Report: Hackers increasingly use encryption to hide malware


Written by

Hackers are increasingly benefiting from poorly managed encryption technologies deployed by organizations, according to a new report from application networking and security firm A10 Networks in partnership with the Ponemon Institute.

The survey of 1,023 IT professionals suggests that encryption is allowing for some malware to surpass cybersecurity measures — including firewalls, secure web gateways and anti-malware solutions — by otherwise hiding in plain internet traffic.

“Encryption technology that is crucial to protecting sensitive data in transit, such as web transactions, emails and mobile apps, can allow malware hiding inside that encrypted traffic to pass uninspected,” the report reads.

While internal data that is purposefully encrypted presents an apparent security challenge to scan, a majority of the survey’s respondents also believe that hackers will increasingly leverage SSL encryption to evade both detection and bypass controls in the future.

Over the last 12 months, malware used in nearly half of the cyber attacks witnessed by respondents sneaked into systems due, in some part, to encryption.

A10 Networks' graphic: rise of SSL traffic (A10 Networks)
A10 Networks’ graphic: rise of SSL traffic (A10 Networks)

Even so, the use of encryption to hide malware is nothing new.

“SSL encryption has become a ubiquitous tool for the enemy to hide sensitive data transfers and to obfuscate their command and control communications,” a November 2013 SANS Institute white paper separately states.

Formally known as secure sockets layer, SSL is a fundamental security technology, which establishes an encrypted link between two machines — usually a web server and an internet browser.

Though 75 percent of A10 Networks’ survey respondents said that malware hidden inside encrypted traffic represents a tangible risk to their enterprise networks, roughly two-thirds admitted they are completely unprepared to detect this malicious SSL traffic.

The largest group of survey respondents said they work in the financial services industry.

Broadly, companies are accepting more encrypted traffic as they shift towards cloud services, which is leading malware architects to take advantage of this common form of transport encryption, according to the SANS Institute.

By 2017, Gartner believes that more than 50 percent of cyber attacks targeting enterprises will use some form of SSL encryption.