New Threats Posed by Misuse of Legitimate Websites, End-to-End Encryption Technologies and Countermeasures, A SANS Technology Institute Masters Candidate Presentation

  • Webcast Aired Wednesday, 18 Oct 2017 10:30AM EST (18 Oct 2017 14:30 UTC)
  • Speaker: Paul Tang

A traditional exploit kit or malware payload hosts on a compromised website that may be poorly managed by a small or medium-sized company which may not have access to resources for information security. The malware may not have any protection. A reputation-based secure web gateway can identify the malware straightforwardly. However, a recent study conducted by researchers from the Georgia Institute of Technology, Indiana University Bloomington and the University of California Santa Barbara observed that some cloud service providers ' websites with credible reputations were hosting malware and other malicious activities. Also, there is a growing use of tunneled connection to protect malicious traffic. The more significant problem is that most companies have not detected malware and data leakage while using cloud services. Signature-based Network Intrusion Prevent System (NIPS) cannot block these kinds of attacks. This paper will assess new threats posed by the misuse of legitimate websites and end-to-end encryption technologies, challenges to existing information security infrastructures, possible ways to detect the attacks and the procedure for handling security incident.The findings of the study may change the mindset of senior executives, update current security risk assessment methodology, thereby transforming the design of information security infrastructures and security incident response procedures.