Malware smugglers have settled on a new technique for evading detection

News
By published

The use of encrypted protocols makes malware communications virtually undetectable

encrypted messages
(Image credit: Facebook)

New research from security company Sophos reveals that threat actors are increasingly adopting encrypted communication protocols to prevent the detection of malware

In its analysis, Sophos argues that with more legitimate adoption of HTTPS, identifying unencrypted traffic has become a lot easier for security professionals. 

In order to avoid detection, more and more malware authors are adopting secure communication protocols, such as TLS, to obfuscate communication to and from command and control (C&C) servers.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

“We’ve seen dramatic growth over the past year in malware using TLS to conceal its communications. In 2020, 23 percent of malware we detected communicating with a remote system over the internet were using TLS; today, it is nearly 46 percent,” observes Sophos.

Encrypted communication

The security researchers also note that they’ve observed an increase in the use of TLS in ransomware attacks over the past year, particularly with manually-deployed ransomware.

More worrying, however, is that a large portion of the growth in the use of secure communications can be attributed to increased use of legitimate cloud services protected by TLS. 

Sophos has observed an increase in the use of services such as Discord, Pastebin, Github and Google’s cloud services, either as repositories for malware components, or as destinations for stolen data, and even to send commands to botnets and other malware. 

Also interesting is the breakdown of the destinations of the TLS malware’s traffic, in the first three months of 2021. The data reveals that nearly half of all encrypted malware communications went to servers in the United States and India.

Google’s cloud services led the field as the destination for nine percent of encrypted malware requests, with India’s state-run BSNL close behind at six percent. 

In its report, Sophos suggests organizations implement an in-depth strategy to defend against the increasingly complex threats.

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Russian flag on a laptop
Hackers are using Russian domains to launch complex document-based phishing attacks
Android phone malware
Over 25 new malware variants created every single hour as smart device cyberattacks more than double in 2024
ransomware avast
AI is helping hackers get access to systems quicker than ever before
Security
Experts warn millions of email servers could be vulnerable to attack
Fraud
Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.

A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
See more latest
Most Popular
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand