Cyberthreats hide in encrypted traffic

Zscaler has published its Zscaler ThreatLabz 2024 Encrypted Attacks Report, which explores the latest threats blocked by the Zscaler security cloud and provides critical insights into how encryption has become a conduit for more sophisticated threats, further compounded by the rise of artificial intelligence (AI).

  • 1 week ago Posted in

ThreatLabz found that over 87% of all threats were delivered over encrypted channels between October 2023 and September 2024—a 10% increase year-over-year. The report offers strategies and best practices to help organizations tackle these covert threats.

"The rise in encrypted attacks is a real concern as a significant share of threats are now delivered over HTTPS," said Deepen Desai, Chief Security Officer, Zscaler. "With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organizations must implement a zero trust architecture with TLS/SSL inspection at scale. This approach helps to ensure that threats are detected and blocked effectively, while safeguarding data without compromising performance."

Encrypted malware continues to dominate

Malware accounted for 86% of encrypted attacks, totaling 27.8 billion hits—a 19% year-over-year increase. Encrypted malware includes malicious web content, malware payloads, macro-based malware, etc. This growing prevalence of malware reflects a strategic shift by attackers adapting tactics to thrive within encrypted traffic, using encryption to conceal malicious payloads and content.

According to ThreatLabz researchers, the most active malware families were:

AsyncRAT

Choziosi Loader/ChromeLoader

AMOS/Atomic Stealer

Ducktail

Agent Tesla

Koi Loader

The report also details notable year-over-year increases in web-based attacks, including cryptomining/cryptojacking (123%), cross-site scripting (110%) and phishing (34%), among other encrypted threats—surges that could be potentially fueled by the growing use of generative AI technologies by threat actors.

Most targeted industry verticals

Manufacturing was the most-targeted industry, accounting for 42% of encrypted attacks—nearly three times more than the second-most targeted industry, technology and communications. Attacks on the manufacturing industry grew 44% year-over-year, likely driven by rapid Industry 4.0 advancements and the extensive use of interconnected systems, which have expanded the attack surface and heightened manufacturers’ vulnerability to cyber threats.

The top five most targeted industries were:

Manufacturing

Technology and communications

Services

Education

Retail and wholesale

Countries that experience the most encrypted attacks

ThreatLabz found that the United States, India and France are the most frequently targeted nations by encrypted attacks. The U.S. and India are consistently the top two most frequently targeted, highlighting their significance as high-value targets for cybercriminals. The top five most targeted countries by encrypted attacks were:

United States - 11B

India - 5.4B

France - 854M

United Kingdom - 741M

Australia - 672M

Stopping encrypted attacks with zero trust

Understanding how zero trust disrupts encrypted threats requires looking at a typical attack sequence. Advanced attacks often unfold in four stages:

First, attackers conduct reconnaissance to find a way into the targeted network.

Next, they breach the network, often via exploits, brute-force attacks or stolen credentials.

Once inside, they move laterally, escalate privileges and establish persistence.

Finally, they carry out their objectives, typically conducting data exfiltration to extract valuable information that can be leveraged for further extortion or attacks.

The Zscaler Zero Trust Exchange™ platform provides security controls at each stage to mitigate risk and stop encrypted threats.

A key component of the Zscaler platform’s approach is its full TLS/SSL inspection capabilities, based on an advanced proxy architecture. Zscaler advises inspecting 100% of traffic to protect users and organizations from threats concealed within encrypted channels.

Organizations can bolster their ability to protect their devices, apps and data from encrypted attacks by following these recommendations:

Understand that any internet-facing service can be found and attacked or abused

Inspect incoming encrypted traffic to detect and block threats

Use a zero trust architecture to secure all connectivity holistically between users and applications, between devices like IoT and OT systems, between all locations and branch offices, between cloud workloads and more.

Implement microsegmentation to reduce access, even for authenticated users.

Leverage an AI-driven cloud sandbox to isolate and quarantine unknown attacks and stop patient-zero malware before it touches users.

Reduce the number of entry points into an environment.

Inspect outgoing northbound traffic along with incoming southbound traffic to disrupt C2 communications and protect sensitive data.

The ThreatLabz 2024 Encrypted Attacks Report provides additional insights and best practices to help organizations effectively prevent encrypted attacks. 

Predictive maintenance and forecasting for security and failures will be a growing area for MSPs...
Venafi has published the findings of its latest research report: The Impact of Machine Identities...
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint...
Nearly 50% of organisations have experienced a security breach in the last two years.
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
HP Wolf Security Study highlights cybersecurity challenges facing organizations across the...
Internal test shows estimated scanning speeds of 75,000 backups within 60 seconds.
Deployment allows Korea Hydro and Nuclear Plant (KHNP) to leverage quantum-safe MACsec technology...