TLS is an important Internet component
Last year, Google made some important changes to their Chrome browser in a bid to increase user security.
Among these changes was to default to "HTTPS" in the browser in an attempt to reduce the number of "man in the middle" and similar types of attacks. Their strategy worked. Other companies adopted Google's approach and HTTPS became the new standard on the web, and user security was increased. That's a very good thing.
Unfortunately, we are now learning, courtesy of data collected by Sophos, that hackers are increasingly taking advantage of TLS (Transport Layer Security) to hide their own activities. Last year, Sophos reported that some 24 percent of malware was using TLS to communicate. This year, that value is up to 46 percent.
What is TLS and why should I care?
TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet. It is mostly familiar to users through its use in secure web browsing, and in particular the padlock icon that appears in web browsers when a secure session is established. However, it can and indeed should also be used for other applications such as e-mail, file transfers, video/audioconferencing, instant messaging and voice-over-IP, as well as Internet services such as DNS and NTP.
TLS evolved from Secure Socket Layers (SSL) to secure web sessions. It should be noted that TLS does not secure data on end systems. It simply ensures the secure delivery of data over the Internet, avoiding possible eavesdropping and/or alteration of the content.
Data has historically been transmitted unencrypted over the Internet, and where encryption was used, it was typically employed in a piecemeal fashion for sensitive information such as passwords or payment details. Without TLS, sensitive information such as logins, credit card details and personal details can easily be gleaned by others, but also browsing habits, e-mail correspondence, online chats and conferencing calls can be monitored. Recent versions of all major web browsers currently support TLS, and it is increasingly common for web servers to support TLS by default.
How are hackers using TLS?
Where malware is concerned, there are, broadly speaking, three types of communication: downloading additional malware, exfiltration of data, and command and control. By using TLS when engaging in all three of these, hackers make it significantly more difficult for IT security professionals to detect, and ultimately to stop their malicious activity.
While user security has unquestionably increased over the last year, so too, has the security of hackers, and it's complicating the lives of IT folks around the world.
Unfortunately, there's not much that can be done about it. Anything that helps the general public by definition, can also be used by hackers around the world to help themselves, so it shouldn't come as a great surprise that they're increasingly embracing TLS. The first rule of hacking is, after all, 'be at least two steps ahead.' They are, and that's unlikely to change in the foreseeable future.
My perspective
For now, the best you can do is be mindful of the fact that hackers are increasingly taking advantage of TLS. Forewarned is forearmed. Good luck out there.
You could just about hear the Robot saying... "Danger, Will Robinson!"
By Denis Wilson
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter.
I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.
Contact me if you would like me to speak to your association
