Cybercriminals increasingly encrypt attack traffic. A research report from Zscaler suggests that more than 85 percent of all cyberattacks were partially or fully encrypted from October 2021 through September 2022, up 20 percent year-over-year.

Encrypted attack traffic slows detection and analysis. According to Zscaler, the practice is increasingly common. The security firm published a research report based on an analysis of 24 billion threats detected between October 2021 and September 2022. 85 percent of the attack traffic investigated was partially or fully encrypted, up 20 percent year-over-year.

Cybercriminals decrypted a variety of attack types, but malware remained king. The variant was involved in 90 percent of all encrypted attacks. Zscaler counts ransomware as malware. According to the security firm, the attack volume of this variant rose by 80 percent.

SSL and TLS

Zscaler stated that most cyberattacks are encrypted with SSL or TLS protocols. The security firm emphasized that detecting and analysing such attacks is relatively resource-intensive. Traditional firewalls support encrypted traffic inspections, but according to Zscaler, cloud proxies are more efficient.

Among the most common malware variants are ChromeLoader, Gamaredon, AdLoad, SolarMarker and Manuscrypt. “As defenses become more complex, attackers have also continued to evolve their techniques, creating new malware variants that are harder to spot”, the researchers said.

Manufacturing industry

The increase was highest in the manufacturing industry (239 percent). New products, services and apps increased the attack surface.

“Manufacturing remains an attractive target for cybercriminals because of significant transformation occurring across the industry in recent years, including the adoption of safety measures to manage COVID-19, and infrastructure and applications to counteract supply chain issues”, the security firm said.

The trend is opposite for retail and government organizations. Attacks in these sectors decreased by 40 percent and 64 percent, respectively. Zscaler reasons that incidents at government organizations declined because authorities increasingly track down attackers of critical infrastructure.

According to the researchers, encrypted cyberattacks were most common in the United States, India, South Africa, the United Kingdom and Australia. The fastest rises took place in Japan (613 percent), the United States (155 percent) and India (87 percent).

Tip: Diary of a ransomware attack: attack, recovery, best practices