Over Two-Thirds of Q1 Malware Hidden by HTTPS

Over two-thirds of malware detected in the first three months of the year was hidden in HTTPS encrypted tunnels in a bid to evade traditional AV, according to Watchguard.

The security vendor’s latest Internet Security Report for Q1 2020 is distilled from analytics provided by its 44,000 global appliances.

During the period they blocked over 32 million malware variants and nearly 1.7 million network attacks.

Some 67% of that malware was delivered via HTTPS connections and 72% of these encrypted attacks apparently featured zero-day malware which would have been missed by legacy signature-based AV.

The growing popularity of HTTPS is down in part to initiatives like Let’s Encrypt, backed by the non-profit Internet Security Research Group (ISRG). However, while it has improved website security and user privacy, it also offers cyber-criminals a free and easy way to disguise their activity.

“Some organizations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go un-inspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard.

“As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Interestingly, the vendor claimed that it detected 6.9% less malware and 11.6% fewer network attacks than in the previous quarter despite the apparent uptick in COVID-themed threats.

It suggested that this could be because fewer users were operating within the traditional corporate network perimeter during Q1 thanks to work-from-home mandates.

However, data from Microsoft last week revealed that COVID-19 attacks represented less than 2% of total threats detected in the first four months of the year. Thus, rather than drive a new surge in overall attack volumes, these threats were merely rebranded and switched from existing campaigns.

What’s Hot on Infosecurity Magazine?