Rise in Encrypted Malware: Are Malicious Actors Hiding in Your Encrypted Traffic?

August 2019

SonicWall’s 2019 mid-year cyber threat report, has revealed three critical shifts to the threat landscape that organisations should be aware of. The data, collected from one million sensors globally, found that while there was a decline in malware attacks in the last 12 months, there was a 76% rise in encrypted threats and a 55% rise in IoT malware attacks.

Decline in Malware Attacks

In 2018, SonicWall recorded an astounding 10.52 billion malware attacks, the highest ever recorded by the team’s threat researchers. This year saw a 20% drop with a total of 4.8 billion attacks recorded within the same period.

IoT Malware Increased by 55%

IoT malware attacks are growing. In 2017, 10.3 million IoT attacks were recorded; this increased drastically in 2018 by 215.7% to 32.7 million. During the first six months of this year, 13.5 million IoT attacks have been recorded, surpassing the first two quarters of 2018 by more than half. 

Worldwide Cyber Attack Trends

Encrypted Threats Spiked 76%

Analysis of data collected through SonicWall Capture Labs says that so far this year, 2.4 million encrypted attacks have been recorded. This figure has almost surpassed the whole of 2018 (2.8 million attacks), equalling a 76% year-to-date increase. The surge has been linked to malicious actors using ransomware-as-a-service and open-source malware kits.

“Encrypted malware is dangerous, as it can prevent security systems from seeing what has happened until it has hit the machine. This increase in encrypted malware attacks doesn’t come as a shock to me,” explained Dan Craven, Security Analyst at Secrutiny.

A threat report from Fortinet Networks suggests that 73% of internet traffic is now encrypted. On top of this, Gartner estimates that the majority of malware campaigns are predicted to use some form of encryption to hide malware delivery, command-and-control activity, or data exfiltration by 2020.

Failing traditional threat inspection, with bulk decryption, analysis and re-encryption, means 60% of organisations are struggling to decrypt HTTPS efficiently, missing critical encrypted threats. It is clear organisations need visibility into the encrypted traffic.

So, What Is the Answer?

Encrypted Traffic Visibility (ETV), a fast, effective and highly accurate solution, which exposes threats and stops attacks hidden in encrypted traffic without decryption.

The unique solution detects known attack signatures and anomalous behaviour without decrypting source data by combining network TCP/IP and SSL metadata with AI, machine learning and behavioural analytics.

Encrypted Traffic Visibility ultimately delivers a lightweight, accurate solution that increases an organisations visibility while maintaining security and privacy.


Check Out Our Other Recent Posts >

Hacker Posts Exploits for Over 49,000 Vulnerable Fortinet VPNs
Hacker Posts Exploits for Over 49,000 Vulnerable Fortinet VPNs

A list of almost 50,000 Fortinet VPN devices vulnerable to CVE-2018-13379 has been leaked to a hacker forum. Researchers have commented that slow patching procedures have left a large number of organisations vulnerable to the two-year-old exploit.

The State of Cybersecurity in Healthcare
The State of Cybersecurity in Healthcare

It is by understanding the biggest risks to your sector, that you will understand the most effective ways of managing those risks. And with healthcare becoming one of the most vulnerable and highly-targeted industries in the world – it’s time we addressed the issue…

Secrutiny Expands into Europe via Dutch Subsidiary
Secrutiny Expands into Europe via Dutch Subsidiary

Secrutiny, a cybersecurity managed services company and incident response specialist, expands into Europe via Dutch subsidiary. Headquartered in Amsterdam, led by regional managing director Patrick van Arendonk, Secrutiny NL will be the company’s first office in continental Europe.