Zscaler, Inc. published its Zscaler ThreatLabz 2024 Encrypted Attacks Report, which explores the latest threats blocked by the Zscaler security cloud and provides critical insights into how encryption has become a conduit for more sophisticated threats, further compounded by the rise of artificial intelligence (AI). The findings suggest that India registered 5.2 billion, the second-highest number of encrypted attacks globally, preceded by the U.S. (11 billion) – surpassing countries like France (854 million), the UK (741 million), and Australia (672 million).
ThreatLabz found that over 87% of all threats were delivered over encrypted channels between October 2023 and September 2024—a 10% increase year-over-year. The report offers strategies and best practices to help organisations tackle these covert threats.
“The rise in encrypted attacks is a real concern as a significant share of threats are now delivered over HTTPS,” said Deepen Desai, Chief Security Officer, Zscaler. “With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organisations must implement a zero-trust architecture with TLS/SSL inspection at scale. This approach helps to ensure that threats are detected and blocked effectively, while safeguarding data without compromising performance.”
Encrypted malware continues to dominate
Malware accounted for 86% of encrypted attacks, totaling 27.8 billion hits—a 19% year-over-year increase. Encrypted malware includes malicious web content, malware payloads, macro-based malware, etc. This growing prevalence of malware reflects a strategic shift by attackers adapting tactics to thrive within encrypted traffic, using encryption to conceal malicious payloads and content.
According to ThreatLabz researchers, the most active malware families globally were – AsyncRAT, Choziosi Loader/ChromeLoader, AMOS/Atomic Stealer, Ducktail, Agent Tesla and Koi Loader.
The report highlights significant year-over-year increases in web-based attacks, including a 79.39% surge in cross-site scripting and a 172.81% increase in browser exploit attacks. Malware, phishing and ad spyware sites topped the list for India, with malwares accounting for nearly 97% of all encrypted threats observed. Interestingly, cryptomining/cryptojacking saw a slight decline of 8.67%, while phishing attacks decreased by 3.80%. These trends may reflect the evolving tactics of threat actors, potentially fueled by the growing use of generative AI technologies by threat actors.
Most targeted industry verticals
In India, manufacturing was the most-targeted industry, experiencing a dramatic 170.88% year-on-year increase in encrypted attacks. This surge is likely fueled by rapid advancements in Industry 4.0 and the integration of interconnected systems, which have expanded the attack surface. The technology & communication sector was the second-most targeted, accounting for 32.6% of the encrypted attacks. Other heavily impacted industries included finance & insurance and retail & wholesale, showcasing the diverse range of sectors under threat in India.
“As India’s digital landscape expands, so does the threat landscape. The report highlighting 5.4 billion encrypted attacks serves as a stark reminder that cybercriminals are relentless”, said Suvabrata Sinha, CISO-in-Residence, India at Zscaler. “As we enter 2025, to protect our digital assets, we must adopt a Zero Trust approach, inspecting 100% of traffic to protect users and organisations from threats concealed within encrypted channels. We can build a more secure digital India by investing in robust security measures and empowering our workforce with cybersecurity awareness.”
Stopping encrypted attacks with zero trust
Understanding how zero trust disrupts encrypted threats requires looking at a typical attack sequence. Advanced attacks often unfold in four stages:
- First, attackers conduct reconnaissance to find a way into the targeted network.
- Next, they breach the network, often via exploits, brute-force attacks or stolen credentials.
- Once inside, they move laterally, escalate privileges and establish persistence.
- Finally, they carry out their objectives, typically conducting data exfiltration to extract valuable information that can be leveraged for further extortion or attacks.
The Zscaler Zero Trust Exchange platform provides security controls at each stage to mitigate risk and stop encrypted threats.
Organizations can bolster their ability to protect their devices, apps and data from encrypted attacks by following these recommendations:
- 1. Understand that any internet-facing service can be found and attacked or abused
- 2. Inspect incoming encrypted traffic to detect and block threats
- 3. Use a zero-trust architecture to secure all connectivity holistically between users and applications, between devices like IoT and OT systems, between all locations and branch offices, between cloud workloads and more.
- 4. Implement microsegmentation to reduce access, even for authenticated users.
- 5. Leverage an AI-driven cloud sandbox to isolate and quarantine unknown attacks and stop patient-zero malware before it touches users.
- 6. Reduce the number of entry points into an environment.
- 7. Inspect outgoing northbound traffic along with incoming southbound traffic to disrupt C2 communications and protect sensitive data.
