As the number of cyber-attacks continues to rise, attackers are becoming increasingly sophisticated in their methods of evasion. According to a report by Netskope, attackers are now using HTTP and HTTPS to deliver malware, allowing them to blend in with normal network traffic and avoid detection.

During Q1 2023, Netskope found that on average, five out of every 1,000 enterprise users attempted to download malware. Of those malware downloads, new malware families and variants represented 72%. Furthermore, almost 10% of all malware downloads in Q1 were referred from search engines, with attackers using weaponized data voids to exploit search results.

This is just one of the many social engineering techniques that attackers are employing to trick their victims. Trojans accounted for 60% of malware downloads in Q1, while phishing downloads represented 13% of malware downloads.

To consistently evade detection, attackers are now using HTTP and HTTPS over ports 80 and 443 as their primary communication channel. Netskope’s researchers found that of the new malware executables analyzed, 85% communicated over port 80 (HTTP) and 67% communicated over port 443 (HTTPS). This approach enables attackers to easily go unnoticed and blend in with the abundance of HTTP and HTTPS traffic already on the network.

In addition to using HTTP and HTTPS, some malware samples sidestep DNS lookups, instead reaching out directly to remote hosts using their IP addresses. Most malware samples that initiated external communications during Q1 2023 used a combination of IP addresses and hostnames, with 61% communicating directly with at least one IP address and 91% communicating with at least one host via a DNS lookup.

“Job number one for attackers is finding new ways to cover their tracks as enterprises put more resources into threat detection, but these findings indicate just how easy it still is for attackers to do so in plain sight,” said Ray Canzanese, Threat Research Director at Netskope Threat Labs.

As attackers gravitate towards cloud services that are widely used in the enterprise and leverage popular channels to communicate, cross-functional risk mitigation is more necessary than ever. The report highlights the need for businesses to take a holistic approach to security, implementing robust security controls that cover the entire threat landscape.