Security News > 2021 > April > When cryptography attacks – how TLS helps malware hide in plain sight

Ten years ago, even the biggest and most popular online services in the world, such as Facebook, Gmail and Hotmail didn't use TLS all the time - it was thought to be too complicated, too slow, and not always necessary.
These days we expect our web browsing to be protected by TLS all the time.
By using TLS to conceal their malware machinations inside an encrypted layer, cybercriminals can make it harder for us to figure out what they're up to.
In his paper, published today, entitled Nearly half of malware now use TLS to conceal communications, he takes you through the tricks used by today's cybercriminals to help them hide in plain sight, simply by making their bad traffic look much the same as our good traffic.
Malware authors' abuse of legitimate communication platforms gives them the benefit of encrypted communications provided by Google Docs, Discord, Telegram, Pastebin and others-and, in some cases, they also benefit from the "Safe" reputation of those platforms.
Learn how these attacks work, and how SophosLabs is able to keep on top of them even though they're encrypted.
News URL
https://nakedsecurity.sophos.com/2021/04/21/when-cryptography-attacks-how-tls-helps-malware/
Related news
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- SK Telecom warns customer USIM data exposed in malware attack (source)