This post is also available in: heעברית (Hebrew)

State-actors and cybercriminals alike concentrate efforts in bypassing strong encryption. It has never been more important to focus on updated, resilient HTTPS configurations, according to the 2021 TLS Telemetry Report by F5 Labs, which uncovers the extent of internet encryption and the potential use or abuse of web encryption for malicious purposes.

Based on the screening of the top million websites in the world, the report claims that more than half of the web servers still allow unsecured RSA Exchange. In addition, the negation of authorization remains problematic, due to the prevalence of legacy servers updated only rarely.

The research also found out that attackers learn how to exploit TLS (Transport Layer Security) for their phishing campaigns. At the same time, new fingerprint techniques raise questions regarding the prevalence of malware servers hidden in the top million websites. 

TLS is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

F5 Labs has discovered that the TLS 1.3 protocol, the more secure and rapid one, has been the chosen encryption protocol for the majority of web servers among the Tranco top million list. Almost 63% of the servers contain TLS 1.3, similarly to more than 95% of all the browsers in use.

However, in some countries, such as the United States and Canada, as many as 80% of web servers choose it, while in others, such as China and Israel, only 15% of servers support it.

Security risks continue to grow. According to the report, the proportion of phishing sites using HTTPS and valid certificates has risen from 70% in 2019 to 83% in 2021, with roughly 80% of malicious sites coming from just 3.8% of the hosting providers.

Facebook and Microsoft Outlook/Office 365 were the most common counterfeit brands in phishing attacks. F5 Labs also found that webmail platforms accounted for 10.4% of impersonating Internet functions, a rate almost as high as Facebook. This means that phishing attacks against webmail are as common as attacks against a Facebook account.