Zscaler, Inc., the leader in cloud security, announced today the release of its semi-annual 2019 Cloud Security Insights Threat Report -
An Analysis of SSL/TLS-based Threats, which examines encrypted traffic
across the Zscaler cloud from July through December 2018. The report,
compiled by the Zscaler ThreatLabZ research team, delves into a variety
of attacks executed over SSL and blocked by Zscaler, including phishing
attacks, botnets, browser exploitation, and malicious content.
As
the use of SSL grows to the point where it's the standard protocol,
cybercriminals are increasingly using encryption to conceal and launch
attacks. This has become possible because SSL certificates, which used
to be difficult to obtain, are now readily available at no charge.
"With
the ever-increasing concerns over data privacy, there has been a
massive trend toward Internet properties having encryption by default.
This is a great thing for privacy, but it presents a challenge to IT
security. Decrypting, inspecting, and re-encrypting traffic is
nontrivial, causing significant performance degradation on traditional
security appliances, and most organizations are not equipped to inspect
encrypted traffic at scale," said Amit Sinha, Executive Vice President
of Engineering and Cloud Operations, Chief Technology Officer, Zscaler.
"With a high percentage of threats now delivered with SSL encryption,
and over 80 percent of Internet traffic now encrypted, enterprises are
blind to over half of malware sent to their employees. The Zscaler
cloud platform enables "man-in-the-middle" SSL inspection at scale, so
it can inspect SSL traffic without latency and capacity limitations and
provide customers with protection against the growing number of threats
attempting to hide behind encryption."
During the study period, Zscaler blocked 1.7 billion threats hidden in SSL traffic, which translates to an average of 283 million advanced threats blocked per month.
Key Research Highlights:
- Phishing: On
average, the Zscaler cloud platform blocked 2.7 million phishing
attacks over encrypted channels per month in 2018. This represents an
increase of more than 400 percent when compared to SSL-based phishing
attacks blocked in 2017.
- Malicious Content: An average of 32 million botnet callback attempts were blocked by the Zscaler cloud platform every month in 2018.
- Browser Exploitation: The Zscaler cloud platform blocked an average of 240,000 browser exploitation attempts per month in 2018.
- Newly Registered Domains: Nearly 32 percent of newly registered domains that were blocked by the Zscaler cloud platform were using SSL encryption.
"One
of the most notable SSL threat trends that we saw in 2018 was the
increase in JavaScript skimmer-based attacks. These attacks start with
the e-commerce sites being compromised and injected with malicious,
obfuscated JavaScript, which, in turn, tries to tap into purchase
transactions," said Deepen Desai, Vice President of Security Research,
Zscaler. "With the increase in JavaScript skimmer-based attacks,
criminals can conduct their nefarious activity within the confines of
the SSL environment, leaving most e-commerce sites unaware of the
activity."