According to the latest report published by WatchGuard Threat Lab, the fourth quarter of 2022 would have recorded a general decrease in malware on the network against an increase in encrypted traffic. In fact, encrypted connections have become the preferred method for attackers to spread malware.
This is actually a trend that has been going on for some years, proving to be particularly insidious given the widespread use of encrypted connections by companies. However, with few having HTTPS inspection enabled, most of this type of malware goes undetected, leading to far worse scenarios.
Between 2020 and 2021, threats over the HTTPS protocol increased by more than 300%, with a 200% growth in the use of malware as an attack vector. Two years ago, therefore, significant growth rates were recorded relating to threats in SSL (Secure Socket Layer) and TLS (Transport Layer Security) traffic, and in particular the use of malware as-a-service emerged to obtain tools that would allow hide actions in encrypted traffic. In the latest report for the fourth quarter of 2022, Threat Lab researchers indicate that as much as 93% of malware is hidden behind encryption.
Malware as a service
This is a trend that has emerged in recent years and is greatly facilitating criminal activity on the web, allowing virtually anyone to create computer viruses and attempt attacks. In fact, platforms for the creation of malware, but also ransomware, have spread on the dark web, which also allow the monitoring of activities and the earnings obtained, all with very minimal computer knowledge. The buying and selling of computer viruses is also an increasingly widespread practice, so on the one hand, cybercriminals make money not only by carrying out successful attacks but also by reselling the malicious codes they have created themselves.
Encryption becomes a threat
As always happens in the fight against crime, the more defensive tactics and tools are created, the more criminals devise new ways to circumvent them. So also in this case, faced with the growth of encrypted traffic, obviously more secure and increasingly used for services that are used on a daily basis, just think of WhatsApp or online banking or the most common e-commerce sites, cybercriminals they started using the same security technology to carry out attacks, hiding in malicious code.
