Threats using SSL encryption are on the rise, which means it is used to mask malware and evade security detection tools.
An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS.
The Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year, said researchers at ThreatLabZ.
“Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration and hide botnet command and control communications. In fact, our study found that the amount of phishing attempts per day delivered over SSL/TLS has increased 400 percent from 2016,” said Deepen Desai, senior director, security research and operations in a post.
ThreatLabZ researchers also identified new malicious payload distributions using SSL/TLS for command and control (C&C).
Banking Trojans comprised 60 percent of the payloads, including families like Dridex, Zbot, Vawtrak and Trickbot, while 25 percent were comprised of multiple ransomware families. Less popular payloads included Infostealer Trojan families and other miscellaneous families.
Here are some additional findings:
• Malicious content delivered over SSL/TLS has more than doubled in the last six months.
• Zscaler cloud blocked an average of 12,000 phishing attempts per day delivered over SSL/TLS, which is an increase of 400 percent from 2016.
• New, increasingly sophisticated malware strains use SSL to encrypt their C&C mechanisms.
• Zscaler saw an average of 300 hits per day for web exploits that included SSL as part of the infection chain.