Rise in Malware Using Encryption Shows Importance of Network Traffic Inspection

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
The criminal use of encryption to hide malware is growing rapidly. In the first half of 2019 the use of encryption by malware almost equaled the entire encrypted volume of 2018, and is not likely to slow. Today, nearly a quarter of malware communicates using TLS.

The reason is simple: encryption obfuscates malware code, making it difficult to analyze; prevents users from accessing the component files in the event of an infection; and hides and secures the attackers' malicious network communication. In short, malware encryption makes it harder for traditional defenses to detect and mitigate that malware.

Malware normally collects victim machine data as the first phase of victim reconnaissance. If this data is encrypted before being sent back to the attacker -- especially if the destination is a legitimate service (like Pastebin or GitHub) that also normally communicates with encryption -- it is less likely to be detected as any form of communication from internal malware to external attacker.

The success of hiding malware communications within encryption may partly explain the growth of malware taking new instructions from its C2 server over having the entire functionality coded within the malware. This in turn makes the initial malware infection smaller and less likely to be detected. "Without the protective layer of TLS encryption obfuscating the contents of this communication," writes SophosLabs threat researcher Luca Nagy, "a sharp-eyed analyst or data loss prevention tool might easily catch this type of theft in the act, before any harm may come as a result."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top