Enterprises are blind to over half of malware sent to their employees

As the use of SSL grows to the point where it’s the standard protocol, cybercriminals are increasingly using encryption to conceal and launch attacks. This has become possible because SSL certificates, which used to be difficult to obtain, are now readily available at no charge.

Zscaler released the 2019 Cloud Security Insights Threat Report – An Analysis of SSL/TLS-based threats, which examines encrypted traffic across the Zscaler cloud from July through December 2018. The report, compiled by the Zscaler ThreatLabZ research team, delves into a variety of attacks executed over SSL and blocked by Zscaler, including phishing attacks, botnets, browser exploitation, and malicious content.

“With the ever-increasing concerns over data privacy, there has been a massive trend toward Internet properties having encryption by default. This is a great thing for privacy, but it presents a challenge to IT security. Decrypting, inspecting, and re-encrypting traffic is nontrivial, causing significant performance degradation on traditional security appliances, and most organizations are not equipped to inspect encrypted traffic at scale,” said Amit Sinha, Executive Vice President of Engineering and Cloud Operations, Chief Technology Officer, Zscaler.

“With a high percentage of threats now delivered with SSL encryption, and over 80 percent of Internet traffic now encrypted, enterprises are blind to over half of malware sent to their employees. The Zscaler cloud platform enables “man-in-the-middle” SSL inspection at scale, so it can inspect SSL traffic without latency and capacity limitations and provide customers with protection against the growing number of threats attempting to hide behind encryption,” Sinha added.

During the study period, Zscaler blocked 1.7 billion threats hidden in SSL traffic, which translates to an average of 283 million advanced threats blocked per month.

Key research highlights

• Phishing: On average, the Zscaler cloud platform blocked 2.7 million phishing attacks over encrypted channels per month in 2018. This represents an increase of more than 400 percent when compared to SSL-based phishing attacks blocked in 2017.
• Malicious content: An average of 32 million botnet callback attempts were blocked by the Zscaler cloud platform every month in 2018.
• Browser exploitation: The Zscaler cloud platform blocked an average of 240,000 browser exploitation attempts per month in 2018.
• Newly registered domains: Nearly 32 percent of newly registered domains that were blocked by the Zscaler cloud platform were using SSL encryption.

“One of the most notable SSL threat trends that we saw in 2018 was the increase in JavaScript skimmer-based attacks. These attacks start with the e-commerce sites being compromised and injected with malicious, obfuscated JavaScript, which, in turn, tries to tap into purchase transactions,” said Deepen Desai, Vice President of Security Research, Zscaler. “With the increase in JavaScript skimmer-based attacks, criminals can conduct their nefarious activity within the confines of the SSL environment, leaving most e-commerce sites unaware of the activity.”