When good encryption is bad for security
![](https://assets.fiercemarkets.net/public/001-EnterpriseIT/itsecurity/Dmitriy_Ayrapetov.jpg)
When victims don't have the right protections in place, attackers can cipher command-and-control communications and malicious code to evade intrusion prevention systems, or IPS, and anti-malware inspection systems. In effect, the SSL/TLS encryption serves as a tunnel to hide malware, as it can pass through firewalls and into organizations' networks undetected if the right safeguards aren't in place. And as SSL/TLS usage grows, so does the appeal of this threat vector for hackers.
No comments:
Post a Comment