Hyderabad: India reportedly recorded the second-highest number of encrypted cyberattacks globally, outpacing countries like France, the United Kingdom, and Australia. According to Zscaler ThreatLabz 2024 Encrypted Attacks Report, the top spot has been claimed by the United States with 11 billion attacks, while India witnessed 5.2 billion attacks between October 2023 and September 2024.
This comes after another report from the same cybersecurity company last week, titled Zscaler ThreatLabz 2024 Mobile, IoT, and OT Threat Report, claimed that India tops the list for mobile malware attacks globally, surpassing countries like the United States and Canada, and stepping up from its previous spot at third place.
The new report claims that 87 per cent of all threats were delivered via encrypted channels during the period of review. This reportedly showcases a 10 per cent increase from the previous year.
What are encrypted cyberattacks?
Encrypted cyberattacks refer to cyberattacks where malicious data or commands are hidden using encryption, which is a method of converting readable data (plaintext) into an unreadable format (ciphertext) to protect it from unauthorised access. In the context of cyberattacks, threat actors use encryption to disguise their activities, making it harder for security systems to detect and block them.
Key findings on encrypted attacks from the ThreatLabz research team
* Malware dominates encrypted cyberattacks in India: The Zscaler ThreatLabz 2024 Encrypted Attacks Report sits in line with the company's earlier malware-centric report, highlighting that malware continues to dominate cyberattacks in India and accounts for 97 per cent of all encrypted threats. During the review period, phishing attacks declined by a modest 3.8 per cent while cryptojacking incidents fell by 8.67 per cent. Based on this trend, the cybersecurity company speculates that cybercriminals are evolving their tactics, potentially using generative AI technologies to create more sophisticated types of malware.
* Sectors at target: As per the report, the manufacturing sector experienced the highest number of encrypted cyberattacks, witnessing a significant year-on-year increase of 170.88 per cent. This sector reportedly faced 13.5 billion incidents in the analysis period. Meanwhile, the technology and communication sector also saw an increase in activity, accounting for 32.6 per cent of all encrypted threats. Additionally, finance, insurance, retail, and wholesale also remained the target of encrypted attacks.
* Evolving encrypted attack trends: According to ThreatLabz, attackers are increasingly using encryption channels to steal sensitive data and employing adversary-in-the-middle (AiTM) methods with advanced tools and TLS/SSL encryption to create almost undetectable phishing campaigns. Additionally, Advanced Persistent Threat (APT) groups are reportedly exploiting cloud services traffic, blending in with legitimate usage, and using default TLS/SSL encryption to bypass network security controls.
* Surge in Cryptomining, Cross-Site Scripting, and Phishing: Significant year-over-year increases were observed in cryptomining/cryptojacking (122.9 per cent), cross-site scripting (110.2 per cent), and phishing (34.1 per cent) threats, potentially driven by the rise of generative AI technologies.
* Top Targeted Countries: The United States (11 billion attacks) and India (5.4 billion attacks) were the most targeted nations, followed by France (853.6 million), the UK (741.9 million), and Australia (672.4 million).
Protection Against Encrypted Cyberattacks
Protecting against encrypted cyberattacks involves a combination of strategies and best practices to ensure data security and mitigate risks. Here are some measures that can lessen the risk of such attacks:
- Implement Strong Encryption: Use robust encryption algorithms and protocols to protect data in transit and at rest. Ensure that encryption keys are managed securely and regularly updated.
- Deploy Advanced Threat Detection: Utilise advanced threat detection tools that can analyze encrypted traffic for suspicious patterns and behaviours. Solutions like SSL/TLS inspection can help identify and block malicious activities hidden within encrypted traffic.
- Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security, making it harder for attackers to gain unauthorised access even if they manage to decrypt data.
- Regular Security Audits: Conduct regular security audits and vulnerability assessments to identify and address potential weaknesses in your security infrastructure.
- Employee Training: Educate employees about the risks of encrypted cyberattacks and train them to recognise phishing attempts and other social engineering tactics.
- Endpoint Protection: Use endpoint protection solutions to detect and prevent malware and other threats that may exploit encrypted channels.
- Network Segmentation: Segment your network to limit the spread of an attack and protect sensitive data by isolating critical systems and information.
- Incident Response Plan: Develop and maintain an incident response plan to quickly and effectively address any security breaches or attacks.
