Cipher Stunting: a new method for evasion of detection mechanisms

A new way, named Cipher Stunting to evasion of detection mechanisms used by Security companies–which is the main goal for cybercriminals –has been discovered by AKamai researchers. This is based on SSL/TLS signature randomization. It first came into existence in early 2018. “Over the last few months, attackers have been tampering with SSL/TLS signatures at a scale never before seen by Akamai”, the researchers noted. “The TLS fingerprints that Akamai observed before Cipher Stunting could be counted in the tens of thousands. Soon after the initial observation, that count ballooned to millions, and then recently jumped to billions.” If you analyze the figure, which is 18,652 distinct fingerprints in Aug 2018 and after the TLS campaigns on September last year the number reached to 255 million in October, the huge increase came because of the range of attacks against the airlines, banking and dating websites. Such websites are also the main targets Read more