Security News > 2020 > February > Rise in Malware Using Encryption Shows Importance of Network Traffic Inspection
Today, nearly a quarter of malware communicates using TLS. The reason is simple: encryption obfuscates malware code, making it difficult to analyze; prevents users from accessing the component files in the event of an infection; and hides and secures the attackers' malicious network communication.
In short, malware encryption makes it harder for traditional defenses to detect and mitigate that malware.
The success of hiding malware communications within encryption may partly explain the growth of malware taking new instructions from its C2 server over having the entire functionality coded within the malware.
SophosLabs wanted to quantify the extent of encryption use by malware, and looked at a selection of malware analyses from the last six months.
The three malware families discussed in the report have been among the most prolific and successful malwares in recent years - and the use of encryption will at least partly explain their success.