In 2023, threats have increased significantly. Attacks via encrypted channels have increased by 24 percent. Manufacturing is once again at the top of the most targeted sectors.
These are the results of the annual ZsclaerTM ThreatLabz State of Encrypted Attacks Report 2023 at a glance:
- Threats carried over HTTPS traffic in the Zscaler cloud increased 24 percent year-over-year, representing nearly 30 billion threats blocked.
- Encrypted malware and malicious content are one of the biggest threats, accounting for 78 percent of attacks observed.
- Manufacturing was the most affected sector, accounting for 32 percent of encrypted attacks, with over 2,1 billion AI/ML-related transactions processed.
- Browser exploits and ad spyware sites increased by 297 and 290 percent compared to last year.
Malware is the biggest encrypted threat
Malware remains the top encrypted threat. Between October 2022 and September 2023, 23 billion encrypted attacks were recorded, accounting for 78 percent of all attempted cyber attacks. Encrypted malware includes malicious web content, malware payloads, macro-based malware, and more. The most prevalent malware family in 2023 was ChromeLoader, followed by MedusaLocker and Redline Stealer.
The manufacturing sector is the most vulnerable to threats
Manufacturing recorded the largest amount of AI/ML transactions compared to any other industry, with over 2,1 billion AI/ML transactions. It remains the most targeted industry, accounting for 31,6 percent of encrypted attacks recorded by Zscaler. As smart factories and the Internet of Things (IoT) become more prevalent in the manufacturing industry, the attack surface is expanding, putting further pressure on the sector. This creates additional gateways for cyber risks that malware actors can use to attack production and supply chains. Additionally, the use of popular generative AI applications such as ChatGPT in connected devices in manufacturing increases the risk of sensitive data leakage through encrypted channels.
Education and government are seeing a huge increase in attacks
The education and public administration sectors saw a 276 and 185 percent increase in encrypted attacks, respectively, compared to the previous year. In recent years, the education sector's attack surface has expanded significantly as more distance learning and connected learning have been enabled. The public sector remains an attractive target, particularly for attacks involving state-motivated actors, as reflected in the increase in encrypted attacks.
Stopping encrypted attacks with the Zscaler Zero Trust Exchange platform
To protect against the spread of this threat landscape, organizations must rethink their traditional security and networking approaches and adopt more comprehensive Zero Trust approaches. Organizations should implement a Zero Trust architecture that inspects all encrypted traffic and leverages AI/ML models to block or isolate malicious traffic. A platform model provides an easy way to apply policies to all traffic without impacting performance or creating compliance sprawl.
The Zscaler Zero Trust ExchangeTM platform enables a holistic approach to zero trust security and enables security controls that reduce business risk at every stage of an attack. Additionally, it enables scalable HTTPS inspection with a multi-layered approach that includes inline threat inspection, sandboxing and data loss prevention, as well as a wide range of AI-driven mitigation capabilities. The Zscaler platform leverages the cloud effect to automatically update itself in seconds, ensuring customers are quickly protected from the latest threats and vulnerabilities and can continually improve their security posture.
ThreatLabz recommendations for combating encrypted threats
- Leveraging a cloud-native, proxy-based architecture to decrypt, detect, and prevent threats across encrypted traffic at scale.
- Examining all traffic at all times through SSL inspection to detect malware payloads, phishing, and C2 activities that leverage SSL/TLS communications.
- Leveraging an AI-driven sandbox to quarantine unknown attacks and stop Patient Zero malware that may be transmitted over TLS.
- Assessing the organization's attack surface to quantify risk and secure the exposed attack surface.
- Using a Zero Trust architecture to holistically secure all connectivity.
- Use of user-to-app segmentation using the principle of the least privileged access model also for authenticated users.
Methodology
Analysis of 29,8 billion blocked threats within encrypted channels such as SSL and TLS from October 2022 to September 2023 on the Zscaler Cloud. The report uses data from customer deployments connected to Zscaler's global security cloud, which processes over 500 trillion signals daily and blocks 9 billion threats and policy violations per day, with over 250.000 daily security updates.
Go directly to the report on Zscaler.com
About Zscaler Zscaler accelerates digital transformation so customers can become more agile, efficient, resilient, and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting people, devices, and applications anywhere. The SSE-based Zero Trust Exchange is the world's largest inline cloud security platform, distributed across 150+ data centers around the world.