Security Market Segment LS
Wednesday, 25 November 2020 11:51

VIDEO Interview: Zscaler CISO Deepen Desai talks 2020 State of Encrypted Attacks report

By

With Zscaler’s new research showing attackers turning to encrypted attacks during the pandemic, and encryption-based threats growing by 260% this year, not even healthcare was able to avoid the onslaught of SSL-based attacks - but thankfully, there are defences in active use by businesses to protect IT infrastructure, customers and users.

Zscaler. The company says “Zscaler security as a service is delivered through a purpose-built, globally distributed platform” that is “cloud from the beginning” and “built for the future”. Zscaler also promises its customers that you can “Break free from the cost of owning and maintaining security point products”, and that “Zscaler closes security gaps and moves enterprises to the cloud”.

It is also enabling “secure digital transformation”, and given the massive rise in online threats during the unprecedented year this has been, it’s no wonder that Zscaler, and other security companies out there - have been kept very busy securing their customers from ever evolving threats.

Earlier this month, Zscaler released its “2020 State of Encrypted Attacks” report, published by the Zscaler ThreatLabZ team

For those wondering, ThreatLabZ is the embedded global research team at Zscaler, and includes “security experts, researchers, and network engineers responsible for analysing and eliminating threats across the Zscaler security cloud and investigating the global threat landscape. The team shares its research and cloud data with the industry at large to help promote a safer internet”.

We’re told that the threat research “reveals the emerging techniques and impacted industries behind a 260% spike in attacks using encrypted channels to bypass legacy security controls” and that the report “provides guidance on how IT and security leaders can protect their enterprise from the rising trend of encrypted threats, based on insight sourced from over 6.6 billion encrypted threats across the Zscaler cloud from January through September 2020 over encrypted channels”.

The 2020 State of Encrypted Attacks report is a detailed, 20-page PDF that is free to download and read, after free registration.

Here’s my video interview with Deepen Desai, the CISO and VP of Security Research & Operations at Zscaler - more detail on the report is below, so please read on thereafter!

So, what are the headline findings from the report?

Well, showing that cybercriminals will not be dissuaded by a global health crisis, the report shows they targeted the healthcare industry the most. The research revealed the top industries under attack by SSL-based threats were:

1. Healthcare: 1.6 billion (25.5%)
2. Finance and Insurance: 1.2 billion (18.3%)
3. Manufacturing: 1.1 billion (17.4%)
4. Government: 952 million (14.3%)
5. Services: 730 million (13.8%)

Other key findings include:

COVID-19 is Driving a Ransomware Surge:
Zscaler researchers witnessed a 5x increase in ransomware attacks over encrypted traffic beginning in March, when the World Health Organization declared the virus a pandemic. Earlier research from Zscaler indicated a 30,000% spike in COVID-related threats, when cybercriminals first began preying on fears of the virus.

Phishing Attacks Neared 200 Million:
As one of the most commonly used attacks over SSL, phishing attempts reached more than 193 million instances during the first nine months of 2020. The manufacturing sector was the most targeted (38.6%) followed by services (13.8%), and healthcare (10.9%).

30% of SSL-Based Attacks Delivered Through Trusted Cloud Providers:
Cybercriminals continue to become more sophisticated in avoiding detection, taking advantage of the reputations of trusted cloud providers such as Dropbox, Google, Microsoft, and Amazon to deliver malware over encrypted channels.

Microsoft Remains Most Targeted Brand for SSL-Based Phishing:
Since Microsoft technology is among the most adopted in the world, Zscaler identified Microsoft as the most frequently spoofed brand for phishing attacks, which is consistent with ThreatLabZ 2019 report. Other popular brands for spoofing included PayPal and Google. Cybercriminals are also increasingly spoofing Netflix and other streaming entertainment services during the pandemic.

Deepen Desai, CISO and Vice President of Security Research at Zscaler said: “Cybercriminals are shamelessly attacking critical industries like healthcare, government and finance during the pandemic, and this research shows how risky encrypted traffic can be if not inspected.

“Attackers have significantly advanced the methods they use to deliver ransomware, for example, inside of an organisation utilising encrypted traffic. The report shows a 500% increase in ransomware attacks over SSL, and this is just one example to why SSL inspection is so important to an organisation’s defence.”

Zscaler reminds us that “Inspecting encrypted traffic is mission-critical for all organisations to protect against these attacks. A multilayered defence-in-depth strategy that fully supports SSL inspection ensures that enterprises are protected from escalating threats hiding in their encrypted traffic.

“Processing more than 130 billion transactions per day, Zscaler performs SSL inspection at scale, helping organisations securely connect their users in a work-from-anywhere world”.

The 2020 State of Encrypted Attacks report is a detailed, 20-page PDF that is definitely worth downloading and reading for yourself!


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments