Malicious SSL Traffic Doubles in Six Months

The volume of malicious content encrypted using SSL/TLS has more than doubled over the past six months as cybercriminals look to circumvent security filters, according to Zscaler.

The security firm claimed in new findings that over 60% of transactions in its Zscaler Cloud are now encrypted with SSL/TLS.

Yet increasingly often, this is because black hat hackers are looking to hide their malicious traffic.

Zscaler claimed it blocks on average a staggering 8.4 million requests in SSL/TLS-based traffic, with 600,000 (7%) of those found to contain advanced threats.

In addition, the Zscaler cloud has blocked 12,000 phishing attempts per day delivered over the encrypted protocol, which is a whopping 400% increase on 2016 figures, it claimed.

It blocked a further 300 web exploits per day, according to the figures.

SSL/TLS is typically used to hide C&C communications, the firm explained.

Banking Trojans such as Dridex, Zbot, Vawtrak and Trickbot comprise around 60% of new payloads while ransomware families account for approximately a quarter, 12% were information stealers like Fareit and Papras, and the remaining 3% from miscellaneous malware families.

“Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration and hide botnet command and control communications,” said Deepen Desai, Zscaler’s senior director of security research and operations.

“SSL inspection is a necessity in ensuring the security of network traffic in the enterprise. Zscaler sits between users and the internet, inspecting every byte of traffic, including encrypted traffic, so we can catch hidden threats before they get into the network.”

The findings echo separate pieces of research from security firm Venafi, which found last December that nearly 90% of UK IT professionals had seen digital key and certificate use grow by more than a quarter over the previous 12 months.

What’s more, 90% of CIOs it polled globally said they had already been attacked or expect to be by hackers hiding in encryption.

The problem lies with the explosive growth in SSL, driven by the web and IoT, which means many organisations can’t keep track of how many certs and keys they own. This means many are left unsecured and managed manually, allowing attackers to sneak in and use them for their own ends.

What’s Hot on Infosecurity Magazine?