Hackers are constantly looking for ways to perfect their attacks. They are based on trying to get users, ultimately victims, to fall into the trap and thus be successful. Although we have more and more tools that protect us, that help us avoid malware, the truth is that new techniques are always emerging to bypass these measures. In this article we are going to talk about hidden malware in encrypted traffic . Let’s talk about why it is so dangerous and why it is increasing lately.
What is malware hidden in encrypted traffic
We can think that when browsing the Internet through a page that is encrypted , that has HTTPS in the URL, it is already reliable. It is true that this is an indication that we must observe when we are going to enter personal data or make a payment. However, it does not by itself mean that it is already a totally secure site.
This is precisely what hackers take advantage of. They are based on a greater confidence of users when browsing pages that are encrypted to, precisely there, hide the malware.
Although a page that is HTTPS apparently gives us more confidence, it does not mean that they cannot contain malware. Cybercriminals, as we say, is precisely where they are sneaking malware the most with the aim of infecting victims’ systems. It is not something new, but it is something that is gaining much prominence.
A group of security researchers from Zscaler has presented a report in which they show how hidden malware in encrypted traffic has grown by 260% during the first nine months of 2020 compared to the same period of the previous year.
The pandemic pushes these types of attacks
They also indicate that the Covid-19 pandemic has partly increased attacks that use malware hidden in SSL / TLS encrypted traffic. For example, ransomware delivered through SSL / TLS channels between March and September has grown by 500%. Most of these attacks have been directed at technology and telecommunications companies, but also at healthcare organizations.
The rise of teleworking , one of the changes caused by the Covid-19 pandemic, is another cause of the increase in this type of attacks directed at users. More and more people work from home and in many cases these are users who do not have the necessary knowledge to be safe on the Internet.
Zscaler’s analysis also shows an increase in attacks that are based on SSL / TLS and that have been delivered through trusted cloud storage services such as Google Drive, Dropbox, OneDrive or AWS. They host malicious content on these services that are now widely used due to the pandemic and the increase in remote work.
Without a doubt, this upward trend is a great challenge for organizations. Also, security tools are not enough to protect us from these types of problems. It is essential to maintain common sense and not make mistakes. In another article, we leave you with a series of tips to avoid email malware.