Zscaler ThreatLabz 2023 State of Encrypted Attacks Report

In-depth insights into the single largest source of threats: encrypted traffic
Rising Risk

Encryption is a double-edged sword

HTTPS is the standard for encrypting and protecting data on the web—yet threat actors are using TLS/SSL to quietly move malware, ransomware, and phishing attacks past defenses. In fact, we found that encryption is used to disguise almost 86% of cyberthreats.

How can enterprises protect against threats hiding in encrypted traffic?

Key Findings
Deep analysis of threats hiding in encrypted traffic
The Zscaler ThreatLabz 2023 State of Encrypted Attacks Report explores top attack tactics, targets, threat actors, and more based on an analysis of more than 29 billion blocked threats from the world’s largest inline security cloud.
Malware makes up 78.1% of encrypted threats

Malware represents the largest share of attacks over TLS/SSL, followed by ad spyware sites and phishing. Malware families like ChromeLoader, MedusaLocker, and RedLine Stealer were the most prevalent in our study, showcasing the volume and diversity of the threat.

Education and government saw 276.4% and 185% surges in encrypted attacks, respectively

While manufacturing saw the highest volume of attacks, the education and government sectors saw the sharpest increases in encrypted threats, pointing to renewed cybercriminal interest in those areas.

Phishing attacks targeting enterprise user credentials grew 13.7%

User credential theft and abuse are on the rise. Many attacks that mimic application login screens are linked to apps from Microsoft, Adobe, Google, Facebook, Amazon, Netflix, and others. Given the sizeable risk, organizations should take particular care to protect users from phishing.

Report insights

In the full 2023 State of Encrypted Attacks Report, you'll find:

  • A breakdown of the encrypted threat landscape
  • Key malware families and other threat categories driving encrypted attacks
  • Geographic and industry threat analysis
  • Actionable best practices to secure TLS/SSL traffic and stop encrypted threats
  • Encrypted threat predictions for 2024
Prevent encrypted attacks

Secure your encrypted traffic with zero trust

It’s a significant challenge to inspect 100% of TLS/SSL-encrypted traffic at scale—yet without inspection, large portions of encrypted threats can pass by unnoticed. A true inline zero trust architecture inspects encrypted traffic at scale to defend against the full range of threats, without performance degradation. The Zscaler Zero Trust Exchange™️ enables connectivity only after applying seven layers of zero trust security controls for every user, device, cloud workload, and more—with a single policy set, at cloud scale, and without hampering productivity.


Read the report to learn how the Zero Trust Exchange secures encrypted traffic, prevents compromise, and protects corporate data.

dots pattern

Get the report

Download the Zscaler 2023 ThreatLabz State of Encrypted Attacks Report for our complete findings and expert insights.