Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday May 17 2019, @05:56PM   Printer-friendly
from the it-works-until-it-doesn't dept.

Cybercriminals are using a new method to evade detection to make sure that the traffic generated by their malicious campaigns is not being detected, a technique based on SSL/TLS signature randomization and dubbed cipher stunting.

The vast majority of malicious traffic on the Internet — including attacks against web apps, scraping, credential abuse, and more — is funneled via secure connections over SSL/TLS says Akamai's Threat Research Team in a report published today.

Akamai's report says that "From an attacker's perspective, tweaking SSL/TLS client behavior can be trivial for some aspects of fingerprinting evasion, but the difficulty can ramp up for others depending on the purpose of evasion or the bot in question. In such settings, many packages require deep levels of knowledge and understanding on the attacker's part in order to operate correctly."

This technique is used by attackers to evade detection and run their malicious campaigns undisturbed, with at least a few tens of thousands of TLS fingerprints being used for such purposes before the novel cipher stunting evasion method was observed by the researchers.

Source: BleepingComputer


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by ikanreed on Friday May 17 2019, @06:42PM

    by ikanreed (3164) Subscriber Badge on Friday May 17 2019, @06:42PM (#844805) Journal

    Just don't encrypt anything. Boom, they can't evade your encryption based detection.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3