Security News > 2021 > April > When cryptography attacks – how TLS helps malware hide in plain sight
Ten years ago, even the biggest and most popular online services in the world, such as Facebook, Gmail and Hotmail didn't use TLS all the time - it was thought to be too complicated, too slow, and not always necessary.
These days we expect our web browsing to be protected by TLS all the time.
By using TLS to conceal their malware machinations inside an encrypted layer, cybercriminals can make it harder for us to figure out what they're up to.
In his paper, published today, entitled Nearly half of malware now use TLS to conceal communications, he takes you through the tricks used by today's cybercriminals to help them hide in plain sight, simply by making their bad traffic look much the same as our good traffic.
Malware authors' abuse of legitimate communication platforms gives them the benefit of encrypted communications provided by Google Docs, Discord, Telegram, Pastebin and others-and, in some cases, they also benefit from the "Safe" reputation of those platforms.
Learn how these attacks work, and how SophosLabs is able to keep on top of them even though they're encrypted.
News URL
https://nakedsecurity.sophos.com/2021/04/21/when-cryptography-attacks-how-tls-helps-malware/
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- CoralRaider attacks use CDN cache to push info-stealer malware (source)