Most cyberattacks now use encrypted channels

News
By Sead Fadilpašić
published

Hiding malware in encrypted traffic makes it harder to detect

Security
(Image credit: Future)

Many modern cyberattacks leverage encrypted traffic, meaning they’re more difficult to identify and repel, a new report from Zscaler has claimed.

It states that businesses need to adopt a cloud-native zero-trust architecture to better monitor internet-bound traffic and defend against incoming threats. 

The report, based on more than 300 trillion daily signals and 270 billion daily transactions in the Zscaler Zero Trust Exchange, notes that the company blocked 24 billion encrypted threats, most using either TLS or SSL, in 2022. That’s a 20% increase from 2021 when the company blocked 20.7 billion such attacks and a 314% increase from 2020. 

Malware and ransomware

Most of the time, cybercriminals will hide malware in encrypted traffic. Malicious scripts and payloads make up almost 90% of all encrypted attack tactics that were blocked this year, Zscaler says. 

Of all the different types of malware, ransomware remains one of the most devastating variants. Still, destructive power does not warrant popularity - the most popular malware families include ChromeLoader (infostealer and adware), Gamaredon, AdLoad, SolarMarker, and Manuscrypt.

The biggest targets remain those based in the United States, India, the UK, and Australia, with South African victims making the top five for the first time. 

With 613% and 155% respectively, Japan and the US were among the countries with the biggest uptick in attacks. The manufacturing industry is still the number one target (239% increase), mostly due to Covid-19 measures still dictating the way these businesses operate. Another notable industry is education (132% increase year-on-year). 

Read more

> These are the best endpoint protection services around

> What is encryption?

> The double-edged sword of encryption

On the other hand, attacks against government organizations and retail dropped by 40% and 63% respectively, mostly because law enforcement agencies were quick to pursue threat actors that targeted them, Zscaler believes.

“As organizations mature their cyber defenses, adversaries are becoming more sophisticated, particularly in their use of evasive tactics,” said Deepen Desai, CISO and VP of Security Research and Operations at Zscaler.

“Potential threats continue to hide in encrypted traffic, empowered by as-a-service models that dramatically reduce the technical barriers to doing so. It is critical for organizations to adopt a cloud-native zero-trust architecture that allows consistent inspection of all internet-bound traffic and effectively mitigates these attacks.”

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.