Security News > 2021 > April > When cryptography attacks – how TLS helps malware hide in plain sight
Ten years ago, even the biggest and most popular online services in the world, such as Facebook, Gmail and Hotmail didn't use TLS all the time - it was thought to be too complicated, too slow, and not always necessary.
These days we expect our web browsing to be protected by TLS all the time.
By using TLS to conceal their malware machinations inside an encrypted layer, cybercriminals can make it harder for us to figure out what they're up to.
In his paper, published today, entitled Nearly half of malware now use TLS to conceal communications, he takes you through the tricks used by today's cybercriminals to help them hide in plain sight, simply by making their bad traffic look much the same as our good traffic.
Malware authors' abuse of legitimate communication platforms gives them the benefit of encrypted communications provided by Google Docs, Discord, Telegram, Pastebin and others-and, in some cases, they also benefit from the "Safe" reputation of those platforms.
Learn how these attacks work, and how SophosLabs is able to keep on top of them even though they're encrypted.
News URL
https://nakedsecurity.sophos.com/2021/04/21/when-cryptography-attacks-how-tls-helps-malware/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)