Malware smugglers have settled on a new technique for evading detection

The use of encrypted protocols makes malware communications virtually undetectable

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

New research from security companySophosreveals that threat actors are increasingly adopting encrypted communication protocols to prevent the detection ofmalware.

In its analysis, Sophos argues that with more legitimateadoption of HTTPS, identifying unencrypted traffic has become a lot easier for security professionals.

In order to avoid detection, more and more malware authors are adopting secure communication protocols, such as TLS, to obfuscate communication to and from command and control (C&C) servers.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

“We’ve seen dramatic growth over the past year in malware using TLS to conceal its communications. In 2020, 23 percent of malware we detected communicating with a remote system over the internet were using TLS; today, it is nearly 46 percent,” observes Sophos.

Encrypted communication

The security researchers also note that they’ve observed an increase in the use of TLS inransomware attacksover the past year, particularly with manually-deployed ransomware.

More worrying, however, is that a large portion of the growth in the use of secure communications can be attributed to increased use of legitimatecloud servicesprotected by TLS.

Sophos has observed an increase in the use of services such asDiscord, Pastebin, Github andGoogle’s cloud services, either as repositories for malware components, or as destinations for stolen data, and even to send commands to botnets and other malware.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Also interesting is the breakdown of the destinations of the TLS malware’s traffic, in the first three months of 2021. The data reveals that nearly half of all encrypted malware communications went to servers in the United States and India.

Google’s cloud services led the field as the destination for nine percent of encrypted malware requests, with India’s state-run BSNL close behind at six percent.

In its report, Sophos suggests organizations implement an in-depth strategy to defend against the increasingly complex threats.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

ChatGPT just got easier to find when you’re searching for something