Malicious Use of SSL Increases as Attackers Deploy Hidden Attacks

There has been a 260% increase in the use of encrypted traffic to “hide” attacks.

New research by Zscaler, analyzing 6.6 billion security threats, has discovered a 260% increase in attacks during the first nine months of 2020. Among the encrypted attacks was an increase of the amount of ransomware by 500%, with the most prominent variants being FileCrypt/FileCoder, followed by Sodinokibi, Maze and Ryuk.

Zscaler claimed that adversaries have leveraged SSL to hide attacks, “turning the use of encryption into a potential threat without proper inspection.” This means cyber-criminals are using industry-standard encryption methods to hide malware inside encrypted traffic to carry out attacks that bypass detection.

Deepen Desai, CISO and vice-president of security research at Zscaler, said: “We are seeing encrypted channels being leveraged by cyber-criminals across the full attack cycle, starting with initial delivery stage (email with links, compromised sites, malicious sites using SSL/TLS), to payload delivery (payloads hosted on cloud storage services like Dropbox, Google Drive, AWS, etc).”

Tim Mackey, principal security strategist at the Synopsys CyRC, told Infosecurity that using SSL or TLS as part of an attack is an acknowledgement that in 2020, legitimate websites and system traffic will be encrypted.

“Hiding malicious traffic amongst legitimate activity has the distinct benefit of allowing an attacker to progress through the early phases of their attack with a lower risk of detection,” he said. “Further, if the attacker’s toolkit leverages existing system services, such as the encryption modules supplied by the operating system, and popular cloud storag ..

Support the originator by clicking the read the rest link below.