Security News > 2021 > April > When cryptography attacks – how TLS helps malware hide in plain sight

When cryptography attacks – how TLS helps malware hide in plain sight
2021-04-21 18:33

Ten years ago, even the biggest and most popular online services in the world, such as Facebook, Gmail and Hotmail didn't use TLS all the time - it was thought to be too complicated, too slow, and not always necessary.

These days we expect our web browsing to be protected by TLS all the time.

By using TLS to conceal their malware machinations inside an encrypted layer, cybercriminals can make it harder for us to figure out what they're up to.

In his paper, published today, entitled Nearly half of malware now use TLS to conceal communications, he takes you through the tricks used by today's cybercriminals to help them hide in plain sight, simply by making their bad traffic look much the same as our good traffic.

Malware authors' abuse of legitimate communication platforms gives them the benefit of encrypted communications provided by Google Docs, Discord, Telegram, Pastebin and others-and, in some cases, they also benefit from the "Safe" reputation of those platforms.

Learn how these attacks work, and how SophosLabs is able to keep on top of them even though they're encrypted.


News URL

https://nakedsecurity.sophos.com/2021/04/21/when-cryptography-attacks-how-tls-helps-malware/