has grown from 70% in 2019 to nearly 83% in 2021. About 80% of malicious sites now come from only 3.8% hosting providers. Facebook and Microsoft Outlook / Office 365 were the most faked brands in phishing attacks. Credentials stolen from these sites are of great value, not least because many other accounts tend to rely on these as an identity provider (IdP) or to reset passwords. F5 Labs also found that Webmail platforms are the target of 10.4% of personification attempts, a given smile to that of hacking attempts via Facebook. This means that phishing attacks against webmails are just as common as those against Facebook accounts. "It is clear that, in view of 2022, we must become aware of two fundamental facts," added Warburton. “The first is that the desire to intercept, bypass and weaken encryption has never been higher. Cybercriminals work around the clock to defeat the obstacles of strong cryptography, looking for creative ways to intercept or acquire information before or after it is encrypted. The second important aspect is that the major weaknesses are not related to the new features that we struggle to adopt, but to the old ones that we are reluctant to disable. Until both qThese problems will not be addressed in a more conscious and direct way, it is important to prioritize the use of support protocols, such as Dns Caa and Hsts, to ensure that some minor gaps in the strength of Https cannot be exploited ".