Cyberattacks that use encrypted channels to bypass legacy security controls rose by 260 percent from the beginning of 2020 through September, with the healthcare sector seeing the biggest industry-specific jump in targeted attacks, according to research released this week by cloud security provider Zscaler based on insights sourced from 6.6 billion encrypted threats across the Zscaler cloud.
“Encrypting internet traffic via SSL (Secure Sockets Layer), and its more modern replacement TLS (Transport Layer Security), is the global standard for protecting data in transit, and the vast majority of internet traffic today is encrypted,” the Zscaler report says. “The problem is that criminals are using encryption, too, to hide malware and other exploits. This means that traffic moving through encrypted channels can no longer be trusted simply by virtue of a digital certificate.”
“What makes the attacks so nefarious is that the exploit or hidden malware is encrypted, too, which changes its le structure completely,” the report says. “Cybersecurity systems rely on a file’s structure (or “fingerprint”) to identify incoming threats; if it’s structured a certain way, the system knows to block it. But each time a file is encrypted, it gets a brand-new fingerprint that isn’t recognized as a threat.”
Of the industry-specific encrypted threats measured by Zscaler, the report finds that the healthcare sector accounted for 1.6 billion such threats, or 25.5 percent of the total, followed by: finance and insurance, with 1.2 billion threats, or 18.3 percent; manufacturing, with 1.1 billion threats, or 17.4 percent; government, with 952 million threats, or 14.3 percent; and services, with 730 million threats, or 13.8 percent.
Elsewhere in the report, Zscaler found that the coronavirus pandemic is driving a surge in ransomware attacks, with a 500 percent increase in attacks over encrypted traffic beginning in March of this year.
It also found that phishing-based attacks – one of the most commonly used exploits over SSL – reached more than 193 instances during the first nine months of this year as measured by Zscaler. Of that total, the manufacturing sector was the most heavily targeted at 38.6 percent of instances, followed by the services sector at 13.8 percent, and the healthcare sector at 10.9 percent.
“Cybercriminals are shamelessly attacking critical industries like healthcare, government and finance during the pandemic, and this research shows how risky encrypted traffic can be if not inspected,” commented Deepen Desai, CISO and Vice President of Security Research at Zscaler. “Attackers have significantly advanced the methods they use to deliver ransomware, for example, inside of an organization utilizing encrypted traffic. The report shows a 500 percent increase in ransomware attacks over SSL, and this is just one example to why SSL inspection is so important to an organization’s defense.”
“Inspecting encrypted traffic is mission-critical for all organizations to protect against these attacks,” said Zscaler, which performs SSL inspection at scale. “A multilayered defense-in-depth strategy that fully supports SSL inspection ensures that enterprises are protected from escalating threats hiding in their encrypted traffic,” the company said.