86% of cyberattacks are delivered over encrypted channels

Threats over HTTPS grew by 24% from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels, according to Zscaler.
For the second year in a row, manufacturing was the industry most commonly targeted, with education and government organizations seeing the highest year-over-year increase in attacks.
Malware, which includes malicious web content and malware payloads, continued to dominate over other types of encrypted attacks, with ad spyware sites and cross-site scripting accounting for 78% of all blocked attacks.
In total, 86% of all cyber threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels.
Malware keeps its top spot as the champion of encrypted threats, driving 23 billion encrypted hits between October 2022 and September 2023 and comprising 78% of all attempted cyberattacks.
Encrypted malware includes malicious web content, malware payloads, macro-based malware, and more.
The most prevalent malware family in 2023 was ChromeLoader, followed by MedusaLocker and Redline Stealer.
Manufacturers saw the largest amount of AI/ML transactions compared to any other industry, processing over 2.1 billion AI/ML-related transactions.
It remains the most targeted industry, accounting for 31.6% of encrypted attacks tracked by Zscaler.
As smart factories and the Internet of Things become more prevalent in manufacturing, the attack surface is expanding and exposing the sector to more security risks and creating additional entry points that cybercriminals can exploit to disrupt production and supply chains.
The use of popular generative AI applications, like ChatGPT, on connected devices in manufacturing heightens the risk of sensitive data leakage over encrypted channels.
The education and government sectors experienced a 276% and 185% year-over-year surge in encrypted attacks, respectively.
The education industry has also seen a significantly expanded attack surface in recent years, with the shift to enable more remote and connected learning.
The government sector remains an attractive target, particularly for nation-state-backed threat actors, as reflected in the growth of encrypted threats.
To defend against the evolving encrypted threat landscape, enterprises must rethink traditional approaches to security and networking and adopt more comprehensive, zero-trust architectures.
Enterprises must implement a zero trust architecture that inspects all encrypted traffic and leverages AI/ML models to block or isolate malicious traffic.
This creates a single, operationally simple way to apply policy across all traffic, without impacting performance or creating a compliance nightmare.
Recommendations to prevent encrypted attacks Use a cloud native, proxy-based architecture to decrypt, detect, and prevent threats in all encrypted traffic at scale.
Inspect all traffic, all the time, use SSL inspection to detect malware payloads, phishing and C2 activity that use SSL/TLS communication.
Leverage an AI-driven sandbox to quarantine unknown attacks and stop patient zero malware that may be delivered over TLS. Evaluate the organization's attack surface to quantify risk and secure the exposed attack surface.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Thu, 21 Dec 2023 04:43:04 +0000


Cyber News related to 86% of cyberattacks are delivered over encrypted channels

86% of cyberattacks are delivered over encrypted channels - Threats over HTTPS grew by 24% from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels, according to Zscaler. For the second year in a row, manufacturing was the industry most commonly targeted, with ...
11 months ago Helpnetsecurity.com
CVE-2009-3874 - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary ...
6 years ago
CVE-2023-28842 - Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is ...
1 year ago
Microsoft tests Windows 11 encrypted DNS server auto-discovery - Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. Without DNR support, users must manually enter the info ...
11 months ago Bleepingcomputer.com
Understanding Each Link of the Cyberattack Impact Chain - It's often difficult to fully appreciate the impact of a successful cyberattack. Other consequences aren't so obvious - from a loss of customer trust and potential business to stolen data that may surface as part of another cyberattack years later. ...
11 months ago Securityboulevard.com
See How Our Cloud-Delivered Security Services Provide 357% ROI - Investing in Palo Alto Networks Cloud-Delivered Security Services provided a 357% return on investment and net present value of $10.04 million over 3 years, along with a 6-month payback period, according to a recently released Forrester Consulting ...
8 months ago Paloaltonetworks.com
CVE-2023-28841 - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is ...
1 year ago
SIEM agent being used in SilentCryptoMiner attacks | Securelist - The most interesting action in this attack was the implementation of unusual techniques like using an SIEM agent as backdoor, adding the malicious payload to a legitimate digital signature, and hiding directories containing malicious files. The ...
1 month ago Securelist.com
ARMO announces new Slack integration - We're thrilled to introduce a fresh ARMO app designed exclusively for Slack, delivering notifications directly to the channels where your teams focus on tackling security concerns related to Misconfiguration, Vulnerabilities, and Compliance. This ...
10 months ago Securityboulevard.com
Beware! Hackers Use YouTube Channels Deliver Lumma Malware - Hackers use YouTube channels to deliver malware due to the huge user base of the platform. By using YouTube channels, hackers disguise their malicious content as:-. The popularity of YouTube also gives the threat actors the ability to evade general ...
10 months ago Gbhackers.com
CVE-2023-28840 - Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is ...
1 year ago
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions - Middle East oil and gas operators will need to be vigilant about the risk of cyberattacks as the Israel-Gaza conflict continues, security experts warn, or else risk energy supply disruption globally. A recent report by S&P Global Ratings found that ...
11 months ago Darkreading.com
Cisco AI Assistant for Security helps customers automate complex tasks - This marks a major step in making AI pervasive in the Security Cloud, Cisco's unified, AI-driven, cross-domain security platform. The AI Assistant will help customers make informed decisions, augment their tool capabilities and automate complex ...
11 months ago Helpnetsecurity.com
Scammers Are Tricking Anti-Vaxxers Into Buying Bogus Medical Documents - The owner of the channel uses the name of a legitimate US-based plastic surgeon who has around 50,000 followers on social media, and a photograph of another doctor. The channels also claim to sell the drug ivermectin, which the US Food and Drug ...
11 months ago Wired.com
CVE-2022-24721 - CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By ...
2 years ago
CVE-2023-52531 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
Hijacked: How hacked YouTube channels spread scams and malware - As one of today's most popular social media platforms, YouTube is often in the crosshairs of cybercriminals who exploit it to peddle scams and distribute malware. Thefts of popular YouTube channels up the game further. By extending the reach of the ...
4 months ago Welivesecurity.com
What Apple's Promise to Support RCS Means for Text Messaging - RCS will thankfully bring a number of long-missing features to those green bubble conversations in Messages, but Apple's proposed implementation has a murkier future when it comes to security. The RCS standard will replace SMS, the protocol behind ...
9 months ago Eff.org
Russian hackers hijack Ukrainian TV to broadcast Victory Day parade - Russia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II. According to the Ukrainian agency responsible for television and ...
6 months ago Therecord.media
From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence - This article summarizes the malware families seen by Unit 42 and shared with the broader threat hunting community through our social channels. We also included a number of posts about the cybercrime group TA577 - who have distributed multiple malware ...
10 months ago Unit42.paloaltonetworks.com
North Korean Hackers Behind Major Cyberattacks, Confirmed by FBI - The FBI released a statement confirming that North Korea was behind a series of major cyberattacks in the past year. It is the first time that the FBI has attributed such activity to North Korea. The attacks included intrusions into networks, ...
1 year ago Thehackernews.com
Ransomware Attacks Strike South Africa, Decline in UAE - Cybercrime - and especially ransomware - traditionally have had an uneven impact across the Middle East and Africa, yet recent data suggests that ongoing geopolitical conflicts will likely raise the overall level of cyberattacks across the regions. ...
11 months ago Darkreading.com
Israel Battles Spike in Wartime Hacktivist, OT Cyberattacks - For Israel, 2023 will be remembered as the beginning of the war in Gaza after the devastating Hamas terror attacks on Oct. 7. The conflict spread to the cyber realm, with hacktivists on both sides declaring their intentions to conduct cyberattacks. ...
10 months ago Darkreading.com
Cybercriminals continue targeting open remote access products - Cybercriminals still prefer targeting open remote access products, or like to leverage legitimate remote access tools to hide their malicious actions, according to WatchGuard. Medusa ransomware variant surges in Q3. Threat actors increasingly use ...
11 months ago Helpnetsecurity.com
Healthcare giant Henry Schein hit twice by BlackCat ransomware - American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. Henry Schein is a Fortune 500 healthcare products and services provider with ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)