Attackers hide malware inside encrypted traffic. Is this still news to you? Not anymore.
As per research by ZScaler, this year witnessed a 260% rise in the use of encrypted traffic to hide malware. Among the encrypted attacks, ransomware saw an increase of 500%, with the most frequently striking strains being Maze, Ryuk, REvil, and FileCrypt/FileCoder.
What does this imply?
Threat actors are leveraging SSL certificates to hide their attacks. This implies that the use of encryption has been turned into a possible threat without any proper inspection. In other words, this signifies that adversaries are using industry-standard encryption measures to hide malware inside encrypted traffic and carrying out attacks that evade detection.
Some stats your way
- The healthcare sector was the most targeted with 1.6 billion encrypted attacks, followed by the finance and manufacturing sectors.
- Over 30% of these attacks hide in collaboration services, such as Dropbox, AWS, and Google Drive.
- Phishing attacks accounted for more than 193 million, with the manufacturing sector the most targeted (38.6%), followed by services (13.8%) and healthcare (10.9%).
Stay safe but how?
- Reduce the attack surface by providing authorization to the selected few instead of the entire network.
- Take measures to detect and prevent threats in SSL traffic.
- Provide security to all users at every location.
The bottom line
Attack techniques are evolving but so are defense techniques. Since no sector is immune to security threats, it is only advisable to implement a multi-layered security strategy.