Majority of malware occurs via HTTPS-encrypted connections


Posts: 52   +1
In a nutshell: A new report from WatchGuard Technologies reveals how nearly all malware is arriving via HTTPS-encrypted connections. The firm’s latest quarterly Internet Security Report also highlights noticeable increases in fileless malware, as well as network and ransomware attacks.

The network security company said that in Q2 2021, 91.5% of malware arrived over an encrypted connection. It added that any company not examining encrypted HTTPS traffic at the perimeter will miss out on 9/10 of all malware. The data is derived from the firm’s own active WatchGuard Fireboxes.

“With much of the world still firmly operating in a mobile or hybrid workforce model, the traditional network perimeter doesn’t always factor into the cybersecurity defence equation,” said Corey Nachreiner, chief security officer at WatchGuard.

Ransomware attacks were decreasing between 2018 and 2020, but during just the first half of 2021, attacks equaled the total amount seen in 2020. Thus, this year’s volume is expected to increase by over 150% compared to 2020.

WatchGuard blocked more than 16.6 million malware variants (438 per device) and nearly 5.2 million network threats (137 per device). The report also shows how even though malware attacks experienced a small 3.8% decline in Q2, threat actors have taken advantage of hybrid work models by targeting malware towards both remote users at home and office infrastructure.

The increase in the use of malware has targeted Microsoft Exchange servers and generic email users to download remote access trojans (RATs) in “highly sensitive locations,” with the reason most likely attributed to the workforce and learners returning to hybrid offices and academic environments.

Additionally, Microsoft Office continues to be a popular malware target. Debuting on top of the 10 most-widespread network attacks list, the 2017 RCE vulnerability affects Microsoft browsers. “Though it may be an old exploit and patched in most systems (hopefully), those that have yet to patch are in for a rude awakening if an attacker is able to get to it before they do,” the report warns.

Despite remote workforces becoming more commonplace, WatchGuard detected an increase in network attacks, rising by 22% to 5.1 million compared to a million fewer during Q1. The statistics show “an aggressive course that highlights the growing importance of maintaining perimeter security alongside user-focused protections.”

A new threat report from Eset, meanwhile, detailed how hackers are turning up their efforts for guessing passwords. Between May and August 2021, the security firm detected 55 billion new brute-force attacks focused on public-facing RDP (Remote Desktop Protocol) services, a 104% increase compared to the 27 billion attacks carried out during the first four months of 2021. Attackers are exploiting the opportunity because of the increase in remote working; the pandemic has led to much of the workforce utilizing remote-desktop services.

Permalink to story.



Posts: 6,961   +5,476
I don't see how https was really designed to prevent malware infections - just to keep data secure. If companies think that https connections will keep them safe from malware attacks, then they need to find new IT people, IMO.

It sounds like some companies do not have limits on the number of incorrect login attempts that their users make. If they did have those limits, it seems that brute force password cracking attempts would be relatively useless.

Couple that with training for socially engineered, I.e., phishing attacks, might drastically bring down the number of attacks and infections.

I guess you cannot fix stupid as they say.


Posts: 23   +16
TechSpot Elite
"...any company not examining encrypted HTTPS traffic at the perimeter will miss out on 9/10 of all malware."

Not examining encrypted HTTPS traffic suggests decryption of encrypted traffic. Thanks, but no thanks. It is encrypted for a reason. While I still keep an "antivirus" enabled, it will always be one of those few remaining products that do not ask (or even require) "honest middleman" status, decrypting all traffic in the process by way of certificate installations.