Web traffic has witnessed an exponential rise in encryption owing to privacy and data confidentiality concerns. This includes both legitimate and malicious traffic, the latter finding encryption as an effective method to conceal its true existence and an effective way to propagate and infect a large number of systems across the internet. Encryption of malware amongst web traffic also serves to obfuscate and disrupt the operations of cyber security experts. This gives more time to malicious applications to propagate and establish effective communications with the command and control centers.
Global encrypted web traffic grew to 50% by 2017. One of the main reasons behind this increase is the availability of low cost or free SSL certificates. Another reason is that web browsers such as Chrome have started flagging unencrypted websites that handle critical and sensitive personal information such as financial and email login credentials, as unsecure. Google has also incentivized HTTPS encryption by jacking search rankings of websites complying with this encryption requirement.
Cyber criminals also use encryption for concealing their communications with command and control centers. A report by CISCO observed over a 12 month period by analyzing 400,000 malicious binaries found about 70% had employed some sort of encryption.
MACHINE LEARNING TO COUNTER THE THREAT
Since encrypted malware is generally hard to track, by the time it is identified, considerable damage and spread has already taken place. Machine learning and Artificial Intelligence (AI) is now actively used by organizations and businesses to reduce the impact of this malware by reducing its time to operate. It beefs up security and enables it to learn patterns used by malicious codes and automatically intercept threats in future. Machine learning for automated detection of threats operates in a paradigm of 3 distinct patterns.
This includes detection of threats that are known and have been seen before. As soon as the threat is detected, the security system automatically handles the threats and alerts the relevant teams on its status and actions taken.
True value of machine learning lies in detection of previously unknown variations of known threats, subfamilies or related threats. This information helps to nab such threats in time and avert troubles arising out of late detection.
These include completely unknown malware threats, not even remotely related to any of the previously known malwares. It can also scan for unusual patterns in large chunks of encrypted traffic and automatically relay such information to experts. This detection can forestall disastrous consequences for organizations which cannot afford mass scale disruptions. For instance, ransomware malware usually rely on unknown acts of deployment and by the time they are detected, it gets too late. AI tools can greatly preempt these attacks.
Automation with the help of AI, is at the cornerstone of machine learning platforms as it bridges the inevitable gap that lack of trained personnel entails in most security layers. These automated alerts are, however, not without glitches as there have been a number of false positives that increase the security teams’ workload.