This article has been indexed from CSO Online
Intrusions where hackers compromise the infrastructure of software developers and Trojanize their legitimate updates are hard to detect by users of the impacted software products, as highlighted by multiple incidents over the past several years. Researchers agree there is no silver bullet solution, but network defenders can use a combination of techniques to detect subtle changes in how critical software and the systems it’s deployed on behave.
Researchers from security analytics firm Splunk have recently analyzed several such techniques that rely on building unique fingerprints to identify which software applications establish HTTPS connections. The premise is that malware programs, regardless of how they’re delivered, often come with their own TLS libraries or TLS configuration and their HTTPS handshakes would be identifiable in traffic logs when compared to TLS client hashes of pre-approved applications.
Read the original article: Detecting anomalies with TLS fingerprints could pinpoint supply chain compromises