Encrypted malware: a threat facilitated by the GDPR?

One of the positive consequences of the increased concern for personal and corporate cybersecurity is the fact that Internet user are increasingly vigilant with their data and who they share it with. At the same time, online platforms have intensified their efforts to provide secure, private browsing in order to safeguard their and their users’ information.

And this trend is on the up. According to the Global Internet Phenomena Report, written by Sandvine, even very conservative estimates suggest that over 50% of Internet traffic is encrypted. And more and more platforms are turning to end-to-end encryption to ensure that their communications are private.

The GDPR encourages even more encryption

There are several factors that have contributed to the growth of encrypted traffic. It is not simply down to the enormous concern shown by users and companies; legal regulations have also had a hand in it. The GDPR states that companies that handle data “should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption,” that “should ensure an appropriate level of security, including confidentiality, taking into account (…) the nature of the personal data to be protected.”

In fact, beyond companies own willingness to encrypt their communications, there are two cases where the GDPR requires encryption: firstly, when it considers that there is a high risk that this data will be breached; secondly, when said organizations use this data for a different purpose than that expressed to the user when their data was requested. A lack of encryption, therefore, can mean that offending companies are infringing the GDPR (and thus facing the subsequent sanctions of up to €20 million or 4% of the company’s global annual turnover). But that’s not all; encryption can also be of help to these companies, since, if they were to suffer a cyberattack, they wouldn’t need to inform their users about it if their information is correctly encrypted and protected.

A window for encrypted malware

However, all of this has its downside; encrypted traffic is already becoming one of the largest niches for cybercrime: according to Ixia’s 2018 Security Report, cybercriminals are starting to carry out attacks in this kind of traffic. In fact, Gartner states that half of cyberattacks carried out in 2019 using malware will use some kind of encryption, while by 2020, the figure is set to rise to 70%.

There are two particularly worrying things about encrypted malware: the first is the fact that it can be found on platforms that have encrypted traffic; this means that users, believing themselves to be safe, let their guard down, trust the platform, and thus become more vulnerable. The second is the fact that this malicious software can to hide its true nature, meaning that some cybersecurity systems do not detect it until it is too late.

How to avoid encrypted malware attacks

If a company wants to avoid attacks that use encrypted malware, they need to follow a series of measures that will keep their corporate cybersecurity safe:

1.- Vigilant browsing. When employees are browsing the Internet, they must exercise caution, even when they are on private platforms whose traffic is being encrypted. Although the platform may seem safe to browse, employees need to be as vigilant as they would be in any other circumstances.

2.- Monitoring of processes. Since encrypted malware has the ability to slip past some traditional protection solutions, being able to constantly monitor everything that is happening on the system is more important than ever. Panda Adaptive Defense actively monitors all systems processes in real time, which means that it is able to proactively detect anomalous activity and stop infections before they happen.

3.- Offline backups and online files. There are ever more companies that, when it comes to safeguarding their information, choose to double up: firstly by storing a large part of their information in the cloud, so that their physical devices are not affected in case of infection. Secondly, by storing secure backups offline, to keep them from being affected by a possible a posteriori infection.

Encrypted traffic is hugely important to help make networks more secure, and to keep all our information safe; but this doesn’t mean that it is totally attack-proof. Therefore, the more sophisticated cybercriminals become, the more companies should exercise proactive precaution.

Leave a Reply

Your email address will not be published. Required fields are marked *