Increased Usage of Encryption Perfect for Concealing Malware - Experts

The growing usage of encryption to answer privacy issues is generating ideal conditions for cyber-crooks to cover malware inside the encrypted transactions which reduces the level of advancement needed to prevent detection of malware.

Blue Coat Systems identified in a latest study that encryption permits threats to bypass network security and lets to leaking of sensitive data of employees and corporate data from anywhere inside the company. This is because encryption renders communications private and the deficiency of visibility into SSL traffic makes it more vulnerable in many companies where benign and unfriendly usage of SSL are vague to several security devices.

Infosecurity-magazine.com published news on 19th November, 2014 quoting Hugh Thompson, Chief Security Strategist of Blue Coat as saying "The tug of war between individual privacy and enterprise security is leaving scope for fresh malware attacks involving SSL above corporate networks making everyone's data vulnerable."

Thompson added: "Corporations need the visibility to secure data of customers and to congregate regulatory and compliance requirements to see threats veiling in encrypted traffic and the granular control to ensure the privacy of employee."

The firm also said that its researchers on an average received one out of ten security requests per week equivalent to approximate 100,000 requests was now regarding a suspicious website using encryption.

The firm added that these unknown or dark sites which highlight the need to monitor encrypted channels.

Dyre, a widely distributed Trojan originating from Ukraine which steals password is a form of unsophisticated malware threat found to be hidden in encrypted traffic. One of the most successful malwares known as Dyre quickly replaced it by only adding encryption after the authorities shut down Zeus. Today Dyre abuses human behavior to attack some of the world's largest businesses to hijack accounts exposing bank account information, Social Security numbers, intellectual property, protected health information and many more.

The firm suggested that enterprise security demands should be balanced with appropriate compliance requirements and privacy policies because applicable compliance directives and corporate policies can vary geographically on the basis of organization and industry, flexibility of business needs, customizable, configurable and targeted decryption potentialities to meet their exclusive business needs.

» SPAMfighter News - 11/28/2014