260% increase in attacks using encrypted channels

There has been a 260% increase in attacks using encrypted channels to bypass legacy security controls, according to Zscaler’s 2020 State of Encrypted Attacks report, which reveals the emerging techniques used and industries affected.

The report provides guidance on how IT and security leaders can protect their enterprise from the rising threat of encrypted threats, based on insight sourced from over 6.6 billion encrypted threats across the Zscaler cloud from January through September 2020 over encrypted channels.

The report found that cybercriminals targeted the healthcare industry the most, comprising 25.5% of SSL-based threats. Other industries targeted by cybercriminals include finance and insurance (18.3%), manufacturing (17.4%), government (14.3%) and services (13.8%).

Findings also revealed that COVID-19 is driving a ransomware surge, with a significant increase in ransomware attacks over encrypted traffic beginning in March, when the World Health Organization declared the virus a pandemic. Earlier research from Zscaler found a 30,000% spike in COVID-related threats.

As one of the most commonly used attacks over SSL, phishing attempts reached more than 193 million instances during the first nine months of 2020. The manufacturing sector was the most targeted (38.6%), followed by services (13.8%) and health care (10.9%).

Additionally, 30% of SSL-based attacks were delivered through trusted cloud providers. Cybercriminals continued to become more sophisticated in avoiding detection, by taking advantage of trusted cloud providers such Dropbox, Google, Microsoft and Amazon to deliver malware over encrypted channels.

As Microsoft is among the most adopted in the world, it is also the most frequently spoofed brand for phishing attacks. Other popular brands for spoofing include PayPal and Google. Cybercriminals are also increasingly spoofing Netflix and other streaming entertainment services during the pandemic.

Deepen Desai, CISO and Vice President of Security Research at Zscaler, noted that the research shows how risky encrypted software traffic can be if not inspected.

“Attackers have significantly advanced the methods they use to deliver ransomware; for example, inside of an organisation utilising encrypted traffic. The report shows a 500% increase in ransomware attacks over SSL, and this is just one example to why SSL inspection is so important to an organisation’s defence,” said Desai.

Inspecting encrypted traffic is critical for all organisations to protect against these attacks. A multilayered defence-in-depth strategy that supports SSL inspection ensures enterprises are protected from escalating threats hiding in their encrypted traffic.

Image credit: ©stock.adobe.com/au/everythingpossible