The vast majority of cyber attacks last year used TLS/SSL (Transport Layer Security/Secure Sockets Layer) encryption to hide from security systems and teams, according to a new report from Zscaler. The cybersecurity systems provider analyzed 24 billion threats blocked during the period from October 2021 to September this year to compile its new report, titled “State of Encrypted Attacks of 2022.
The company found that more than 85% of attacks are now based on the HTTPS (Hyper Text Transfer Protocol Secure) protocol in an attempt to remain hidden from security tools — a 20% increase from the previous year.
Zscaler argues that while legacy firewalls support packet filtering and stateful inspection, it is resource intensive to scale, which means that many encrypted threats go unchecked. This is why certain sectors are more affected than others, such as manufacturing, which saw a 239% increase in attacks over the period, followed by the education sector (132%), the company adds.
The US (at 155%), India (87%) and Japan (613%) saw the biggest increases in encrypted attacks over the last 12 months, according to the report. However, South Africa made the list of top five countries most targeted by HTTPS-based attacks, alongside the US, India, UK and Australia. Malicious scripts and payloads, including ransomware, accounted for the vast majority (90%) of these attacks.
On the bright side, government organizations and retailers saw the number of encrypted attacks drop by 40% and 63%, respectively. “As organizations mature their cyber defenses, attacks are becoming more sophisticated, particularly using evasive tactics,” Deepen Desai, CISO and vice president of research and security operations at Zscaler, told Infosecurity.
“Potential threats continue to lurk in encrypted traffic, powered by as-a-service models that dramatically lower the technical barriers to doing so. It is critical that organizations adopt a cloud-native, zero-trust architecture that enables consistent inspection of all Internet-bound traffic to effectively mitigate these attacks,” he concluded.
Source: CisoAdvisor