Malware Encrypted in SSL

The padlock, a symbol of trust, is sometimes used by new types of malware to hide behind it. The green icon that you see at the top of your browser when visiting a website via a connection encrypted with a valid SSL/TLS certificate should not be mistaken with the impossibility of all forms of attack.

The SSL encryption is used to protect a website or app that transfers sensitive data. Still, some attackers also use SSL/HTTPS encryption to hide malicious code.

The security solutions such as intrusion detection systems and firewalls can not discover the malicious attacks if they can not decode the entire network request. This happens when the communication happens over an SSL connection because the security system can not see through the encryption.

Still, some of the newer intrusion detection solutions come with a deep packet inspection. Thus, the tool searches at the lower levels of the network request to understand its content better. But not many companies have the option available at this moment. So, data passing over HTTPS can still be a threat. Another way to detect the presence of SSL malware is the SSL Inspection, which has all the traffic decrypted, inspected and re-encrypted. The main difference between this inspection and the man-in-the-middle attack is that in this case, the administrator makes the changes to the computers in order to allow inspection only by the authorized device or certificate.

How Does SSL Malware Work

In order to be able to inject malware in the streams of data, cybercriminals get free SSL certificates for their websites that contain malware, in order to avoid tracking of their transactions. Some others use SSL certificates on phishing sites which try to imitate the legitimate websites and fool the user to access them.

According to security researchers, 4.2% of the malware attacks use SSL, at this moment, an increase of 400% over 2018, mainly because customers do not turn on the deep packet inspection for SSL.

So, SSL just ensures that the requests are encrypted, but the transmitted data can contain viruses and other types of malware. If the website uses an organization validation or extended validation SSL certificate, the users can check the certificate details to obtain further data about the organization behind the website.

You Can Protect Yourself

Always look for the padlock symbol in the browser, as a confirmation of the SSL encryption.

When entering your personal data or make a transaction, check the organization details on the SSL certificate to be sure it belongs to the correct organization.

Use strong password managers.

Use a VPN (Virtual Private Network) solution, to secure and anonymize any online session.

Check the right configuration of firewalls and intrusion detection systems, in order to increase the chances that an intrusion is detected and quarantined before it produces much damage.

Use the deep packet inspection or SSL inspection to avoid threats in encrypted traffic.

Choose powerful anti-virus tools and keep them up to date.