Encrypted cyberattacks spiked 260 percent in the first nine months of 2020 compared to the same period last year, with hospitals bearing the brunt of nearly 26 percent of the shelling, a recent report said.
Some 6.6 billion threats were hidden inside of encrypted traffic during through September, 2020, Zscaler ThreatLabZ’s research team said in its new 2020 State of Encrypted Attacks report detailing cyber gangs’ use of encrypted channels to bypass legacy security controls. During that time, the healthcare industry faced more encrypted threats than any other industry with 1.6 billion attacks (26%). By comparison, the finance and insurance industry was victimized by 1.2 billion encrypted attacks (18%), followed by manufacturing with roughly 1 billion (17%), government at 952 million (14%) and services at 730 million (14%).
COVID-19 has given healthcare cyber crime a boost. In the nine months the study tracked, healthcare experienced the most malware attacks (27%), faced the second most ransomware kidnappings (26%) and the third most phishing attempts (11%). Since March, when the COVID-19 contagion picked up a tail wind, ransomware delivered via encrypted web traffic meteored by 400 percent. From January - March, Zscaler calculated a 30,000 percent increase in COVID-19 related phishing, malicious websites and malware targeting remote users. As a reference point, in January it saw and blocked 1,200 such attacks but in March alone it identified 380,000 attacks.
Zscaler drew data for the report from the number of security threats, which averaged more than 730 a month, cloaked inside encrypted traffic blocked by its cloud security platform. On an absolute basis, during the first three quarters of last year, Zscaler’s cloud jammed about 283 million threats in encrypted traffic.
“SSL encryption was designed to protect traffic from prying eyes, but adversaries have also leveraged it to hide attacks, turning the use of encryption into a potential threat without proper inspection,” Zscaler said in the report. ”Cybercriminals know what security experts know: that SSL/TLS encryption is the industry standard way to protect data in transit. Those same cyber criminals use industry-standard encryption methods themselves, devising clever ways to hide malware inside encrypted traffic to carry out attacks that bypass detection.”
Other key findings include:
- More than 30 percent of SSL-based attacks hide in collaboration services such as Google Drive, OneDrive, AWS and/or Dropbox.
- Phishing attempts over SSL topped more than 190 million instances during the first nine months of 2020. The manufacturing sector was the most targeted (39%) followed by services (14%) and healthcare (11%).
- Microsoft is the most frequently spoofed brand for SSL-based phishing attacks. Other popular spoofing targets include PayPal and Google. Cybercriminals are also increasingly spoofing Netflix and other streaming entertainment services during the pandemic.
“It’s increasingly important to recognize that SSL traffic is not necessarily secure traffic,” Zscaler said. “Just as the use of encryption has increased, so has its use among adversaries to hide their attacks.”
Here are its tips for organizations to guard against dangers hidden in encrypted traffic without diminishing performance:
- Decrypt, detect, and prevent threats in all SSL traffic with a cloud-native proxy-base architecture that can inspect all traffic for every user.
- Quarantine unknown attacks and stop patient-zero malware with AI-driven quarantine that holds suspicious content for analysis, unlike firewall-based passthrough approaches.
- Provide consistent security for all users and all locations to ensure everyone has the same great security all the time, whether they are at home, at headquarters, or on the go.
- Instantly reduce your attack surface by starting from a position of zero trust, where lateral movement can’t exist. Apps are invisible to attackers, and authorized users directly access needed resources, not the entire network
“No industry is immune to security threats,” Zscaler wrote. “And as more traffic is encrypted, inspecting that traffic has become mission-critical. A multilayered, defense-in-depth strategy that fully supports SSL inspection is essential to ensure that enterprises are protected from escalating threats hiding in their encrypted traffic.”
