Transport layer security (TLS) and secure sockets layer (SSL) are designed to offer safe, secure and legitimate web activity. Yet, the same technology is being used by cybercriminals protect their malicious scripts.

According to a new report published by cybersecurity company SonicWall, the 2019 Cyber Threat Report, encrypted malware attacks increased by 27% in 2018. Based on data collected through more than one million global devices, SonicWall detected more than 2.8 million attacks using encryption throughout 2018.

SSL protection is now standard, with up to 93% of websites now using the technology. These certificates provide a secure channel between two machines connected to the internet, which is commonly used to provide a secure connection between a web server and web browser. As the connection is encrypted, outside parties are unable to intercept communications between those two channels.

However, the use of SSL also presents some concerning security vulnerabilities. Previous studies have discovered cases of malware being transmitted over secure connections. As users perceive a protected website to be safe, they are more likely to trust the platform and accept potentially malicious downloads from it. Likewise, encrypted malware is also able to hide its true nature, infecting a device while avoiding detection from cybersecurity systems.

Encrypted malware was somewhat rare at the start of 2017, with barely any cases detected in February and March that year. Despite peaks in July and December, less than 100,000 cases were detected by SonicWall each month throughout 2017. However, detected encrypted malware attacks climbed above 200,000 on average throughout 2018.

Encrypted malware: What to watch out for

The SonicWall report found that close to 70% of all encrypted malware cases were coming from two malware strains.

Jscript.Nemucod.DW 4, a variant of the Nemucod malware, which is used to transfer other malicious files to an infected system, accounted for 39% of all encrypted malware attacks in 2018.

XPACK.A 8509, a Trojan that usually comes packaged in legitimate software shared over the internet, is used to harvest data from an infected system. This accounted for a further 29% of encrypted malware attacks.

Cybercriminals continue to favour malware

Despite significant growth in ransomware and web app attacks, malware attacks remain the second most common method used by cybercriminals behind only intrusion attempts.

SonicWall continued to see a rise in the frequency of malware attacks in 2018. Detections increased from 8.6 billion in 2017 to 10.5 billion in 2018, with some 45 million unique malware strains used.

Canada saw the greatest increase in cases, rising by 103% year-over-year. However, they still sit behind the United Kingdom, China and the United States for the number of attacks.

The US (62%), UK (57%), India (53%), Germany (99%) and Brazil (119%) also saw significant increases in 2018. China was the only country to have seen a decrease in cases, with the frequency of malware attacks decreasing by 53%.

3 Things That Will Change the World Today


Read more: How to spot spear phishing and protect your business from costly attacks