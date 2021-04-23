Infosecurity Group Websites
Latest
News

TLS-Encrypted Malware Volumes Double in Just Months

The volume of malware hidden in encrypted traffic has doubled over the past few months as threat actors look to circumvent security tools, according to Sophos.

The security vendor claimed that 23% of the malware it detected in 2020 was encrypted with the Transport Layer Security (TLS) protocol. However, in the first three months of 2021, the figure had grown to reach nearly 46%.

The rise can be linked to an overall increase in use of TLS by popular web services abused by threat actors, explained senior threat researcher, Sean Gallagher.

“A large portion of the growth in overall TLS use by malware can be linked in part to the increased use of legitimate web and cloud services protected by TLS — such as Discord, Pastebin, GitHub and Google’s cloud services — as repositories for malware components, as destinations for stolen data, and even to send commands to botnets and other malware,” he explained.

“It is also linked to the increased use of Tor and other TLS-based network proxies to encapsulate malicious communications between malware and the actors deploying them.”

The challenge with criminals using these services is that they not only hide their activity from security tools, but also benefit from the “safe” reputation of these well-known platforms, Gallagher claimed.

Nearly half of all encrypted malware went to servers in the US and India in Q1 2021, which can partly be explained by Google cloud services — the destination for 9% of TLS malware call-homes — and India’s BSNL (6%).

Gallagher said Sophos had also seen an increase in the use of TLS encryption in customized ransomware attacks, in the form of “modular offensive tools” that use HTTPS. However, the vast majority of malicious TLS traffic is from malware designed to deliver initial compromise of a victim — for example, loaders, droppers and document-based installers, he added.

TLS encryption is also being used to hide the exfiltration of data from compromised networks and C&C communications, said Gallagher.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Data Breach at New England’s Largest Energy Provider

2
News

Dating Service Suffers Data Breach

3
News

Costco Issues Scam Warning

4
News

Prometei Botnet Exploits Exchange Server Bugs to Grow

5
News

DoJ Launches Ransomware Taskforce as Apple Hit by Extortion Attempt

6
News

Campus Still Closed as Portsmouth University Reels from Suspected Ransomware

1
News

US Cyber Games Launches Cyber Open and Combine

2
News

US: Ireland Is a Target for Cyber-Criminals

3
News

GCHQ Director: The UK and Allies Must Counter “Existential Threat” to the Digital Environment

4
Blog

A Story of Human Error and Revenge

5
Blog

Too Much Trust?

6
News

Last Chance for Forensics Teams Ahead of Emotet Sunday Deadline

1
Webinar

Securing Remote Employee Devices with Unified Endpoint Management

2
Webinar

What You Really Need to Know about MSSP: Busting the Myths, Mistakes and Misconceptions

3
Webinar

Endpoint Strategies: Balancing Productivity and Security

4
Webinar

How to secure the new world of distributed work

5
Webinar

How Zero Trust Enables Remote Working and Builds to a SASE Vision

6
Webinar

Supply Chain Security: Easing the Headache of Third-Party Risk Assessments

1
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - EMEA 2021

2
Webinar

Security Mythbusting: Dismantling the Top Five API Myths

3
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - North America 2021

4
News Feature

Census 2021: How Safe Will Our Data Be Over the Next 100 Years?

5
Opinion

How Behavioral Biometrics is Combating Credential Stuffing Attacks

6
Webinar

Securing the #COVID19 Vaccine & Supply Chain