Cybersecurity firm Zscaler has released their latest State of Encrypted Attacks Report, highlighting the growth in HTTPS threats since January as well as other attacks facing tech companies and retailers.
The report found that HTTPS threats have increased by more than 314% while attacks on tech companies grew by 2,300% and retail companies saw an 800% increase in attacks. According to the report, the tech industry accounted for 50% of all attacks they tracked. Instances of malware were up 212% in the report and phishing rose by 90%.
The report tracks more than 20 billion threats blocked over HTTPS and analyzes about 190 billion daily transactions through its Zero Trust Exchange that took place from January to September. From there, the Zscaler ThreatlabZ research team goes through the data to compile the report.
Deepen Desai, CISO at Zscaler, said most enterprise IT and security teams struggle to implement SSL/TLS inspection policies due to a lack of compute resources and/or privacy concerns.
“As a result, encrypted channels create a significant blind spot in their security postures. Zscaler’s new report on the state of encrypted attacks demonstrates that the most effective way to prevent encrypted attacks is with a scalable, cloud-based proxy architecture to inspect all encrypted traffic, which is essential to a holistic zero trust security strategy,” Desai said.
The researchers found that cryptomining is becoming less prevalent as cybercriminals move toward more lucrative options like ransomware.
Zscaler noted that attacks on retailers are likely to increase during the holiday season as more companies offer digital purchase options and promote e-commerce solutions.
The company predicts a wave of malware and ransomware attacks targeting e-commerce platforms and digital payment systems between Black Friday and Christmas.
“Additionally, as the world begins its return to normal, and as businesses and public events are opening up around the globe, many employees are still working in relatively insecure environments. Getting access to critical point-of-sale systems is extremely attractive to cybercriminals as it opens the door to huge profits,” the report noted.
Healthcare and governmental organizations saw a decrease in attacks but overall, seven industries saw attack rates increase from threats in SSL and TLS traffic.
Desai attributed the decrease to increased law enforcement scrutiny following the attacks on Colonial Pipeline and other critical industries. Desai noted that both healthcare and government were the most frequently targeted sectors in 2020, prompting many organizations within both industries to stiffen their security posture.
The UK, US, India, Australia and France led the way as the top five targets of encrypted attacks.
When broken down by region, Zscaler ThreatLabz researchers found that Europe saw the most attacks at more than 7.2 billion, followed by the Asia Pacific region at almost 5 billion and North America, which had about 2.8 billion. The UK led Europe with 5.4 billion encrypted attacks targeting them followed by the US and India, which both had more than 2 billion attacks sent their way.