Encryption hiding malware in half of cyber attacks

Cyber attackers are using encryption to hide malicious activity, making it increasingly difficult to find as more organisations turn to encryption to protect data, a study has revealed

Warwick Ashford, Security Editor
30 Aug 2016

Malware in nearly half of cyber attacks in the past 12 months has been sneaked into organisations under the cover of encryption, a study has revealed.  

The demand for data privacy in the post-Snowden era is driving the use of encryption, but that has security and other implications for business.

Just as organizations are increasingly using encryption to keep their network data confidential, so cyber criminals are using the technology to mask their activities.

This means the encryption technology that is crucial to protecting sensitive data in transit, such as web transactions, emails and mobile apps, can also allow malware hiding inside that encrypted traffic to pass uninspected through an organisation’s security framework.

Encryption is also being used by cyber attackers to send information out of targeted organisations, largely undetected.

Encrypted threats

“The Hidden Threats in Encrypted Traffic study sheds light on important facts about the malicious threats lurking in today’s corporate networks,” said Larry Ponemon, chairman and founder of the Ponemon Institute.

“Our goal is to help organisations better understand the risks to help them better address vulnerabilities in their networks,” he said.

The report is based on a survey of more than 1,000 IT and IT security practitioners in the US, Canada, Europe, Middle East and Africa who are involved in preventing or detecting web-based attacks.

Evasion via encryption

While 80% of respondents said their organisations had been hit by a cyber attack in the past year, nearly half said their attackers had used encryption to evade detection.

The trend is expected to grow in parallel with the greater legitimate use of encryption. Inbound encrypted traffic is expected to rise from 39% to 45% next year, and outbound encrypted traffic from 33% to 41%.

When asked about malware hiding outbound data within encrypted traffic, 74% said this was highly likely but only 16% thought their organisation could identify and mitigate SSL-encrypted malware attack before data exfiltration.

When asked if traffic from an SSL-secured malware server could be spotted by their intrusion prevention system (IPS), 79% of respondents said it is highly likely this could occur in their organisation; only 17% thought their organisation has the ability to mitigate such an attack.

When asked if an attacker could mask outbound communications or stolen data from a command and control server, two-thirds said it is highly possible. Only 26% thought their organisation could spot such behaviour and prevent data loss.