314 Percent Spike in HTTPS Threats, According to Zscaler Study

Global cloud security solutions provider Zscaler has released its annual ‘State of Encrypted Attacks Report’, which tracked and analyzed over 20 billion threats blocked over HTTPS – a protocol originally designed for secure communication over networks. Threats over HTTPS have risen by more than 314 percent year-over-year, surpassing 250 percent for the second year in a row.

This year’s study published by Zscaler found this increase of more than 314 percent year-over-year across geographical areas that include APAC, Europe, and North America. According to Zscaler, it underscores the need for a zero trust security model and greater traffic inspection than most companies can achieve with legacy firewall-based security models.

Zscaler’s Zero Trust Exchange analyzes over 190 billion daily transactions and extracts over 300 trillion signals, resulting in unrivaled business data visibility at scale.

These large data sets were used by the Zscaler ThreatlabZ research team to provide unique insights into the security risks posed by encrypted channels in key industries. Threats in SSL and TLS traffic increased attack rates in seven of the study’s industries, while the most-targeted industry last year, healthcare, had a 27 percent decline in attack rates since January 2021. In contrast, the technology industry was hit by threats at a considerably higher rate than other industries, accounting for half of all attacks.


Zscaler prevented more than 20 billion attacks through HTTPS between January 2021 and September 2021, up 314 percent over the previous year. Cybercriminals are becoming more sophisticated in their attacks, thanks to linked networks and malware-as-a-service tools on the dark web.

While hackers may hide in encrypted communications using a variety of attack vectors, harmful material accounted for 91 percent of assaults, up 212 percent over the previous year. Cryptomining malware, on the other hand, is down 20%, suggesting a larger shift in attack behavior, with ransomware becoming a more profitable choice.

Encrypted Channels

Cybercriminals are increasingly sophisticated in their tactics, according to Zscaler, and they’re using encrypted channels at various stages of malware and ransomware attacks.

“Most enterprise IT and security teams recognize this reality but often struggle to implement SSL/TLS inspection policies due to a lack of compute resources and/or privacy concerns,” said Deepen Desai, CISO and VP Security Research and Operations at Zscaler. “As a result, encrypted channels create a significant blind spot in their security postures. Zscaler’s new report on the state of encrypted attacks demonstrates that the most effective way to prevent encrypted attacks is with a scalable, cloud-based proxy architecture to inspect all encrypted traffic, which is essential to a holistic zero trust security strategy.”

Tech Industry Under Attack

Photo Deepen Desai, CISO and VP Security Research and Operations at Zscaler
“Most enterprise IT and security teams recognize this reality but often struggle to implement SSL/TLS inspection policies due to a lack of compute resources and/or privacy concerns,” said Deepen Desai, CISO and VP Security Research and Operations at Zscaler.

Attacks against tech, retail, and wholesale firms experienced a considerable rise in threats, according to the Zscaler ThreatlabZ research. Assaults on technology businesses grew by 2,300 percent, while attacks on retail and wholesale increased by more than 800 percent.

Cybercriminals are predicted to target more ecommerce solutions and digital payment systems with malware and ransomware assaults during the 2021 Christmas shopping season, as more merchants provide digital purchasing choices. The unexpected necessity to provide distant employees with remote connection to teleconferencing, SaaS-based software, and public cloud workloads has worsened this.

Tech companies are also an attractive target due to their role in the supply chain. A successful supply-chain assault, such as Kaseya and SolarWinds, can provide attackers with a wealth of user data. Furthermore, when the world returns to normal and companies and public events reopen throughout the world, many individuals continue to work in somewhat unsafe situations. Cybercriminals are very interested in gaining access to vital point-of-sale systems since it allows them to make a lot of money.


Attacks on healthcare institutions declined by 27% in 2021 after being a top target in 2020. Attacks on government entities, meanwhile, reduced by 10%. The Colonial Pipeline hack and the ransomware attack on the Health Services Executive of Ireland have drawn the attention of the highest levels of law enforcement, including the White House, which recently issued an Executive Order to bolster the nation’s cybersecurity.

“After being the two most frequently targeted sectors in 2020, healthcare and government organizations had an immense sense of urgency to revamp their security postures with modern architectures, which are largely based on zero trust,” added Deepen Desai. “There was also increased government scrutiny and a law enforcement crackdown on cybercriminal groups in response to high-profile attacks against critical services such as Colonial Pipeline. As a result of these two factors, we have seen a decrease in attacks on healthcare and government organizations this year.”

More Countries Targeted

Attacks were detected by Zscaler ThreatLabz in over 200 countries and territories throughout the world, including minor countries that aren’t usual targets, such as Caribbean islands. Employees are also venturing out beyond the traditional large tech centres like the San Francisco Bay Area, New York, London, Paris, and Sydney as a result of an increase in work-from-anywhere policies.

The five most-targeted countries of encrypted attacks include the U.K. (5,446,549,767), U.S. (2,674,879,625), India (2,169,135,553), Australia (1,806,003,182), and France (519,251,819).

As a whole, Europe led the way with 7,234,747,361 attacks, with APAC (4,924,732,36) and North America (2,778,360,051) rounding out the top three.

Protecting Your Business

It’s becoming increasingly vital for businesses to guarantee that their assets and traffic to those assets are safe as they move to accommodate new, digitally enabled working methods. Zscaler ThreatLabz advocates a zero trust security approach to reduce the threat of encrypted attacks. This method would allow enterprises to:

  • Prevent Compromise – To guarantee that everyone has the same degree of security at all times, whether they are at home, at headquarters, or overseas, provide consistent security for all users and locations. Use a cloud-native, proxy-based architecture to examine all traffic for each user, decrypting, detecting, and preventing threats hidden in HTTPS traffic.
  • Prevent Lateral Movement – To decrease your attack surface and prevent lateral movement by attackers, use zero trust architecture with deception. This design hides programs from attackers while letting authorized users to access only the resources they need, rather than the entire network.
  • Prevent Data Loss – Stop patient-zero malware and ransomware by quarantining unknown threats or infected programs in an AI-driven sandbox. Unlike firewall-based passthrough alternatives, this architecture retains all suspicious content for examination, guaranteeing that hacking efforts are thwarted before they can gain access to sensitive systems and steal business-critical data.

Research Methodology

The ThreatLabz team looked at data from the Zscaler security cloud, which tracks over 190 billion transactions every day all across the world. Over a nine-month period from January to September 2021, Zscaler stopped across 20.7 billion threats sent over encrypted channels.

The full report can be downloaded here.