Web security specialists Blue Coat is warning enterprises and governments against a ‘significant’ spike in malware hidden in SSL traffic.
According to the company, the rapid adoption of cloud and mobile apps and services is driving an increase in SSL/TLS encrypted traffic as concerns around personal privacy grow.
It says the growing use of encryption is creating perfect conditions for cyber criminals to hide malware inside encrypted transactions.
The advanced threats employ hidden command and control (C&C) channels to execute malicious programmes and exfiltrate proprietary data.
Blue Coat Researchers found a 58 times increase in SSL-cloaked traffic in C&C and a 200 times increase in C&C servers using SSL in 2015, indicating that SSL/TLS will be increasingly used in the future to hide attacks.
As attacks increase exponentially, much of enterprise security infrastructure remains blind to encrypted traffic, Blue Coat says.
“Our researchers’ findings reveal what many have long suspected – that SSL traffic as a primary channel for malware and exfiltration is dramatically increasing,” comments Michael Fey, president and COO, Blue Coat Systems.
“In light of these growing threats, many organisations have realised that the balance between network performance and proper SSL inspection is not as simple as they had been led to believe by many of their network security providers,” he explains.
“By providing dedicated SSL visibility, Blue Coat is helping customers combat security threats hidden in encrypted traffic while preserving the enterprise customers’ priorities like network performance, user privacy and regulatory compliance that organisations today require,” Fey adds.