Cybercriminals exploit encrypted channels for malware

Cybercriminals are increasingly using encrypted channels for delivering advanced threats, according to a recent report by Zscaler.

The ThreatLabz 2024 Encrypted Attacks Report from Zscaler highlights a substantial increase in cyberthreats delivered over encrypted channels, indicating a rise of 10% year-over-year to 87% of all threats being transmitted in this manner. The report identifies that malware is the most prevalent threat, accounting for 86% of these encrypted threats. The analysis was based on the study of 32.1 billion blocked threats occurring between October 2023 and September 2024.

Significant findings reveal that the manufacturing industry is the most targeted, with 42% of all encrypted attacks directed at it. This marks an attention to the vulnerability of the sector, which could be attributed to Industry 4.0 advancements and interconnected systems. Deepen Desai, Chief Security Officer at Zscaler, addressed these findings saying, "The rise in encrypted attacks is a real concern as a significant share of threats are now delivered over HTTPS. With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organizations must implement a zero trust architecture with TLS/SSL inspection at scale. This approach helps to ensure that threats are detected and blocked effectively, while safeguarding data without compromising performance."

The report elaborates on the prevalence of specific malware families, including AsyncRAT, ChromeLoader, and Agent Tesla, among others. These malware groups have been observed to adapt and thrive within encrypted traffic, thereby concealing malicious payloads and content effectively.

Aside from malware, the report documents a striking rise in web-based attacks within encrypted channels. Cryptomining and cryptojacking incidents have surged by 123%, cross-site scripting by 110%, and phishing by 34%. ThreatLabz researchers suggest that the employment of generative AI technologies by cybercriminals could be influencing these increases.

Besides manufacturing, the top industries targeted by encrypted attacks are technology and communications, services, education, and retail and wholesale sectors. The key regions experiencing the most attacks include the United States and India, followed by France, the United Kingdom, and Australia. The US and India together accounted for over 16 billion attacks during the report's timeframe.

The report underlines the necessity of adopting a zero trust security approach to mitigate encrypted threats. The Zscaler Zero Trust Exchange platform is recommended for offering security controls that intervene at each stage of an attack, incorporating comprehensive TLS/SSL inspection abilities to ensure that 100% of traffic is scrutinized, thereby bolstering user and organisational defences against encrypted threats.

To enhance security measures, Zscaler recommends the implementation of microsegmentation to limit access, routine inspection of encrypted traffic, increased isolation and defence through AI-driven cloud sandboxes, and reducing points of entry to pre-empt the impact of potential attacks. Desai emphasizes the importance of inspecting both incoming and outgoing traffic to disrupt command-and-control communications and safeguard sensitive data.