Key Points:
• Encrypted attacks are becoming increasingly prevalent, with 87.2% of all blocked attacks using TLS/SSL encryption in 2024.
• Malware is the most common type of encrypted threat, accounting for 86.5% of blocked attacks.
• The manufacturing, technology, and services industries were the most targeted by encrypted attacks, with the US and India being the top targeted countries.
As encryption becomes the default for online communication, attackers are finding new ways to exploit encrypted channels. The Zscaler ThreatLabz 2024 Encrypted Attacks Report has shed light on the growing trend of encrypted attacks, with 32.1 billion encrypted attacks blocked by the Zscaler cloud between October 2023 and September 2024.
The report highlights the rise of malware, which accounts for 86.5% of blocked attacks. Malware is becoming increasingly sophisticated, using encryption to mask payloads and evade detection. The report also found that cryptomining/cryptojacking, cross-site scripting, and phishing threats are surging, with year-over-year increases of 122.9%, 110.2%, and 34.1%, respectively.
The manufacturing, technology, and services industries were the most targeted by encrypted attacks, with the US and India being the top targeted countries. The report also identified key trends, including the abuse of cloud services by advanced persistent threat (APT) groups and the growing use of generative AI technologies to create advanced cryptomining scripts and execute highly convincing phishing campaigns.
How Zscaler stops encrypted threats:
The Zscaler Zero Trust Exchange provides a powerful solution to stopping encrypted threats. The platform eliminates blind spots via its TLS/SSL inspection capabilities and AI-driven defenses. Zscaler’s approach includes:
- Minimizing the attack surface by keeping applications and services invisible to the internet
- Preventing initial compromise through full TLS/SSL inspection and AI-powered analysis
- Eliminating lateral movement through zero trust segmentation and AI-powered, context-aware policies
- Blocking command-and-control callbacks through inline inspection of outgoing and incoming encrypted traffic
Why comprehensive TLS/SSL inspection matters:
Zscaler’s defense against encrypted threats is built on its full TLS/SSL inspection capabilities, enabled by a scalable proxy-based architecture. This approach allows organizations to inspect 100% of encrypted traffic, layer advanced security controls, and maintain high performance.
Staying ahead of encrypted threats:
The findings in the ThreatLabz 2024 Encrypted Attacks Report highlight the need for organizations to stay ahead of encrypted threats. The full report offers in-depth analysis, expert insights, and actionable best practices for improving defenses against encrypted attacks. By staying informed and implementing effective defenses, organizations can protect themselves from the growing threat of encrypted attacks.
Read the rest: Source Link
You might also like: How to get Windows Server 2022, Try Windows 11 Pro for Workstations & browse Windows Azure content.
Remember to like our facebook and our twitter @WindowsMode for a chance to win a free Surface every month.