Most cyber-attacks take place with malware hidden in encrypted web traffic. This is what Zscaler found out in its ThreatLabz 2023 State of Encrypted Attacks Report.
According to Zscaler’s annual report, the spread of cyber threats via encrypted (HTTPS) web traffic is increasing every year. In 2023, it grew by 24 percent compared to 2022. This would total about 30 billion blocked threats, according to the data and application security specialist.
The study reveals that 86 percent of all cyberattacks now occur through encrypted channels. This includes all types of cyber threats, including malware, ransomware and phishing attacks.
Malware remains dominant
In this regard, the researchers found that malware is most often hidden in encrypted web traffic. Overall, this accounted for 78 percent of all prevented cyber attacks, in numbers that correspond to 23 billion encrypted hits.
Encrypted malware includes malicious web content, malware payloads and macro-based malware. The most common malware found was ChromeLoader, MedusaLocker and Redline Stealer.
In addition, the annual survey finds that the manufacturing sector is the most attacked business sector regarding cyber threats encrypted in web traffic. Furthermore, the number of browser exploits and websites with spyware is increasing significantly. Respectively by as much as 297 and 290 percent compared to last year.
Recommendations from Zscaler
Zscaler’s specialists come up with a number of recommendations for companies to address the various cyber threats in encrypted web traffic:
- They recommend the use of a cloud- and proxy-based architecture for large-scale detection and prevention of threats in encrypted web traffic.
- They also need to inspect all traffic constantly. This can be done with SLL inspection, for example, to detect malware payloads, phishing and C2 activity that uses SSL/TLS communication.
- In addition, they should use an AI-based sandbox as a quarantine site, map their company’s attack surface and use a zero-trust architecture.
- Finally, they should apply application segmentation for ‘least privilege access’, even for authenticated users.
Also read: Arista partners with Zscaler for zero trust networking
1 day ago
