Majority of malware delivered via encrypted connections

Without HTTPS inspection of encrypted traffic, traditional antivirus solutions won’t do businesses any good, because most threats will never be spotted.

This is according to a new report from WatchGuard Technologies, which claims that two thirds (67 percent) of all malware in Q1 2020 was delivered via encrypted HTTPS connections.

The report states that almost three quarters (72 percent) of these encrypted threats were zero-days, which are almost invisible to signature-based antivirus protection, because they have never been encountered before.

To stay safe, WatchGuard argues businesses need to turn their attention to HTTPS inspections of encrypted traffic, as well as advanced behaviour-based threat detection and response.

The security firm also found that ransomware remains as popular as ever, although Bitcoin is slowly being phased out as the preferred cryptocurrency for ransom payments. Instead, criminals are increasingly opting for Monero, a cryptocurrency often described as fully anonymous and untraceable.

Five of the top ten domains distributing malware in Q1 either hosted or controlled Monero cryptominers, according to the report.

Flawed-Ammyy and Cryxos malware variants also joined the list of most distributed malware, followed by the Cryxos trojan, which primarily targets victims living in Hong Kong.

As usual, the email was the most common malware distribution channel.