Majority of malware is invisible without https inspection

Get a free Techzine subscription!

Two-thirds (67 percent) of the malware delivered in the first quarter of 2020 used encrypted https connections, according to a study by WatchGuard Technologies. Without https inspection, these threats can not be detected.

Of the encrypted malware, 72 percent involve zero-day malware that hasn’t been registered yet in a database. As a result, this malware is virtually invisible to traditional signature-based antivirus solutions.

WatchGuard believes that security solutions with https inspection and advanced behaviour-based malware detection is crucial to combat this type of malware. According to Corey Nachreiner, CTO at WatchGuard, companies need to set up https inspection as soon as possible despite the extra work involved. “It’s simply no longer an option to let traffic pass uninspected. As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Bitcoin losing popularity with criminals

The security firm also discovered that ransomware is still popular among hackers, but Bitcoin is slowly losing ground. Instead of Bitcoin, many cybercriminals are increasingly opting for Monero, a cryptocurrency that is often described as completely anonymous and untraceable.

Five of the top ten domains that distributed malware in the first quarter of 2020 were used to host or control Monero cryptominers. One possible explanation is that the addition of a cryptomining module for cybercriminals is an easy way to earn money.

Popular malware

The list of most distributed malware now includes FlawedAmmyy and Cryxos, which primarily targets people in Hong Kong. Cryxos is delivered as an email attachment disguised as an invoice and asks users to enter their email and password, which it then stores. In the case of FlawedAmmyy, an attacker poses as an employee providing technical support, and through the Ammy Admin software, the attacker then gains access to the victim’s computer.