\u00a0Introduction<\/p>\n

Zscaler ThreatLabz researchers analyzed 29.8 billion blocked threats embedded in encrypted traffic from October 2022 to September 2023 in the Zscaler cloud, presenting their findings in the Zscaler ThreatLabz 2023 State of Encrypted Attacks Report. In addition to the blocked threats, this report leverages insights from 500 trillion daily signals and 360 billion daily transactions in the Zscaler Zero Trust Exchange\u2122. In this blog post, we\u2019ll unpack key findings from the report.
\nEncrypted Attacks<\/p>\n

According to the Google Transparency Report1, encrypted traffic saw a significant rise in the last decade, reaching 95% of global traffic today compared to 48% in December 2013. It\u2019s no surprise that encrypted traffic, once hailed as the secure choice for online activities, now also harbors the majority of cyber threats \u2013 like malware, phishing scams, and data leaks.
\n85.9% of Attacks are Encrypted<\/p>\n

Almost 86% of attacks use encrypted channels across various stages of the kill chain. From the initial phases of phishing and malware delivery to the subtleties of command-and-control activities as well as data exfiltration, cybercriminals leverage encryption to shield their intentions. To combat this, Zscaler recommends organizations proactively inspect all encrypted traffic to detect, decrypt, and thwart these attacks.
\n78.1% of Encrypted Threats Involve Malware<\/p>\n

Cybercriminals conceal a variety of threats in encrypted traffic. However, malware remains the predominant threat type, comprising 78.1% of encrypted attacks blocked by the Zscaler cloud, including malicious scripts, payloads, web content, websites, and email attachments.<\/p>\n

Figure 1: Distribution of encrypted threats<\/p>\n

The surge in encrypted malware blocks highlights the trend where these threat actors are trying to establish an initial foothold in the victim environment by evading legacy detection technologies that often struggle to inspect TLS traffic at scale.
\nPhishing Increased by 13.7%<\/p>\n

The growth observed in phishing attacks is likely powered by the availability of AI tools and plug-and-play phishing services (aka Phishing-as-a-Service offerings) making it that much easier to execute phishing campaigns. <\/p>\n

Five of the most phished brands involve:<\/p>\n

\tMicrosoft
\n\tOneDrive
\n\tSharepoint
\n\tAdobe
\n\tAmazon<\/p>\n

Figure 2: Adobe-themed phishing campaign
\nManufacturing Still the Most Targeted Sector<\/p>\n

Manufacturing remains the most targeted industry, experiencing 31.6% of encrypted attacks.<\/p>\n

Figure 3: A table showing encrypted attack trends by industry <\/p>\n

Manufacturers also saw the largest amount of AI\/ML transactions compared to any other industry processing over 2.1 billion AI\/ML-related transactions. As smart factories and the Internet of Things (IoT) become more prevalent in manufacturing, the attack surface is expanding and exposing the sector to more security risks and creating additional entry points that cybercriminals can exploit to disrupt production and supply chains. The use of popular generative AI applications, like ChatGPT, on connected devices in manufacturing heightens the risk of sensitive data leakage over encrypted channels.
\nZscaler Secures Organizations Against Encrypted Attacks at Scale<\/p>\n

The report\u2019s main takeaway is this: if you\u2019re not looking at encrypted channels, you don\u2019t know if you\u2019re suffering data leaks or if advanced threats are entering your environment. To help our customers stay secure, Zscaler blocked nearly 30 billion threats over encrypted channels in 2023\u2014a 24.3% increase from the 24 billion blocked in 2022.<\/p>\n

Today, most attacks leverage SSL or TLS encryption, which is resource-intensive to inspect at scale and best done with a cloud native proxy architecture. While legacy firewalls support packet filtering and stateful inspection, their resource limitations make them poorly suited for this task. This creates a critical need for organizations to implement cloud native architectures that support full inspection of encrypted traffic in alignment with zero trust principles.<\/p>\n

Figure 4: TLS inspection provides full visibility to block advanced threats
\nHow Zscaler Helps Mitigate Encrypted Attacks<\/p>\n

Deepen Desai, Chief Security Officer, Zscaler, says:<\/p>\n

\u201cWhile 95% of web traffic is encrypted with HTTPS, we are seeing that the large majority of threats are now delivered over encrypted channels. As a result, any traffic encrypted with SSL\/TLS that does not undergo inline inspection to defend against the full gamut of threats can pose a significant risk to global organizations.\u201d <\/p>\n

Desai recommends the following solutions to protect your organization from encrypted attacks consistently:<\/p>\n

\tZero Trust Network Access (ZTNA) – Disrupt as many stages of this attack chain as possible, maximizing your chances of stopping the attack even if the threat actors evade some of your security controls. I recommend replacing vulnerable appliances like VPNs and firewalls with ZTNA to inspect and scan 100% of SSL\/TLS traffic.
\n\tZscaler Private Access (ZPA) – Implement consistent security with enhanced segmentation, connecting users to applications, not the entire network. ZPA is designed to provide secure and direct access for users to specific applications, ensuring that network traffic is segmented, and users don\u2019t have access to the entire network.
\n\tZscaler Cloud Data Loss Prevention (DLP) – Integrate Zscaler Cloud DLP as an in-line data loss prevention technology with full TLS inspection to prevent sensitive data leakage.<\/p>\n

Best Practices for Mitigating Encrypted Attacks<\/p>\n

Your cybersecurity strategy should include controls for each of these stages:<\/p>\n

\tMinimize the attack surface by making internal apps invisible to the internet.
\n\tPrevent compromise by using cloud native proxy architecture to inspect all traffic inline and at scale, enforcing consistent security policies.
\n\tStop lateral movement by connecting users directly to applications (rather than the network) to reduce the attack surface, and contain threats by using deception and workload segmentation.
\n\tStop data loss by inspecting all internet-bound traffic, including encrypted channels, to prevent data theft.<\/p>\n

If you\u2019re looking to minimize the risk of encrypted attacks for your organization, you should consider these recommendations as part of your adoption strategy:<\/p>\n

\tUse a cloud native, proxy-based architecture to decrypt, detect, and prevent threats in all encrypted traffic at scale.
\n\tLeverage an AI-driven sandbox to quarantine unknown attacks and stop patient zero malware.
\n\tInspect all traffic, all the time, whether a user is at home, at headquarters, or on the go, to ensure everyone is consistently protected against encrypted threats.
\n\tTerminate every connection to allow an inline proxy architecture to inspect all traffic, including encrypted traffic, in real-time\u2014before it reaches its destination\u2014to prevent ransomware, malware, and more.
\n\tProtect data using granular context-based policies, verifying access requests and rights based on context.
\n\tEliminate the attack surface by connecting users directly to the apps and resources they need, never to networks.<\/p>\n

Best Practices for Safe AI\/ML Interactions<\/p>\n

Considering the rapid advancement and adoption of AI-powered applications, it is crucial to establish and follow best practices to ensure the responsible and secure use of these transformative technologies.<\/p>\n

\tOrganizations must proactively adapt their AI usage and security policies to stay ahead of potential risks and challenges.
\n\tImplement TLS inspection for public AI chatbot applications like ChatGPT using granular DLP policies to prevent sensitive data leakage.
\n\tEnsure that the use of AI tools complies with all relevant laws and ethical standards. This includes data protection regulations and privacy laws.
\n\tEstablish clear accountability for the development and deployment of AI tools. Define roles and responsibilities within your organization to oversee AI projects.
\n\tThe development and integration of AI tools should follow a Secure Product Lifecycle Framework to guarantee the highest level of security.<\/p>\n

Learn More<\/p>\n

Download your copy of the full Zscaler ThreatLabz 2023 State of Encrypted Attacks Report to discover more insights and advice for managing encrypted attacks.<\/p>\n

1. https:\/\/transparencyreport.google.com\/https\/overview?hl=en\u00a0<\/p>","protected":false},"excerpt":{"rendered":"

Introduction Zscaler ThreatLabz researchers analyzed 29.8 billion blocked threats embedded […]<\/p>\n","protected":false},"author":0,"featured_media":1975,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-1974","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zenith-zscaler"],"yoast_head":"\n