Malware disguised by SSL traffic spikes over the last year

New research suggests encrypted traffic is becoming the go-to method for threat actors to hide malicious code.
Written by Charlie Osborne, Contributing Writer

The use of encrypted traffic to disguise malware attempting to infiltrate user devices and enterprise networks has "significantly" risen over the past year, researchers say.

According to cybersecurity firm Blue Coat, there was a visible increase in the use of SSL/TLS encryption standards born out of privacy worries. However, while many individuals are now using these protocols whenever possible, it appears that threat actors are also harnessing SSL to disguise their activities.

On Sunday, the team said in a press release that over 2015, analysis revealed a 58 times increase in SSL-cloaked traffic in command and control servers (C&C), which are used to relay commands remotely to malware which has infected computer systems.

In addition, Blue Coat says there was a 200 times increase in C&C servers using SSL last year, indicating "that SSL/TLS will be increasingly used in the future to hide attacks."

This spike in usage will likely cause concern for IT and security professionals. Encryption, in itself, is a beneficial way to protect user privacy and keep communication masked and kept away from spying eyes -- whether this is law enforcement, snooping governments or cyberattackers -- however, it can also be used by threat actors to increase the severity of their attacks.

Michael Fey, president and COO of Blue Coat Systems commented:

"Our researchers' findings reveal what many have long suspected -- that SSL traffic as a primary channel for malware and exfiltration is dramatically increasing.

In light of these growing threats, many organizations have realized that the balance between network performance and proper SSL inspection is not as simple as they had been led to believe by many of their network security providers."

Last week, Blue Coat announced support for SCADA (Supervisory Control and Data Acquisition) environments and additional anomaly detection in the firm's range of security solutions.

Free ways to learn about IT, security and hacking online

Editorial standards