So Where Is All The Malware Hidden On Your System?

Cybercriminals are increasingly turning to the Transport Layer Security (TLS) cryptographic protocol to hide their malware communications.

According to, "Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP)."

During the first three months of 2021, 46 percent of malware observed used TLS to communicate with a remote system over the internet, according to a Sophos analysis of malware samples. In 2020, only 23 percent of malware tools used TLS.

It is becoming more common for threat actors to use legitimate TLS- protected cloud and Web services, including Google cloud services, Pastebin, Discord, and Github, to host malware, store stolen data, and carry out command and communication operations. Cybercriminals also increasingly use Tor and other TLS-based network proxies to encrypt communication with their malware, according to Sophos.

A senior threat researcher at Sophos stated, "The main takeaways are that there is no such thing as a 'safe' domain or service when screening for malware, and that more traditional rewall defenses based on reputation scanning without deep packet inspection cannot protect systems."

Over the past several years, experts have pushed for the use of cryptographic protocols, such as HTTPS and TLS, to protect online communications from spying and surveillance. Now, 92 percent of online traffic in the U.S. uses TLS, according to Google.

However, although the use of HTTPS and TLS has increased privacy, it also gives cybercriminals a technology they can use to hide their malware and malware communications. Jai Vijayan "Nearly half of all malware is concealed in TLS-encrypted communications" (Apr. 23, 2021).


Using TLS is only the latest way cybercriminals are hiding malware. Cybercriminals use a number of techniques to evade detection by cybersecurity software, including code packing and encryption, code mutation, rootkit technologies, backdoor Trojans, antivirus-blocking malware, masking malware on a website, and quantity attacks. Kasperksy “How Cybercriminals Try to Combat & Bypass Antivirus Protection”

In order to address the use of sophisticated technology and techniques by cybercriminals, organizations have to likewise increase the sophistication of their antivirus protections. Work with a cybersecurity expert to devise a solution that scans for threats hiding from traditional antivirus software.

Finally, your opinion is important to us. Please complete the opinion survey:


Eliminate Barriers To Employee Disclosure Of Cyber Vulnerabilities

If someone in your organization knew about a vulnerability and kept quiet, the consequences could be severe. We examine. Read More

New NIST Guidance: How Does It Help Against Cybercriminals?

There are several cybersecurity measures your organization can take to prevent a ransomware attack or to recover from one. Read More

CAPTCHA Turns To GOTCHA: How Online Criminals Are Upping Their Phishing Game To Incorporate Fake Security Credentials

Read about a scheme increasingly used to deceive users, and keep your employees informed. Read More