Zscaler published its Zscaler ThreatLabz 2024 Encrypted Attacks Report, exploring the latest threats blocked by the Zscaler security Cloud and providing insights into how encryption has become a conduit for more sophisticated threats, further compounded by the rise of AI.
The report found over 87% of all threats were deliverd over encrypted channels between October 2023 and September 2024, registering a 10% increase year-on-year.
“The rise in encrypted attacks is a real concern as a significant share of threats are now delivered over HTTPS,” said Deepen Desai, Chief Security Officer, Zscaler. “With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organisations must implement a zero trust architecture with TLS/SSL inspection at scale. This approach helps to ensure that threats are detected and blocked effectively, while safeguarding data without compromising performance.”
Other findings from the report include malware accounting for 86% of encrypted attacks, totalling 27.8 billion hits—a 19% year-over-year increase. Encrypted malware includes malicious web content, malware payloads, macro-based malware, etc. This growing prevalence of malware reflects a strategic shift by attackers adapting tactics to thrive within encrypted traffic, using encryption to conceal malicious payloads and content.
The report also details notable year-over-year increases in web-based attacks, including cryptomining/cryptojacking (123%), cross-site scripting (110%) and phishing (34%), among other encrypted threats—surges that could be potentially fueled by the growing use of generative AI technologies by threat actors.
Manufacturing was the most targeted industry, the report found, accounting for 42% of encrypted attacks – almost three times more than the second-most targeted industry, technology and communications.
Attacks on the manufacturing industry grew 44% year-over-year, likely driven by rapid Industry 4.0 advancements and the extensive use of interconnected systems, which have expanded the attack surface and heightened manufacturers’ vulnerability to cyber threats.
The five most targeted industries were:
- Manufacturing
- Technology and communications
- Services
- Education
- Retail and wholesale
Organisations can protect their devices, apps and data from encrypted attacks by following these recommendations:
- Understand that any Internet-facing service can be found and attacked or abused
- Inspect incoming encrypted traffic to detect and block threats
- Use a zero trust architecture to secure all connectivity holistically between users and applications, between devices like IoT and OT systems, between all locations and branch offices, between cloud workloads and more
- Implement microsegmentation to reduce access, even for authenticated users
- Leverage an AI-driven Cloud sandbox to isolate and quarantine unknown attacks and stop patient-zero malware before it touches users
- Reduce the number of entry points into an environment
- Inspect outgoing northbound traffic along with incoming southbound traffic to disrupt C2 communications and protect sensitive data
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.