Jump to content
Sign in to follow this  

Malicious content delivered over SSL/TLS has more than doubled in six months

Recommended Posts


Threats using SSL encryption are on the rise. An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS. Researchers also found that the Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year.


malicious content ssl-tls


“Hackers are increasingly using SSL to conceal device infections, shroud data exfiltration and hide botnet command and control communications. In fact, our study found that the amount of phishing attempts per day delivered over SSL/TLS has increased 400 percent from 2016,” said Deepen Desai, senior director, security research and operations.

Malicious payload distributions

ThreatLabZ researchers also identified new malicious payload distributions, based off unique payloads hitting the Zscaler Cloud Sandbox, leveraging SSL/TLS for command and control (C&C) activity.


Banking Trojans comprised 60 percent of the payloads, including families like Dridex, Zbot, Vawtrak and Trickbot, while 25 percent were comprised of multiple ransomware families. Less popular payloads included Infostealer Trojan families and other miscellaneous families.

Additional findings

  • The amount of malicious content being delivered over SSL/TLS has more than doubled in the last six months.
  • The Zscaler cloud blocked an average of 12,000 phishing attempts per day delivered over SSL/TLS—an increase of 400 percent from 2016.
  • New, increasingly sophisticated malware strains use SSL to encrypt their C&C mechanisms.
  • Zscaler saw an average of 300 hits per day for web exploits that included SSL as part of the infection chain.
  • The most prevalent malware family leveraging SSL-based callbacks was Dridex/Emotet, which contributed 34 percent of the total unique, new payloads in 2017.

malicious content ssl-tls


New malicious payloads leveraging SSL/TLS for C&C activity:

  • 60 percent were comprised of multiple Banking Trojan families (Zbot, Vawtrak, Trickbot, etc.)
  • 25 percent were comprised of ransomware families
  • 12 percent were comprised of Infostealer Trojan families (Fareit, Papras, etc.)
  • 3 percent were from other miscellaneous families.

Article source

Share this post

Link to post
Share on other sites

Absolutely normal. How else, if SSL/TLS is made compulsory. (More accurate say - will be made compulsory in near future).
Of course, something can be made compulsory, but it doesn't mean, that wolfs will begin to change its color. Why should?
SSL/TLS is not meant to protect something, but to make money.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.