Rise in Encrypted Malware: Are Malicious Actors Hiding in Your Encrypted Traffic?

August 2019

SonicWall’s 2019 mid-year cyber threat report, has revealed three critical shifts to the threat landscape that organisations should be aware of. The data, collected from one million sensors globally, found that while there was a decline in malware attacks in the last 12 months, there was a 76% rise in encrypted threats and a 55% rise in IoT malware attacks.

Decline in Malware Attacks

In 2018, SonicWall recorded an astounding 10.52 billion malware attacks, the highest ever recorded by the team’s threat researchers. This year saw a 20% drop with a total of 4.8 billion attacks recorded within the same period.

IoT Malware Increased by 55%

IoT malware attacks are growing. In 2017, 10.3 million IoT attacks were recorded; this increased drastically in 2018 by 215.7% to 32.7 million. During the first six months of this year, 13.5 million IoT attacks have been recorded, surpassing the first two quarters of 2018 by more than half. 

Worldwide Cyber Attack Trends

Encrypted Threats Spiked 76%

Analysis of data collected through SonicWall Capture Labs says that so far this year, 2.4 million encrypted attacks have been recorded. This figure has almost surpassed the whole of 2018 (2.8 million attacks), equalling a 76% year-to-date increase. The surge has been linked to malicious actors using ransomware-as-a-service and open-source malware kits.

“Encrypted malware is dangerous, as it can prevent security systems from seeing what has happened until it has hit the machine. This increase in encrypted malware attacks doesn’t come as a shock to me,” explained Dan Craven, Security Analyst at Secrutiny.

A threat report from Fortinet Networks suggests that 73% of internet traffic is now encrypted. On top of this, Gartner estimates that the majority of malware campaigns are predicted to use some form of encryption to hide malware delivery, command-and-control activity, or data exfiltration by 2020.

Failing traditional threat inspection, with bulk decryption, analysis and re-encryption, means 60% of organisations are struggling to decrypt HTTPS efficiently, missing critical encrypted threats. It is clear organisations need visibility into the encrypted traffic.

So, What Is the Answer?

Encrypted Traffic Visibility (ETV), a fast, effective and highly accurate solution, which exposes threats and stops attacks hidden in encrypted traffic without decryption.

The unique solution detects known attack signatures and anomalous behaviour without decrypting source data by combining network TCP/IP and SSL metadata with AI, machine learning and behavioural analytics.

Encrypted Traffic Visibility ultimately delivers a lightweight, accurate solution that increases an organisations visibility while maintaining security and privacy.

 

Check Out Our Other Recent Posts >

London Breakfast Briefing – Achieving Prioritised Cyber Risk Management
London Breakfast Briefing – Achieving Prioritised Cyber Risk Management

Secrutiny is hosting an intimate breakfast briefing for cyber security leaders in London on Thursday, 28th November. Join us to discover how, with a bit of extension and instrumentation, the ecosystem of controls that you already have can form the basis of an evidential, prioritised cyber risk management programme. Learn more and register…