Researchers found that nearly half of all malware is being hidden within TLS-encrypted traffic in order to evade detection from security tools.
Organisations should never assume that traffic is safe just because it’s encrypted. For cybercriminals, hiding within encrypted traffic offers the perfect disguise: they know this is a major security gap for organisations since AV tools can’t look inside encrypted tunnels. This gives the bad guys free reign to send malware or other exploits over HTTPS – and as more machines and clouds rely on encrypted traffic, this tactic will become even more popular among cybercriminals.
The best defence
The best defence organisations have is to inspect all inbound, cross-network, and cross-cloud traffic, and ensure that security tools are able to inspect encrypted traffic to eliminate blind spots. This creates a need for centralised intelligence and automation to ensure that all security tools – such as firewalls, intrusion detection and prevention, or analytics – are fed and updated with the all the relevant machine identities to ensure they can inspect all traffic. Otherwise these just become gaping holes in a company’s defence for hackers to exploit.
@Kevin Bocek, VP Security Strategy & Threat Intelligence, provides expert commentary at @Information Security Buzz. "Organisations should never assume that traffic is safe just because it’s encrypted...." #infosec #cybersecurity #isdots https://informationsecuritybuzz.com/expert-comments/security-researchers-find-that-nearly-half-of-all-malware-hidden-by-tls-encryption
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Enter the destination URL
Or link to existing content