The company noted the growth of attacks and described how to build reliable protection.
A new report from Zscaler notes a 24% increase in threats over HTTPS compared to 2022, highlighting the complexity of cybercriminals tactics targeting encrypted channels. The manufacturing sector remains the most vulnerable to attacks, and educational and government organizations are experiencing the largest increase in the number of attacks compared to last year.
Only 86% of all cyber threats, including malware, ransomware, and phishing, are delivered via encrypted channels. Zscaler's Deputy Director of Security, Deepen Desai, emphasizes: "Almost 95% of web traffic passes through HTTPS, and 86% of advanced threats are delivered through encrypted channels. Any HTTPS traffic that is not subject to intermediate analysis represents a significant blind spot that cybercriminals continue to exploit."
Malware remains in the first place among encrypted threats, accounting for 23 billion encrypted requests between October 2022 and September 2023, accounting for 78% of all cyberattack attempts. The most common malware families in 2023 include ChromeLoader, MedusaLocker, and Redline Stealer.
The manufacturing industry processes over 2.1 billion transactions related to artificial intelligence and machine learning, making it the most vulnerable to encrypted attacks. The increased use of smart factories and the Internet of things expands the attack surface, increasing security risks. In addition, the use of popular generative AI applications, such as ChatGPT, on connected devices increases the risk of confidential data leakage.
The education sector and government organizations are experiencing a significant increase in encrypted attacks - by 276% and 185%, respectively. The education sector is facing an expanded attack surface due to the transition to more remote and connected learning, and the public sector continues to attract attention, especially from publicly supported cybercriminals.
To protect against the evolving landscape of encrypted threats, enterprises need to rethink traditional approaches to security and networking by adopting more comprehensive zero-trust architectures.
Best practices for preventing encrypted attacks include:
The Zscaler report highlights the need for a deeper understanding and application of modern cybersecurity techniques in the ever-evolving cyber threat landscape, especially in the areas of manufacturing, education, and government.
A new report from Zscaler notes a 24% increase in threats over HTTPS compared to 2022, highlighting the complexity of cybercriminals tactics targeting encrypted channels. The manufacturing sector remains the most vulnerable to attacks, and educational and government organizations are experiencing the largest increase in the number of attacks compared to last year.
Only 86% of all cyber threats, including malware, ransomware, and phishing, are delivered via encrypted channels. Zscaler's Deputy Director of Security, Deepen Desai, emphasizes: "Almost 95% of web traffic passes through HTTPS, and 86% of advanced threats are delivered through encrypted channels. Any HTTPS traffic that is not subject to intermediate analysis represents a significant blind spot that cybercriminals continue to exploit."
Malware remains in the first place among encrypted threats, accounting for 23 billion encrypted requests between October 2022 and September 2023, accounting for 78% of all cyberattack attempts. The most common malware families in 2023 include ChromeLoader, MedusaLocker, and Redline Stealer.
The manufacturing industry processes over 2.1 billion transactions related to artificial intelligence and machine learning, making it the most vulnerable to encrypted attacks. The increased use of smart factories and the Internet of things expands the attack surface, increasing security risks. In addition, the use of popular generative AI applications, such as ChatGPT, on connected devices increases the risk of confidential data leakage.
The education sector and government organizations are experiencing a significant increase in encrypted attacks - by 276% and 185%, respectively. The education sector is facing an expanded attack surface due to the transition to more remote and connected learning, and the public sector continues to attract attention, especially from publicly supported cybercriminals.
To protect against the evolving landscape of encrypted threats, enterprises need to rethink traditional approaches to security and networking by adopting more comprehensive zero-trust architectures.
Best practices for preventing encrypted attacks include:
- using a cloud-based proxy architecture to decrypt, detect, and prevent threats in all encrypted traffic;
- regular traffic inspection using SSL inspection to detect malicious loads, phishing, and C2 activity that use SSL / TLS communication;
- use a sandbox to isolate attacks and prevent propagation of the initial payload that can be transmitted over TLS;
- conduct an assessment of the organization's attacked surface to quantify the risk and protect against threats;
- using the Zero Trust principle to ensure the security of all types of connections;
- use user application segmentation to provide access based on the principle of least privilege, even for authenticated users.
The Zscaler report highlights the need for a deeper understanding and application of modern cybersecurity techniques in the ever-evolving cyber threat landscape, especially in the areas of manufacturing, education, and government.
