The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams, according to a new report from Zscaler.
The security vendor analyzed 24 billion blocked threats during the period October 2021–September 2022 to compile its new 2022 State of Encrypted Attacks Report.
It found that over 85% of attacks are now HTTPS-based in a bid to stay hidden from security tools – a 20% increase on the previous year.
Zscaler argued that although legacy firewalls support packet filtering and stateful inspection, it’s resource intensive to do this scale, meaning many encrypted threats go unchecked.
That’s why certain sectors are more impacted than others, with manufacturing seeing a 239% increase in attacks over the period followed by education (132%), it added.
The US (155%), India (87%) and Japan (613%) recorded the biggest increases in encrypted attacks over the past 12 months, according to the report. However, South Africa burst into the top five list of countries most targeted by HTTPS-based attacks, alongside the US, India, UK and Australia.
Malicious scripts and payloads including ransomware accounted for the vast majority (90%) of these attacks.
On the positive side, government organizations and retailers both saw the number of encrypted attacks fall, by 40% and 63% respectively.
“As organizations mature their cyber defenses, adversaries are becoming more sophisticated, particularly in their use of evasive tactics,” said Deepen Desai, CISO and VP of security research and operations at Zscaler.
“Potential threats continue to hide in encrypted traffic, empowered by as-a-service models that dramatically reduce the technical barriers to doing so. It is critical for organizations to adopt a cloud-native zero trust architecture that allows consistent inspection of all internet bound traffic to effectively mitigate these attacks.”