Encryption has become the standard for online communications, with technologies like TLS/SSL forming the backbone of web traffic security. However, this increasing reliance on encryption has also opened avenues for cybercriminals to exploit these channels for malicious activities, leading to a rise in threats delivered over encrypted mediums.
The Zscaler ThreatLabz 2024 Encrypted Attacks Report details how attackers are using encrypted channels to execute malware, phishing campaigns, cryptojacking, and data theft. Analyzing over 32 billion blocked threats from October 2023 to September 2024, the report showcases several key insights into the evolving threat landscape.
Key Findings on Encrypted Attacks
-
Increase in Encrypted Attacks: An unprecedented 87.2% of all blocked attacks involved encrypted traffic, showing a 10.3% increase from the previous year as more attackers leverage encryption to hide their operations.
-
Dominance of Malware: Malware constituted 86.5% of encrypted threats, adjusting its evasion tactics to succeed in well-guarded channels.
-
Growing Categories of Threats: Notable increases were observed in cryptomining (122.9%), cross-site scripting (110.2%), and phishing attempts (34.1%), possibly driven by advancements in generative AI which simplifies the execution of such attacks.
-
Affected Industries: The manufacturing sector emerged as the primary target, enduring 13.5 billion thwarted attempts, followed by technology and service industries.
-
Geographical Targets: The United States and India were the most attacked, with 11 billion and 5.4 billion attempts respectively.
Evolution of Attack Trends
The report highlights a significant shift where threat actors are utilizing encrypted channels to both extract sensitive data and launch sophisticated phishing attacks. Advanced Persistent Threat (APT) groups have been noted for their abuse of cloud services, using encryption to mask their activities in order to bypass conventional security measures.
Zscaler’s Response: Stopping Encrypted Threats
Zscaler employs its Zero Trust Exchange framework to tackle these encrypted threats effectively through:
-
Minimizing Attack Surface: By rendering applications invisible to the internet, Zscaler reduces the potential entry points for attackers.
-
Preventing Initial Compromise: The Zscaler Internet Access™ (ZIA) ensures every connection undergoes TLS/SSL inspection to identify hidden dangers within encrypted traffic.
-
Eliminating Lateral Movement: Utilizing zzero trust segmentation and policies, Zscaler curtails the ability for attackers to move freely within a network.
-
Blocking Command-and-Control Check-ins: By inspecting both incoming and outgoing traffic, Zscaler disrupts C2 communications, halting malicious activities.
The comprehensive TLS/SSL inspection capabilities of Zscaler, enabled by its scalable architecture, ensure that 100% of encrypted traffic is scrutinized, maintaining high performance without compromising security.
Conclusion
The findings in Zscaler’s report underline the necessity for organizations to evolve their security strategies to counteract the advanced tactics being employed by cybercriminals…
To explore the insights shared in the report and implement best practices for safeguarding against encrypted threats, consider reviewing the full ThreatLabz 2024 Encrypted Attacks Report.
