A quarter of malware now uses encryption to bypass defences: Sophos

Enterprise

0

Hackers are encrypting their malicious code to hide from cyber defences and trick unsuspecting users into running the malware, according to cybersecurity firm Sophos.

Twenty-three per cent of malware families use encrypted communications to hide from, say, firewalls that look out for them, it said last week in a report.

It added that 44 per cent of prevalent information theft uses encryption to sneak hijacked data, including bank and financial account passwords and other sensitive credentials, from victims.

The hackers often use the common TLS or transport layer security (TLS) encryption standard that is also used by legitimate traffic that users rely on to keep data from prying eyes.

Unfortunately, this means firewalls often don’t inspect the malicious code that is also hidden within TLS encryption. They get a free ride through cyber defences, as a result.

Another issue is the cost and performance hit that firewalls have to take if they were required to inspect the data that is encrypted by TLS. If this inspection takes up too much time, users will be inconvenienced.

There are also questions of privacy and data protection. Encryption, after all, is meant to keep data secure from unauthorised access. The question now is how to identify the malware hiding itself under a layer of encryption.

Sophos claims its new firewalls are capable of decrypting TLS traffic while keeping performance up, thanks to the use of technologies such as artificial intelligence (AI).

This is a problem that is not properly addressed yet, it added. While 82 percent cent of respondents it surveyed agreed that TLS inspection is necessary, only 3.5 per cent of organisations are decrypting their traffic to properly inspect it.