Security cloud provider Zscaler’s analysis reveals manufacturing sector faces surge in encrypted attacks, with threat actors exploiting HTTPS channels.
The increasing adoption of HTTPS encryption across the internet has presented a growing challenge for cybersecurity teams. While encryption protocols protect legitimate traffic, they also provide cover for malicious actors to hide attacks from traditional security tools. This dual nature of encryption has created a complex security landscape where organisations must balance data privacy with threat detection.
New research from cloud security firm Zscaler provides insights into this challenge, indicating a significant shift in how cyber attacks are being conducted. The company’s analysis shows 87% of threats now use encrypted channels – a 10% increase from the previous year. The findings, based on examination of 32.1 billion blocked threats between October 2023 and September 2024, highlight how threat actors are adapting their tactics to exploit HTTPS protocols.
The rise in encrypted attacks comes as organisations worldwide increase their use of cloud services and remote work solutions, expanding the potential attack surface that security teams must monitor. Traditional perimeter-based security approaches struggle to inspect encrypted traffic at scale, creating potential blind spots in enterprise defences.
“The rise in encrypted attacks is a real concern as a significant share of threats are now delivered over HTTPS,” says Deepen Desai, Chief Security Officer at Zscaler. “With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organisations must implement a zero trust architecture with TLS/SSL inspection at scale.”
Manufacturing sector bears brunt of Zscaler-detected threats
The manufacturing sector emerged as the primary target, accounting for 42% of encrypted attacks detected by Zscaler’s security cloud. This represents nearly triple the volume faced by the technology and communications sector, which ranked second. The surge in manufacturing attacks, up 44% year-on-year, coincides with the sector’s adoption of Industry 4.0 technologies and connected systems.
KEY FACTS
- 27.8 billion: Total malware incidents detected in encrypted traffic
- 123%: Year-on-year increase in cryptomining attacks using encrypted channels
- 42%: Proportion of encrypted attacks targeting the manufacturing sector
Beyond manufacturing and technology, the services sector ranked third in terms of attack frequency, followed by education and retail sectors. This distribution suggests threat actors are targeting sectors with complex supply chains and extensive digital infrastructure.
Analysis of geographic distribution shows the United States experienced 11 billion encrypted attacks, whilst India recorded 5.4 billion incidents. France, the United Kingdom, and Australia complete the top five most targeted nations, with 854 million, 741 million and 672 million attacks respectively.
Zero trust architecture emerges as key defence against encrypted threats
Zscaler’s research identifies four stages in advanced attacks: initial reconnaissance, network breach via exploits or stolen credentials, lateral movement with privilege escalation, and data exfiltration. The company’s Zero Trust Exchange platform, which operates across 150 global data centres, provides security controls at each stage.
A central component of this defence strategy is full TLS/SSL inspection capabilities, based on what Zscaler terms an advanced proxy architecture. The company advocates for inspection of all network traffic to protect against threats concealed within encrypted channels.
Common attack patterns reveal sophistication in malware deployment
Malware constituted 86% of encrypted attacks, totalling 27.8 billion incidents – a 19% increase from the previous year. The research identified AsyncRAT, Choziosi Loader and AMOS/Atomic Stealer as prevalent malware variants actively exploiting encrypted channels. Additional threats included Agent Tesla, Koi Loader and Ducktail malware families.
Web-based attacks showed marked increases, with cryptomining attacks up 123% and cross-site scripting incidents rising 110%. Phishing attempts using encrypted channels increased by 34%, with researchers suggesting AI tools may be facilitating this growth.
“With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organisations must implement a zero trust architecture.” – Deepen Desai, Chief Security Officer, Zscaler.
The findings indicate that threat actors are evolving their techniques to exploit the trust inherently placed in encrypted communications channels. The Zscaler platform’s approach includes microsegmentation to reduce access for authenticated users and AI-driven cloud sandbox capabilities to isolate unknown attacks.
The research methodology involved analysis of threats blocked by the Zscaler security cloud, providing insight into attack patterns across various sectors and regions. The company’s ThreatLabz research team, responsible for threat hunting and protection of organisations using the Zscaler platform, conducted the analysis.
“With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organisations must implement a zero trust architecture with TLS/SSL inspection at scale,” says Deepen. “This approach helps to ensure that threats are detected and blocked effectively, whilst safeguarding data without compromising performance.”
