According to a recent report by Zscaler, many modern cyberattacks make use of encrypted traffic, making them harder to detect and counter.

In order to better monitor internet-bound traffic and defend against incoming threats, it recommends that businesses adopt a cloud-native zero-trust architecture.

Based on analysis of more than 300 trillion signals and 270 billion transactions processed daily in the Zscaler Zero Trust Exchange, the report concludes that in 2022, Zscaler successfully stopped 24 billion encrypted threats, the vast majority of which made use of transport layer security protocols (TLS and SSL). That’s up 314% from 2020, when the company blocked 19.5 billion attacks of that type, and 20% from 2021, when it blocked 20.7 billion.

Viruses, Worms, and Ransomware

Most malware is concealed in encrypted traffic sent by cybercriminals. According to Zscaler, nearly 90% of all encrypted attack strategies blocked this year consisted of malicious scripts and payloads.

It’s safe to say that ransomware is one of the worst forms of malware (opens in new tab) currently in circulation. To be sure, ChromeLoader (an infostealer and adware), Gamaredon (a banking trojan), AdLoad (adware), SolarMarker (adware), and Manuscrypt (a cryptominer) are among the most widespread malware families, but destructive power is no guarantee of popularity.

The United States, India, the United Kingdom, and Australia continue to be primary targets, but South Africans have joined them in the top five.

The United States and Japan saw increases in attacks of 155% and 613%, respectively. A whopping 239% increase in attacks on the manufacturing sector is blamed on the fact that Covid-19 measures are still heavily impacting the way these companies function. The education sector is also noteworthy, with a year-over-year growth of 132%.

Zscaler claims that law enforcement was successful in reducing attacks against government organisations by 40% and retail by 63% because they were quick to pursue threat actors who targeted them.

According to Deepen Desai, CISO and VP of Security Research and Operations at Zscaler, “as organisations mature their cyber defences, adversaries are becoming more sophisticated, particularly in the use of evasive tactics.”

With the help of as-a-service models that drastically lower the technical barriers to entry, potential threats continue to hide in encrypted traffic. To effectively counteract these threats, businesses must implement a cloud-native, zero-trust architecture that permits constant inspection of all traffic headed for the internet.