A new report from cloud computing security company Zscaler says that many modern cyberattacks take advantage of encrypted traffic, which means they are more difficult to identify and block.
The report states that businesses need to adopt a cloud-based, zero-trust architecture to better monitor internet-related traffic and fend off inbound threats.
A zero-trust architecture is defined as an enterprise cybersecurity architecture that is based on principles of zero trust and designed to prevent data breaches and limit internal lateral movement.
Based on more than 300 trillion daily signals and 270 billion daily transactions via Zscaler Zero Trust Exchange, the report indicates that in 2022 alone the company blocked about 24 billion cryptographic threats, most of them using TLS or SSL security protocols. These numbers represent a 20 percent increase from 2021, when the company blocked 20.7 billion such attacks, and a 314 percent increase from 2020.
Zscaler says that in most cyberattacks, cybercriminals hide malware in encrypted traffic, and that malicious scripts and payloads account for nearly 90 percent of all cryptographic attack methods blocked this year.
Among all the different types of malware, ransomware remains, according to Zscaler, one of the most destructive. There are also more popular strains of malware: ChromeLoader, Gamaredon, AdLoad, SolarMarker, and Manuscrypt.
According to the report, the biggest targets remain those in the United States, India, the United Kingdom and Australia, with South African victims making it into the top five for the first time.
- At 613 percent and 155 percent, respectively, Japan and the United States were among the countries that saw an increase in cyberattacks. The manufacturing industry remains the top target with an increase of 239 percent, mostly due to COVID-19 measures, which continue to dictate the way these businesses operate. Another notable industry was education, which saw a 132 percent increase year-on-year.
- On the other hand, cyberattacks against government and retail organizations decreased by 40 percent and 63 percent, respectively, mostly because, according to Zscaler, law enforcement agencies were quick to go after the actors they targeted.
Deepin Desai, Chief Information Security Officer and VP of Security Research and Operations at Zscaler, said that while organizations are improving their cyber defenses, adversaries are also getting more sophisticated, particularly in their use of circumvention tactics.
Desai added that potential threats continue to hide in encrypted traffic, aided by service models that significantly reduce the technical barriers to doing so.