Online attackers are trying to obscure their encrypted traffic in an attempt to evade detection, using a technique known as “cipher stunting,” according to Internet infrastructure and security firm Akamai.
Cipher stuffing modifies the fingerprint of communications encrypted with secure sockets layer (SSL) and transport layer security (TLS). Akamai, which fingerprints encrypted traffic as one way to identify attacks on its customers, found that the number of variations of the initial handshake request — known as the Client Hello packet — has recently exploded, from the usual thousands of variants in August 2018 to more than a billion in February.