The Zscaler Zero Trust Exchange is built on the world’s largest security cloud, which brokers over 190 billion daily transactions (that’s roughly 50x the number of daily Google searches), and extracts over 300 trillion signals each day. The ThreatLabz research team analyzes this massive data set to monitor threats, improve security controls, and to publish in-depth research on the evolving threat landscape.
Today, we released what may be our most-anticipated annual study, The State of Encrypted Attacks. In this report, ThreatLabz looks at the use of encrypted traffic (HTTPS, SSL, TLS) -- which is often considered to be safe and trusted -- to examine attacks and security risks.
The report found that more than 80% of attacks now use encrypted channels, up from 57% in last year’s study.
This should serve as a wake-up call: organizations must inspect their encrypted traffic just like any other traffic. This is problematic as it’s resource-intensive to decrypt, inspect, and re-encrypt traffic with legacy hardware-based security tools. This means shelling out more money for more devices, plus the added side-effect of slowing traffic to a crawl. But, by failing to do so, they’re giving malicious actors an easy entry into their environments.
Of course, there’s another option: using a cloud-native proxy architecture such as Zscaler allows for scalable inspection of all encrypted traffic without the performance degradation or added expense and complexity of legacy hardware.
In January through September 2021, threats over encrypted channels rose 314% when compared to the same period the previous year, which itself was a 260% rise from 2019. Encryption is not a deterrent to attackers, and in fact offers them multiple advantages: encrypted traffic is less likely to be inspected by security teams, and without SSL inspection, malicious files are much harder to fingerprint, allowing malware to slip by undetected.
Some top trends:
The State of Encrypted Attacks goes into great detail into all of these statistics and more -- including top attack types and threat families, most targeted applications, industry data, and in-depth case studies.
Zero trust strategies and architectures -- in which you trust nobody and inspect and authenticate everything -- are the most effective means of protecting your organization from encrypted attacks, as well as other advanced cyberthreats. Zscaler’s tenets of zero trust include:
These tenets align directly to the attack chain, which typically involves three distinct stages. Attacks start with an initial compromise of an endpoint or asset exposed to the internet. Once inside, the attacker undergoes lateral propagation, performing reconnaissance and establishing a network foothold. Finally, attackers take action to achieve their objectives, which often involves data exfiltration. Therefore, your defenses should involve controls for each of those stages:
Security controls to prevent compromise:
Security controls to prevent lateral movement:
Security controls to prevent data theft:
Learn more -- download your copy of the report today!