200 times increase in C&C servers using SSL to hide malware

August 29, 2016 | By Comodo SSL

As per a recent report, there has been a 200 times increase in C&C (Command and Control) servers using SSL to hide malware…

Encryption, as we all know, is a very important thing in network security. It’s imperative for securing individual data as well as corporate data and hence it’s something that’s used by enterprises for security purposes. At the same time, encryption is also used by cyber-criminals.

SSL Hide Malware

A research report says that in 2015 there has been a 200 times increase in C&C servers using SSL for hiding malware. There has been a 58 times increase  in SSL-Cloaked malware too. These findings have been revealed in a press release published by Blue Coat Systems, Inc., which is a leading provider of advanced web security solutions for global enterprises and governments. The press release states- “The rapid adoption of cloud and mobile apps and services is driving an increase in SSL/TLS encrypted traffic as concerns around personal privacy grow. But this growing use of encryption is creating perfect conditions for cyber criminals to hide malware inside encrypted transactions. These advanced and increasingly serious threats employ hidden command and control (C&C) channels to execute malicious programs and exfiltrate proprietary data. Blue Coat researchers found a 58 times increase in SSL-cloaked traffic in C&C and a 200 times increase in C&C servers using SSL in 2015, indicating that SSL/TLS will be increasingly used in the future to hide attacks. These findings are highlighted in a recent report from the Fraunhofer Institute for Communication Information Processing and Ergonomics FKIE, sponsored by Blue Coat.”

The inference that SSL/TLS will be increasingly used in the future to hide attacks is to be taken note of. This is a matter of serious concern since cyber-criminals are taking hold of the very same tool that’s used to ensure security in a bid to cause security breaches. Hiding malware inside encrypted transactions is something that’s to be seen as a serious security issue. As the Blue Coat press release says- “As attacks increase exponentially, much of enterprise security infrastructure remains blind to encrypted traffic. Most intrusion prevention systems (IPS), malware sandboxing, data leakage prevention and other tools cannot decrypt SSL/TLS for analysis. Even many common SSL/TLS capable devices are limited in capability, are unable to scale, and increase the complexity of the problem.”

The press release also quotes Michael Fey, President and COO, Blue Coat Systems, Inc.-“Our researchers’ findings reveal what many have long suspected – that SSL traffic as a primary channel for malware and exfiltration is dramatically increasing. In light of these growing threats, many organizations have realized that the balance between network performance and proper SSL inspection is not as simple as they had been led to believe by many of their network security providers”.


Posted in SSL

Be Sociable, Share!

Leave a Comment


* fields are mandatory