"Malware and Ransomware Gangs Have Found This New Way to Cover Their Tracks"

The cybersecurity firm Sophos reports a significant increase in malware using the Transport Layer Security (TLS) to hide malware communications. Although HTTPS helps prevent man-in-the-middle (MITM) attacks, attempts at impersonating trusted websites, and more, the protocol has also allowed cybercriminals to secretly share information between a website and a command-and-control (C2) server. Threat actors' use of the TLS protocol to hide malware communications has prevented defenders from detecting and stopping malware deployment and data theft. Sophos noted that malware communications fall under three main categories: data exfiltration, command-and-control, and the downloading of more malware. According to Sophos, malware using TLS to communicate has risen from 24 percent to 46 percent. Researchers have also observed an increase in TLS use in ransomware attacks over the past year, particularly in manually-deployed ransomware. This article continues to discuss the growth in the use of TLS by malware and ransomware operators. 

ZDNet reports "Malware and Ransomware Gangs Have Found This New Way to Cover Their Tracks"