Advertisement

Report: Hackers increasingly use encryption to hide malware

Hackers are increasingly benefiting from poorly managed encryption technologies deployed by organizations, according to a new repor​t from application networking and security firm A10 Networks in partnership with the Ponemon Institute.

Hackers are increasingly benefiting from poorly managed encryption technologies deployed by organizations, according to a new report from application networking and security firm A10 Networks in partnership with the Ponemon Institute.

The survey of 1,023 IT professionals suggests that encryption is allowing for some malware to surpass cybersecurity measures — including firewalls, secure web gateways and anti-malware solutions — by otherwise hiding in plain internet traffic.

“Encryption technology that is crucial to protecting sensitive data in transit, such as web transactions, emails and mobile apps, can allow malware hiding inside that encrypted traffic to pass uninspected,” the report reads.

While internal data that is purposefully encrypted presents an apparent security challenge to scan, a majority of the survey’s respondents also believe that hackers will increasingly leverage SSL encryption to evade both detection and bypass controls in the future.

Advertisement

Over the last 12 months, malware used in nearly half of the cyber attacks witnessed by respondents sneaked into systems due, in some part, to encryption.

A10 Networks' graphic: rise of SSL traffic (A10 Networks)

A10 Networks’ graphic: rise of SSL traffic (A10 Networks)

Even so, the use of encryption to hide malware is nothing new.

“SSL encryption has become a ubiquitous tool for the enemy to hide sensitive data transfers and to obfuscate their command and control communications,” a November 2013 SANS Institute white paper separately states.

Formally known as secure sockets layer, SSL is a fundamental security technology, which establishes an encrypted link between two machines — usually a web server and an internet browser.

Advertisement

Though 75 percent of A10 Networks’ survey respondents said that malware hidden inside encrypted traffic represents a tangible risk to their enterprise networks, roughly two-thirds admitted they are completely unprepared to detect this malicious SSL traffic.

The largest group of survey respondents said they work in the financial services industry.

Broadly, companies are accepting more encrypted traffic as they shift towards cloud services, which is leading malware architects to take advantage of this common form of transport encryption, according to the SANS Institute.

By 2017, Gartner believes that more than 50 percent of cyber attacks targeting enterprises will use some form of SSL encryption.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts