sb-eu logo
Story image

Ransomware attacks over SSL increase by 500%, Zscaler report shows

In 2020, cyber criminals have been targeting the healthcare industry the most. In fact, the sector received 1.6 billion SSL based threats, at 25.5% of the total.

This is according to the new Zscaler report titled '2020 State of Encrypted Attacks', published by the ThreatLabZ team.

The research reveals the emerging techniques and impacted industries behind a 260% spike in attacks, using encrypted channels to bypass legacy security controls.

It is based on insight sourced from over 6.6 billion encrypted threats across the Zscaler cloud from January through September 2020 over encrypted channels.

Following healthcare, the top industries under attack by SSL-based threats were finance and Insurance (at 1.2 billion threats, or 18.3%), manufacturing (1.1 billion, 17.4%), government (952 million, 14.3%), and services (730 million 13.8%).

The report also found that 30% of SSL-based attacks were delivered through trusted cloud providers.

In fact, cyber criminals continue to become more sophisticated in avoiding detection, taking advantage of the reputations of trusted cloud providers such as Dropbox, Google, Microsoft, and Amazon to deliver malware over encrypted channels, the report states.

In addition, Zscaler states that Microsoft remains the most targeted brand for SSL-based phishing.

Since Microsoft technology is among the most adopted in the world, Zscaler identified Microsoft as the most frequently spoofed brand for phishing attacks, which is consistent with ThreatLabZ 2019 report.

Other popular brands for spoofing included PayPal and Google.

Cyber criminals are also increasingly spoofing Netflix and other streaming entertainment services during the COVID-19.

In addition to this, Zscaler researchers witnessed a 5x increase in ransomware attacks over encrypted traffic beginning in March, when the World Health Organization declared the COVID-19 virus a pandemic.

Earlier research from Zscaler indicated a 30,000% spike in COVID-related threats, when cyber criminals first began preying on fears of the virus.

Overall, phishing attacks neared 200 million. In fact, as one of the most commonly used attacks over SSL, phishing attempts reached more than 193 million instances during the first nine months of 2020.

For phishing attempts, the manufacturing sector was the most targeted (38.6%) followed by services (13.8%), and healthcare (10.9%).

Zscaler CISO and vice president of security research, Deepen Desai, says, “Cyber criminals are shamelessly attacking critical industries like healthcare, government and finance during the pandemic, and this research shows how risky encrypted traffic can be if not inspected.

"Attackers have significantly advanced the methods they use to deliver ransomware, for example, inside of an organisation utilising encrypted traffic.

"The report shows a 500% increase in ransomware attacks over SSL, and this is just one example to why SSL inspection is so important to an organisation’s defense.”

Story image
Claroty finds four vulnerabilities in Schneider Electric OT device
Unmitigated vulnerabilities could give an attacker access to the device, enabling the attacker to break encryption, modify code, and run certain commands.More
Story image
Kaspersky unveils two major update to its Transparency Initiative
The company has announced the opening of a new Transparency Center, as well as the ompletion of a widespread transferal of data storage and processing activities to Switzerland.More
Story image
The ultimate network security audit checklist
Experts project that losses and damage from cybercrime will skyrocket, with attacks ranging from spam and phishing to malware and spyware — all compromising the safety of sensitive data and proprietary information. These attacks can be minimised by performing network security audits regularly.More
Story image
ThreatQuotient & Infoblox integrate threat intelligence capabilities
“Together, our integration eases the consumption of threat intelligence from various internal and external sources to ensure that intelligence is accurate, relevant and timely to an organisation’s business.”More
Story image
Vectra expands NDR capabilities across all network environments
Vectra’s network threat detection and response (NDR) solution is designed to use cloud identities that track and link attacker activities and progression across all networks.More
Story image
Secure Code Warrior launches offering to help developers adopt a security mindset
Secure Code Warrior, the secure coding company, has launched a new educational offering that simulates realistic situations to help developers extend their coding skills and preparedness.More