According to ThreatLabz, 87% of all cyber threats between October 2023 and September 2024 were delivered via encrypted channels.
This is a ten percent increase from the previous year. In its 2024 Encrypted Attacks report, cloud security leader Zscaler provides an overview of the latest threats that Zscaler’s security cloud has blocked.
“The rise in encrypted attacks is concerning, especially with a large percentage of threats being delivered via HTTPS,” said Deepen Desai, Chief Security Officer at Zscaler. “Organizations must adopt a Zero Trust architecture and TLS/SSL inspection at scale to effectively stop these threats while maintaining performance and data protection.”
Encrypted malware
The report found that encrypted malware dominates attacks. Malware makes up 86% of encrypted attacks, with a staggering 27.8 billion incidents detected – an increase of 19% year-on-year. Attackers use encryption to hide malicious content and payloads, such as macro-based malware and compromised web pages.
In addition to malware, web-based attacks such as crypto mining (123%), cross-site scripting (110%), and phishing (34%) increased. The growth of generative AI is contributing to this explosive increase.
The manufacturing sector is by far the most prominent target
The manufacturing sector is by far the biggest target of encrypted threats, with 42% of attacks. Attacks on this sector increased by 44% year-on-year, fueled by the adoption of Industry 4.0 and connected systems. This significantly increased the attack surface, making manufacturers more vulnerable to cyber threats.
The top five most affected sectors are manufacturing, technology and communications, services, education, retail and wholesale. Regionally, the United States and India are the primary targets. France is in third place.