VERY IMPORTANT

The summer months dawn on us and the financial year comes to a close. It is in the run up to this time that most organisations see an increase in targeted attack activity. We begin by reading news of an attack against the Taiwanese Government. Whilst we would prefer to disassociate ourselves with APT attacks against Governments our interest was piqued by a particular blog written by our friends over at TrendMicro[1]. There were several things that struck us as both interesting and concerning about the details; a threat actor known to operate in South East Asia is now using secure sockets layer (“SSL”) encryption in their malware. SSL is typically used to encrypt data between the client and the server, thus making the content unreadable by any systems sitting between the two end points, and significantly raising the cost of defence. Without the use of SSL interception traditional IDS/IPS systems could cease to detect compromised systems.