Story image

Major spike in Malware encryption, Blue Coat finds

08 Aug 2016

Web security specialists Blue Coat is warning enterprises and governments against a ‘significant’ spike in malware hidden in SSL traffic.

According to the company, the rapid adoption of cloud and mobile apps and services is driving an increase in SSL/TLS encrypted traffic as concerns around personal privacy grow.

It says the growing use of encryption is creating perfect conditions for cyber criminals to hide malware inside encrypted transactions.

The advanced threats employ hidden command and control (C&C) channels to execute malicious programmes and exfiltrate proprietary data.

Blue Coat Researchers found a 58 times increase in SSL-cloaked traffic in C&C and a 200 times increase in C&C servers using SSL in 2015, indicating that SSL/TLS will be increasingly used in the future to hide attacks.

As attacks increase exponentially, much of enterprise security infrastructure remains blind to encrypted traffic, Blue Coat says.

“Our researchers’ findings reveal what many have long suspected – that SSL traffic as a primary channel for malware and exfiltration is dramatically increasing,” comments Michael Fey, president and COO, Blue Coat Systems.

“In light of these growing threats, many organisations have realised that the balance between network performance and proper SSL inspection is not as simple as they had been led to believe by many of their network security providers,” he explains.

“By providing dedicated SSL visibility, Blue Coat is helping customers combat security threats hidden in encrypted traffic while preserving the enterprise customers’ priorities like network performance, user privacy and regulatory compliance that organisations today require,” Fey adds.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.