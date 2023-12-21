Manufacturing Industry at Highest Risk as Encrypted Threats Continue to Rise

Encrypted cyber threats have risen 24% from 2022, demonstrating the growing sophistication of cybercriminal tactics that target encrypted channels, according to a report Zscaler. For the second year in a row, the manufacturing industry remains the most targeted, while education and government organizations have experienced the highest year-over-year increase in attacks. Malware, including malicious web content and malware payloads, continues to dominate encrypted attacks, accounting for 78% of all blocked attacks. With 86% of all cyber threats being delivered over encrypted channels, organizations need to employ effective security measures to defend against these threats.

Manufacturing Industry Remains Prime Target

Encrypted malware poses a significant threat, accounting for 23 billion encrypted hits between October 2022 and September 2023. It constitutes 78% of all attempted cyberattacks. The most prevalent malware families during this period were ChromeLoader, MedusaLocker, and Redline Stealer. Manufacturing serves as the most targeted industry, making up 31.6% of encrypted attacks monitored Zscaler. Additionally, the sector faces increased risks with the rise of smart factories and the Internet of Things (IoT), expanding the attack surface and exposing vulnerabilities that cybercriminals can exploit to disrupt production and supply chains.

Education and Government Sectors in the Crosshairs

Education and government sectors witnessed a significant surge in encrypted attacks, with a 276% and 185% year-over-year increase, respectively. The education industry has faced an expanded attack surface due to the shift towards remote and connected learning. On the other hand, the government sector remains an attractive target for nation-state-backed threat actors. This growth in encrypted threats highlights the importance of bolstering security measures within these sectors.

Defending Against Encrypted Threats

To combat the evolving landscape of encrypted cyber threats, organizations must adopt a comprehensive, zero-trust approach. Traditional security and networking methods are no longer sufficient. Enterprises should implement a cloud-native, proxy-based architecture that enables the decryption, detection, and prevention of threats in all encrypted traffic at scale. SSL inspection is crucial in uncovering malware payloads, phishing attempts, and command-and-control activity that use SSL/TLS communication. Leveraging AI-driven sandboxes is also recommended to quarantine unknown attacks and halt the spread of patient zero malware delivered over TLS. Furthermore, organizations should evaluate their attack surface to quantify risk and develop strategies to secure exposed vulnerabilities. Implementing a zero-trust architecture and user-app segmentation ensures that all connectivity is secured, with least privilege access enforced even for authenticated users.