Manufacturing Facing Surge of Encrypted Cyber Attacks
The internet's evolution towards ubiquitous HTTPS encryption has created a challenge when it comes to safeguarding digital assets.
While encryption secures legitimate online activities, it also provides a concealment layer for cybercriminals, complicating the threat detection landscape.
Organisations including manufacturers now find themselves navigating between enhancing privacy and effectively pinpointing potential threats.
Insights from cloud-based security giant Zscaler illuminate the changing dynamics in cybersecurity threats, revealing an alarming trend: 87% of detected threats now operate through encrypted channels, marking a 10% increase over just one year.
This statistic stems from their analysis of a staggering 32.1 billion threats intercepted from October 2023 through September 2024.
The shift highlights how malicious entities are increasingly harnessing the protective veil provided by HTTPS to evade traditional security measures.
As the digital enterprise landscape expands, partly due to the upsurge in cloud solutions and remote working frameworks, organisations are compelled to rethink their security strategies.
Traditional perimeter-based defences are proving inadequate for thorough inspection of encrypted traffic, spotlighting significant vulnerabilities within corporate security arsenals.
This is especially true for manufacturers, who are a frequent target for this kind of cyberattack.
Manufacturing: One of the most targeted industries
The manufacturing sector has been the biggest victim of encrypted attacks, subjected to 42% of the incidents recorded by Zscaler.
This figure nearly triples that of the assaults aimed at the technology and communications sector.
Such an uptick, rising by 44% year-on-year, runs parallel with the industry’s integration of Industry 4.0 innovations and interconnected infrastructures.
The attack distribution also pinpoints other sectors like services, education, and retail, hinting at a broader trend where highly digital and interconnected supply networks attract more cyber threats.
This paints a clear picture of cybercriminals targeting industries with expansive and intricate digital footprints.
Countries like the United States, India, France, the United Kingdom and Australia also bear significant brunts of these attacks, indicating an extensive geographical span of cyber threat activities.
"The rise in encrypted attacks is a real concern as a significant share of threats are now delivered over HTTPS," says Deepen Desai, Chief Security Officer at Zscaler.
“With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organisations must implement a zero trust architecture with TLS/SSL inspection at scale.”
Zero Trust: A cornerstone in cyber defense
- 27.8 billion: Total malware incidents detected in encrypted traffic
- 123%: Year-on-year increase in cryptomining attacks using encrypted channels
- 42%: Proportion of encrypted attacks targeting the manufacturing sector
Zscaler doesn't only chart these disturbances but also suggests formidable countermeasures.
Within the arsenal is the Zero Trust Exchange, a platform designed to mitigate risks through all attack stages: from initial scouting and network breach via exploits or stolen credentials, to lateral movement encompassing privilege elevation and subsequent data theft.
The heart of this strategy lies in meticulous TLS/SSL inspection, ensuring comprehensive scrutiny of all network traffic.
Zscaler advocates this across its 150 global data centres, aiming to undercut the cloaked threats lurking within encrypted communications.
Trends in malware and web attacks
The research throws light on specific threats, noting a 19% increase in malware incidences which now represent 86% of encrypted threats.
Noteworthy culprits include AsyncRAT, Choziosi Loader and AMOS/Atomic Stealer, all exploiting encryption to mask their malicious operations.
Web-based incursions like crypto-mining and cross-site scripting have also seen unprecedented spikes, surging by 123% and 110% respectively, while encrypted phishing escapades grew by 34%.
This evidence supports a narrative of sophisticated, adaptive threat mechanisms exploiting the inherent trust placed in encrypted communications.
With AI tools potentially facilitating phishing, the landscape seems more daunting.
Zscaler’s multi-faceted defensive strategy, which employs micro-segmentation and cloud-driven AI sandboxing, pledges robust defence and operational fluidity.
The research encapsulated in Zscaler’s audit showcases an urgent call-to-action: Manufacturers must embrace a zero trust framework, bolstered with comprehensive TLS/SSL inspection, to navigate this encrypted, and increasingly hostile cyber terrain efficiently.
Explore the latest edition of Manufacturing Digital and be part of the conversation at our global conference series, Manufacturing LIVE.
Discover all our upcoming events and secure your tickets today.
Manufacturing Digital is a BizClik brand.