Bekker's Blog

Blog archive

SophosLabs: A Quarter of Malware Using TLS

The industrywide push in recent years toward encrypting Web traffic isn't just for good guys.

Encryption has always been neutral, as useful to bad actors for hiding nefarious activity as it is for legitimate users trying to protect their data from those trying to steal it.

New research from SophosLabs documents how widespread the use of HTTPS connections is becoming in malware circles, especially for communicating back to command-and-control servers (C2).

SophosLabs on Tuesday reported on a representative sampling of malware analyses the research team has conducted over the past six months.

"Out of all the malware that made some kind of network connection during their infection process, about 23% communicated over HTTPS, either to send or receive data from the C2, or during installation when they may use HTTPS to conceal the fact that they are retrieving malicious payloads or components," SophosLabs threat researcher Luca Nagy wrote in the blog post describing the research.

Not all types of malware communicate equally over TLS. Information-stealing trojans made up only 16 percent of the samples SophosLabs tested during the six-month period, but of those, 44 percent used TLS over standard HTTPS ports. Ransomware, which does its damage in other ways, was less likely to use encryption when calling home.

Sophos released the research Tuesday in conjunction with the launch of a new firewall, which features more advanced SSL inspection, including support for TLS 1.3 without requiring downgrading, new policy tools and performance improvements. More detail on XG Firewall v18 is available here.

Posted by Scott Bekker on February 18, 2020 at 2:29 PM


Featured

  • Nvidia Buys Chip Maker Arm for $40 Billion

    Nvidia has entered into a "definitive agreement" to acquire U.K.-based chip design company Arm Ltd. from the SoftBank Group in a stock-and-cash deal valued at $40 billion.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Oracle, Not Microsoft, Wins TikTok Buyout Bid

    Oracle's proposal to acquire TikTok's U.S. social media operations emerged victorious over the weekend, putting an end to Microsoft's competing buyout bid.

  • Microsoft Making Progress on Windows Virtual Desktop

    A recent "Desktops in the Cloud" podcast chat gives some insight into Microsoft's progress on its Windows Virtual Desktop (WVD) service.