Theres’s been a huge uptick in the proportion of malware using TLS or the Transport Layer Security to communicate without being spotted, cybersecurity firm Sophos reports.
While HTTPS helps prevent eavesdropping, man-in-the-middle attacks, and hijackers who try to impersonate a trusted website, the protocol has also offered cover for cybercriminals to privately share information between a website and a command and control server — hidden from the view of malware hunters.
“It should come as no surprise, then, that malware operators have also been adopting TLS … to prevent defenders from detecting and stopping deployment of malware and theft of data,” Sophos said.
Read more…
Source: ZDNet