Detect Encrypted Malware

The Hidden Threat

SECTION 1

Nearly 90% of all Internet traffic is encrypted—and we’re quickly moving toward an Internet where that will be true of nearly every piece of data in transit. Although this is great for privacy and confidentiality, it creates a serious blind spot for security.

71%

of malware installed through phishing is hiding in encryption.

F5 Labs Threat Intelligence

ENCRYPTED MALWARE: THE HIDDEN THREAT

By taking advantage of encryption, attackers can bypass most inspection devices to deliver malware inside the network. In addition, encrypted data exfiltration bypasses security tools without scrutiny. F5 Labs threat research shows that 71% of malware uses encryption to hide when it communicates back to command and control locations. Additionally, 57% of malware sites and 95% of phishing sites were accessed just one time, complicating incident response investigations.

Cybercriminals know that organizations have trouble decrypting and inspecting traffic—and they use that to their advantage. Using malware such as spyware, ransomware, and rootkits, as well as exploits, attackers compromise users, networks, and applications to steal personal data.

In 2018, 28% of all data breaches involved some form of malware according to the Verizon 2019 Data Breach Investigations Report. In addition to being used by criminal organizations for financial gain, malware is increasingly employed by state-sponsored entities to disrupt other countries and commit espionage. 

 

Gaining better visibility into encrypted traffic is one of the most important steps you can take to protect your applications and your business. 

This problem isn’t new. Over the years, the cyber security industry has designed many tools to detect or block malware and malicious traffic. Organizations deploy technologies such as next-generation firewalls to watch user behavior, sandboxes to find zero-day exploits, intrusion protection systems to block malicious payloads, data loss prevention scanners to prevent data exfiltration, and web gateway services to secure inbound and outbound traffic. 

These solutions evolved over the years to become adept at preventing malware from infecting users’ systems and compromising corporate networks or applications. However, they weren't designed for encryption/decryption at scale, so they can't examine what's inside the encrypted traffic. The rise of encrypted data created an opportunity for attackers—and a headache for network administrators. Making matters worse, many inspection devices can’t keep pace with the rapidly changing encryption landscape, such as requirements for Perfect Forward Secrecy (PFS) in TLS 1.3, resulting in blind spots or performance degradation. If you want to keep your apps, your data, and your organization protected against malware, you can’t afford to be blind to encryption.

By taking advantage of encryption, attackers can bypass most inspection devices to deliver malware inside the network, and remove data without anyone knowing.

 

Bad actors leverage encryption to evade detection, and phishing is one of the more popular attack scenarios.

HOW PHISHING AND MALWARE EVADE DETECTION

Encrypted malware is one of the most serious threats to the enterprise, and can lead to financial losses, reputation damage, service disruption, and data breaches. Compounding the problem is the fact that any time your users access an infected website or click on a malicious attachment in a phishing email, they can pick up a nasty piece of malware.

Malware loves encryption that allows it slip through your traffic undetected, and phishing is one of the more popular attack scenarios. Free and low-cost HTTPS certificate providers make it easier for attackers to infiltrate malware and exfiltrate stolen assets. In the 2019 Application Protection Report, F5 Labs found that phishing was responsible for 21% of breaches. Learn how that happens using phishing malware in this short video.

Attackers develop malware to cause damage or gain access and exfiltrate data, usually without the victim's knowledge.

DEFENDING AGAINST ENCRYPTED THREATS

If you want to keep your apps, your data, and your organization protected against malware, you can’t afford to be blind to encryption. Gaining better visibility into encrypted traffic is one of the most important steps you can take today. The question remains, what’s the best way to do that without degrading application performance? Read the article to help answer that question.  

Read the article

Defending Against Encrypted Threats

Return To Hub ›

LEARN MORE ABOUT PROTECTING AGAINST ENCRYPTED THREATS

Encrypted Malware: The Hidden Threat

In Section 1, learn how attackers can use encryption to deliver malware inside the network and steal your data.

Return to top of page

Is TLS 1.3 the Solution?

Section 2 explains the features of TLS 1.3, and considers strategies for adopting the latest encryption protocol. 

SECTION 2 >

Inspecting Encrypted Packets

In Section 3, discover why visibility into encrypted traffic is vital to protecting your network and applications.

SECTION 3 >

The Benefits of Orchestration

Section 4 explores how SSL/TLS orchestration can help maximize the effectiveness and ROI of your security solutions.

SECTION 4 >

SPEAK WITH F5'S SECURITY EXPERTS

Got a security question, issue, or something else you'd like to discuss? We'd love to hear from you!
We'll make sure to contact you by email within one business day.

Thank you for your inquiry. We will be in contact with you shortly.