News &
Information

Anti-virus Software: Ineffective Against Surging Zero-Day Malware

A malware report from the first quarter of 2021 shows how zero-day malware is a significant threat that many traditional security programs cannot detect. We examine.

Limited Access Is The Centerpiece Of All Data Security Strategies

Employers must revoke account access when employees leave. Read about how continued access creates exposure.

Why Is Trojan Malware So Effective?

The latest security report shows Trojan malware is a primary network security risk for users. Read about the dangers of this type of attack and how to avoid becoming a victim.

Back Up Often And Off-Line To Help Address Ransomware Risks

Ransomware attacks are increasingly common, and all organizations must prepare now for an attack. We examine.

So Where Is All The Malware Hidden On Your System?

Cybercriminals are increasingly turning to the Transport Layer Security (TLS) cryptographic protocol to hide their malware communications.

According to Cloudflare.com, "Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP)."

During the first three months of 2021, 46 percent of malware observed used TLS to communicate with a remote system over the internet, according to a Sophos analysis of malware samples. In 2020, only 23 percent of malware tools used TLS.

It is becoming more common for threat actors to use legitimate TLS- protected cloud and Web services, including Google cloud services, Pastebin, Discord, and Github, to host malware, store stolen data, and carry out command and communication operations. Cybercriminals also increasingly use Tor and other TLS-based network proxies to encrypt communication with their malware, according to Sophos.

A senior threat researcher at Sophos stated, "The main takeaways are that there is no such thing as a 'safe' domain or service when screening for malware, and that more traditional rewall defenses based on reputation scanning without deep packet inspection cannot protect systems."

Over the past several years, experts have pushed for the use of cryptographic protocols, such as HTTPS and TLS, to protect online communications from spying and surveillance. Now, 92 percent of online traffic in the U.S. uses TLS, according to Google.

However, although the use of HTTPS and TLS has increased privacy, it also gives cybercriminals a technology they can use to hide their malware and malware communications. Jai Vijayan "Nearly half of all malware is concealed in TLS-encrypted communications" urgentcomm.com (Apr. 23, 2021).

Commentary

Using TLS is only the latest way cybercriminals are hiding malware. Cybercriminals use a number of techniques to evade detection by cybersecurity software, including code packing and encryption, code mutation, rootkit technologies, backdoor Trojans, antivirus-blocking malware, masking malware on a website, and quantity attacks. Kasperksy “How Cybercriminals Try to Combat & Bypass Antivirus Protection” www.kaspersky.com.

In order to address the use of sophisticated technology and techniques by cybercriminals, organizations have to likewise increase the sophistication of their antivirus protections. Work with a cybersecurity expert to devise a solution that scans for threats hiding from traditional antivirus software.

Finally, your opinion is important to us. Please complete the opinion survey: