Gallagher reveals that TLS, allows cybercriminals to hide-in-plain-sight, by making their bad traffic appear the same as good traffic.
The report emphasizes that “Malware communications typically fall into three categories: downloading additional malware, exfiltration of stolen data, and retrieval or sending of instructions to trigger specific functions (command and control).”
“ All these types of communications can take advantage of TLS encryption to evade detection by defenders. But the majority of TLS traffic we found tied to malware was of the first kind: droppers, loaders and other malware downloading additional malware to the system they infected, using TLS to evade basic payload inspection.”
———————
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.
