Zscaler’s 2021 Encrypted Assaults Report Reveals 314% Spike in HTTPS Threats

Are Baby Boomers More Vulnerable Online Than Younger Generations? You Might Be Surprised

Key findings

  • Threats over HTTPS have elevated greater than 314 p.c year-over-year, exceeding 250% progress for the second straight 12 months.
  • Assaults on tech firms elevated by 2,300 p.c year-over-year; assaults on retail and wholesale firms elevated by 800 p.c.
  • Healthcare and authorities assaults noticed a lower in assaults year-over-year.
  • The UK, U.S., India, Australia, and France are the highest 5 targets of encrypted assaults.
  • Malware is up 212 p.c, and phishing is up 90 p.c, whereas cryptomining assaults are down 20 p.c.

SAN JOSE, October 28, 2021Zscaler, Inc. (NASDAQ: ZS), the chief in cloud safety, at the moment introduced the discharge of its annual State of Encrypted Assaults Report, which tracked and analyzed over 20 billion threats blocked over HTTPS, a protocol initially designed for safe communication over networks. This 12 months’s examine discovered a rise of greater than 314 p.c year-over-year throughout geographical areas that embrace APAC, Europe, and North America, underscoring the necessity for a zero belief safety mannequin and higher visitors inspection than most firms can obtain with legacy firewall-based safety fashions.

Zscaler’s Zero Belief Trade analyzes greater than 190 billion each day transactions, extracting over 300 trillion alerts which gives unmatched visibility to enterprise information at scale. ThreatlabZ analysis crew leveraged these giant information units to offer distinctive insights into safety dangers posed by encrypted channels throughout key industries. Seven of the industries within the examine skilled greater assault charges from threats in SSL and TLS visitors, whereas final 12 months’s most-targeted trade, healthcare, noticed a lower of 27 p.c since January 2021. Conversely, the expertise trade was stricken by threats at a price a lot greater than different varieties of companies, accounting for 50 p.c of assaults.

In at the moment’s enterprise, greater than 80 p.c of internet-bound visitors is encrypted, which signifies that enterprises face the distinctive problem of imposing constant safety for all of their distant customers. Cybercriminals are more and more subtle of their ways, they usually’re utilizing encrypted channels at varied levels of malware and ransomware assaults.

“Most enterprise IT and safety groups acknowledge this actuality however usually battle to implement SSL/TLS inspection insurance policies attributable to a scarcity of compute assets and/or privateness issues,” stated Deepen Desai, CISO and VP Safety Analysis and Operations at Zscaler. “In consequence, encrypted channels create a big blind spot of their safety postures. Zscaler’s new report on the state of encrypted assaults demonstrates that the simplest strategy to forestall encrypted assaults is with a scalable, cloud-based proxy structure to examine all encrypted visitors, which is crucial to a holistic zero belief safety technique.”

Cybercrime at an all-time excessive

Between January 2021 and September 2021, Zscaler blocked greater than 20 billion threats over HTTPS, rising greater than 314 p.c from the earlier 12 months. Cybercriminals are getting more and more savvy with their assaults and have benefited from affiliated networks and malware-as-a-service instruments out there on the darkish net.

Whereas cybercriminals can use varied assault varieties to cover in encrypted visitors, malicious content material represented a staggering 91 p.c of assaults, a 212 p.c enhance over final 12 months. In distinction, cryptomining malware is down 20 p.c, reflecting a broader shift within the assault traits, with ransomware changing into a extra profitable choice.

Tech trade underneath siege

The report discovered that assaults on tech, retail, and wholesale firms noticed a big enhance in threats. Assaults on expertise firms elevated by a staggering 2,300 p.c, and retail and wholesale noticed assaults enhance by over 800 p.c. As extra retailers supply digital purchasing choices through the 2021 vacation purchasing season, cybercriminals are anticipated to be focusing on extra ecommerce options and digital fee platforms with malware and ransomware assaults. This has been exacerbated by the sudden must assist distant employees with distant connectivity to teleconferencing, SaaS-based apps, and public cloud workloads.

Tech firms are additionally a gorgeous goal attributable to their function within the provide chain. A profitable supply-chain assault like Kaseya and SolarWinds can provide attackers entry to a trove of person data. Moreover, because the world begins its return to regular, and as companies and public occasions are opening up across the globe, many workers are nonetheless working in comparatively insecure environments. Having access to crucial point-of-sale methods is extraordinarily engaging to cybercriminals because it opens the door to very large earnings.

Crucial companies see a decline

After being a high goal in 2020, assaults on healthcare organizations decreased by 27 p.c in 2021. Equally, assaults on authorities organizations decreased by 10 p.c. Ransomware assaults that focused crucial companies, together with the Colonial Pipeline assault and the ransomware assault on the Well being Companies Govt of Eire, have caught the eye of the best ranges of regulation enforcement, together with the White Home, which not too long ago signed an Govt Order to enhance the nation’s cybersecurity.

“After being the 2 most steadily focused sectors in 2020, healthcare and authorities organizations had an immense sense of urgency to revamp their safety postures with trendy architectures, that are largely primarily based on zero belief. There was additionally elevated authorities scrutiny and a regulation enforcement crackdown on cybercriminal teams in response to high-profile assaults towards crucial companies reminiscent of Colonial Pipeline,” stated Desai. “On account of these two components, we’ve seen a lower in assaults on healthcare and authorities organizations this 12 months.”

Extra international locations focused

Zscaler ThreatLabz noticed assaults in over 200 international locations and territories worldwide, together with small international locations that aren’t widespread targets reminiscent of islands throughout the Caribbean. As well as, a rise in work-from-anywhere has led to workers branching out from the same old big tech hubs like, the San Francisco Bay Space, New York, London, Paris, Sydney.

The 5 most-targeted international locations of encrypted assaults embrace the U.Ok. (5,446,549,767), U.S. (2,674,879,625), India (2,169,135,553), Australia (1,806,003,182), and France (519,251,819).

As a complete, Europe led the way in which with 7,234,747,361 assaults, with APAC (4,924,732,36) and North America (2,778,360,051) rounding out the highest three.

Defend your online business

As organizations shift to assist new, digitally enabled working fashions, it’s more and more necessary to make sure that their property and visitors to these property are safe. To decrease the menace from encrypted assaults, Zscaler ThreatLabz recommends a zero belief safety technique that permits organizations to:

  • Stop Compromise: Present constant safety for all customers and all places to make sure everybody has the identical stage of safety on a regular basis, whether or not they’re at residence, at headquarters, or overseas. Use a cloud-native, proxy-based structure to examine all visitors for each person and decrypt, detect, and stop threats that could be hiding in HTTPS visitors.
  • Stop Lateral Motion: Use zero belief structure with deception to scale back your assault floor and stop lateral motion by cybercriminals. This sort of structure makes functions invisible to attackers whereas permitting approved customers to immediately entry wanted assets and never all the community.
  • Stop Knowledge Loss: Quarantine unknown assaults or compromised apps in an AI-driven sandbox to cease patient-zero malware and ransomware. Not like with firewall-based passthrough approaches, this design holds all suspicious content material for evaluation, making certain that breach makes an attempt are stopped earlier than they can entry delicate methods and steal business-critical data.

To obtain the total report, see the 2021 State of Encrypted Assaults.


The ThreatLabz crew evaluated information from the Zscaler safety cloud, which displays over 190 billion transactions each day throughout the globe. Zscaler blocked over 20.7 billion threats transmitted by way of encrypted channels over a nine-month window from January 2021 via September 2021.

About Zscaler

Zscaler (NASDAQ: ZS) accelerates digital transformation so clients could be extra agile, environment friendly, resilient, and safe. The Zscaler Zero Belief Trade protects 1000’s of consumers from cyberattacks and information loss by securely connecting customers, gadgets, and functions in any location. Distributed throughout greater than 150 information facilities globally, the SASE-based Zero Belief Trade is the world’s largest in-line cloud safety platform.

Zscaler™ and the opposite emblems listed at https://www.zscaler.com/authorized/emblems are both (i) registered emblems or service marks or (ii) emblems or service marks of Zscaler, Inc. in america and/or different international locations. Every other emblems are the properties of their respective homeowners.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts