True North Networks Blog
Two thirds of malware is invisible without HTTPS inspection
A new report from WatchGuard Technologies shows that 67 percent of all malware in the first quarter of this year was delivered via HTTPS, so organizations without security solutions capable of inspecting encrypted traffic will miss two-thirds of incoming threats.
In addition, 72 percent of encrypted malware was classified as zero day (meaning no antivirus signature exists for it, and it will evade signature-based protections). The findings suggest that HTTPS inspection and advanced behavior-based threat detection and response solutions are now requirements for every security-conscious organization.
"Some organizations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option," says Corey Nachreiner, chief technology officer at WatchGuard. "As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection."
Other findings of the report include a jump in cryptomining activity. Five of the top 10 domains distributing malware in Q1 (identified by WatchGuard's DNS filtering service DNSWatch) either hosted or controlled Monero cryptominers.
A three-year-old Adobe Acrobat Reader exploit that was patched back in August 2017 appeared in WatchGuard's top network attacks list for the first time in Q1 too. Overall though there were 6.9 percent fewer malware hits and 11.6 percent fewer network attacks in Q1.