Encrypted Threats on the Rise as Cyberattacks Hide in Secure Channels

By Greg Tavarez, TMCnet Editor  |  December 19, 2023

Encrypted traffic is a critical security measure that ensures information exchanged between parties remains confidential and shielded from potential unauthorized access or interception by malicious entities. In the context of digital interactions, such as online transactions and communications, encryption serves as a vital safeguard, fortifying the privacy and security of sensitive information.

However, cybercriminals are increasingly exploiting the cloak of encryption to launch attacks, with a new report finding that 86% of all cyber threats are delivered over encrypted channels. This statistic comes from Zscaler ThreatLabz, the security research arm of Zscaler Inc., in their annual State of Encrypted Attacks report.

The report, based on analysis of blocked threats from October 2022 to September 2023, paints a stark picture of a shifting threat landscape. The rise of HTTPS encryption, now utilized by nearly 95% of web traffic, has created a blind spot for traditional security measures, allowing malicious actors to slip through undetected.

Malware emerged as the predominant threat landscape, constituting 78% of all blocked threats, with a particular emphasis on encrypted varieties. This encompassed malicious web content, payloads and macro-based attacks, with the ChromeLoader malware family taking the lead, followed by MedusaLocker and Redline Stealer.

The prevalence of encrypted malware further proves the increasing sophistication and evasiveness of cyber threats, especially as encryption serves as a cloak for malicious activities. This makes detection and mitigation more challenging for cybersecurity measures.

For example, the manufacturing industry found itself in the crosshairs of these encrypted attacks, bearing the brunt with 32% of all blocked threats directed towards its organizations, according to the report. This targeting aligns with the industry's heightened reliance on automation and industrial control systems, rendering it an attractive target for cybercriminals seeking to disrupt operations or pilfer valuable data.

Simultaneously, education and government organizations experienced a sharp uptick in encrypted attacks, marking a significant year-over-year increase. This surge highlights the growing vulnerability of these sectors, which often house sensitive and critical information. The motivation behind targeting education and government entities may range from espionage to the disruption of essential services.

With that said, it wasn’t all about malware taking center stage. Other threats beyond traditional malware exhibited substantial growth. Browser exploits and ad spyware sites witnessed increases of 297% and 290%, respectively. These threats exploit vulnerabilities in web browsers and capitalize on user trust in seemingly legitimate websites to gain access to sensitive information or install malware.

The report emphasizes the urgent need for organizations to adopt security solutions capable of inspecting encrypted traffic without compromising its integrity. Zscaler recommends a Zero Trust Network Access approach, which grants users access based on verified identity and context, regardless of their location or device. This allows for secure inspection of all traffic, including encrypted channels, while minimizing the risk of data leakage.

The Zscaler Zero Trust Exchange platform offers a more holistic approach to zero trust security, providing security controls that comprehensively reduce business risk at each stage of an attack. Additionally, it enables HTTPS inspection at scale using a multilayered approach that has inline threat inspection, sandboxing and data loss prevention, along with a wide array of AI-driven defense capabilities.

The Zscaler platform also uses cloud effect to automatically update within seconds and ensure customers have rapid protection against the latest threats and vulnerabilities, continuously improving their security posture.

“Any HTTPS traffic that does not undergo inline inspection represents a significant blind spot that cybercriminals continue to exploit when targeting global organizations,” said Deepen Desai, Chief Security Officer, Zscaler. “To defend against encrypted attacks, organizations should replace vulnerable appliances, like VPNs and firewalls, with a ZTNA solution. This allows IT teams to inspect TLS traffic at scale while blocking threats and preventing sensitive data leakage.”

By understanding the evolving tactics of cybercriminals and adopting effective security solutions like ZTNA, organizations can turn the tide against encrypted threats and maintain a secure digital environment.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]