Malware and ransomware gangs have found this new way to cover their tracks
Theres's been a huge uptick in the proportion of malware using TLS or the Transport Layer Security to communicate without being spotted, cybersecurity firm Sophos reports.
While HTTPS helps prevent eavesdropping, man-in-the-middle attacks, and hijackers who try to impersonate a trusted website, the protocol has also offered cover for cybercriminals to privately share information between a website and a command and control server — hidden from the view of malware hunters.
"It should come as no surprise, then, that malware operators have also been adopting TLS ... to prevent defenders from detecting and stopping deployment of malware and theft of data," Sophos said. Malware communications fall into three main categories: downloading more malware, exfiltration of stolen data, or command and control. All these types of communications can take advantage of TLS encryption to evade detection by defenders, the security company said.