IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

HTTPS-based attacks soar over 300%

Tech companies hit hardest by attacks using encrypted protocol

Https attacks on the increase

Attacks using the encrypted HTTPS protocol rose threefold over the last year as online criminals get more sophisticated, said security company ZScaler in a report released today. 

The State of Encrypted Attacks 2021 report found that as the adoption of HTTPS increases, attackers are using it to cloak their activities and blend in with other traffic. 

HTTPS is the encrypted version of the Hypertext Transfer Protocol (HTTP), which is the transfer protocol for web sessions. Browsers use it to communicate with websites, protecting traffic from local snoopers. The major browsers now warn users when they are visiting non-HTTPS sites. 

Technology companies got the brunt of it, suffering from a 2,344% rise in HTTPS attacks. Retail and wholesale companies saw an 841% increase. 

The report noted a drop in HTTPS-based attacks against healthcare companies and government organizations, which it attributed to increased scrutiny by law enforcement. 

The types of attacks launched over HTTPS are also changing rapidly. Cryptomining and cross-site scripting attacks are dropping off just as other types of attacks rise dramatically. 

Malware (including ransomware) grew by 212% and was the most prevalent type of attack. Nine in ten attacks via HTTP involved malware. It was followed by ad spyware, which grew the most, at 435%, followed by browser exploits. 

Related Resource

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Prevent fraud and phishing attacks with DMARC - whitepaper from MimecastFree download

Phishing, a common infection route for ransomware attacks, grew by 90%, driven by attacks launched through legitimate services. Microsoft 365 was by far the most common attack vector for phishers, as criminals can host credible-looking credential-harvesting sites and malicious files on this service. 

Attackers also use HTTPS to target web applications with attacks including credential stuffing, where they try to log into applications using a collection of stolen logins. Attackers interacted with almost 70% of HTTPS-based web-facing applications, the report warned. 

Zscaler said that companies should inspect their HTTPS packets to analyze their activities and gain visibility into attacks.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

RATDispenser evades nine in ten anti-virus engines
Security

RATDispenser evades nine in ten anti-virus engines

24 Nov 2021
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
Millions of routers and NAS devices vulnerable to BotenaGo malware
malware

Millions of routers and NAS devices vulnerable to BotenaGo malware

12 Nov 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022