Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD

So Where Is All The Malware Hidden On Your System?

Cybercriminals are increasingly turning to the Transport Layer Security (TLS) cryptographic protocol to hide their malware communications.

According to Cloudflare.com, "Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP)."

During the first three months of 2021, 46 percent of malware observed used TLS to communicate with a remote system over the internet, according to a Sophos analysis of malware samples. In 2020, only 23 percent of malware tools used TLS.

It is becoming more common for threat actors to use legitimate TLS- protected cloud and Web services, including Google cloud services, Pastebin, Discord, and Github, to host malware, store stolen data, and carry out command and communication operations. Cybercriminals also increasingly use Tor and other TLS-based network proxies to encrypt communication with their malware, according to Sophos.

A senior threat researcher at Sophos stated, "The main takeaways are that there is no such thing as a 'safe' domain or service when screening for malware, and that more traditional rewall defenses based on reputation scanning without deep packet inspection cannot protect systems."

Over the past several years, experts have pushed for the use of cryptographic protocols, such as HTTPS and TLS, to protect online communications from spying and surveillance. Now, 92 percent of online traffic in the U.S. uses TLS, according to Google.

However, although the use of HTTPS and TLS has increased privacy, it also gives cybercriminals a technology they can use to hide their malware and malware communications. Jai Vijayan "Nearly half of all malware is concealed in TLS-encrypted communications" urgentcomm.com (Apr. 23, 2021).

Commentary

Using TLS is only the latest way cybercriminals are hiding malware. Cybercriminals use a number of techniques to evade detection by cybersecurity software, including code packing and encryption, code mutation, rootkit technologies, backdoor Trojans, antivirus-blocking malware, masking malware on a website, and quantity attacks. Kasperksy “How Cybercriminals Try to Combat & Bypass Antivirus Protection” www.kaspersky.com.

In order to address the use of sophisticated technology and techniques by cybercriminals, organizations have to likewise increase the sophistication of their antivirus protections. Work with a cybersecurity expert to devise a solution that scans for threats hiding from traditional antivirus software.

Finally, your opinion is important to us. Please complete the opinion survey:

Online Requests To Change Payment Procedures: A Red Flag That Needs Thorough Investigation

Organizations must train employees to prevent phishing scams, but also know what to do if an employee falls prey. Read more.

read more

Mac Malware Is On The Rise: Why You Can't Wait To Update

Installing updates to patch vulnerabilities immediately is your best defense against malware, including malware infecting Macs. We examine.

read more

Scam Or Legit: Would You Be Able To Tell The Difference?

The FTC warns people to be alert to scammers posing as government agents and asks for help in communicating the risk to others. We offer further steps for employees to use to avoid becoming victims.

read more

So Where Is All The Malware Hidden On Your System?

Cybercriminals are using new technology and techniques to evade detection. Learn more about how malware is hidden from antivirus software.

read more