November threat activity featured GitHub-hosted ransomware, healthcare-targeting, and (surprise) election-themed attacks

Zscaler ThreatLabZ team releases "2020 State of Encrypted Attacks" report

Cybercriminals ramped up activity in the past month, launching attacks linked thematically to the U.S. federal election, bombarding new healthcare-industry targets with ransomware assaults, and even hiding malware in plain sight on legitimate hosts like GitHub. The Zscaler ThreatLabZ cybersecurity research team headed by Deepen Desai, CISO and VP Security Research & Operations tracked it all:

• ThreatLabZ researchers discovered destructive malware disguised as an MSI installer binary hosted on GitHub, of all places. ThreatLabZ engineers reverse-engineered the malware code, and traced its source back to Chinese state-sponsored hackers. More on their detective work here.
• Healthcare and the public health sector are active ransomware targets, as noted in a joint cybersecurity advisory from various government organizations. 

The recent 2020 United States election sparked numerous election-themed scams and campaigns that involved malware, redirectors, fake domains, and fake surveys.

Underlining the latest threats, ThreatLabZ just released its annual “2020 State of Encrypted Attacks” report. This report examines the massive volume of data transactions across Zscaler’s Zero Trust Exchange, and highlights several findings:

• 80% of all traffic uses SSL/TLS encryption by default.
• SSL/TLS-encrypted threats increased by 260% in the last nine months.
• Cloud services like Google Drive, OneDrive, AWS, or Dropbox were used in 30% of all SSL-based attacks.
• Since the start of the year, the healthcare industry faced 1.6 billion encrypted threats.
• Ransomware attacks delivered via encrypted web traffic increased five times over the last six months.

You can download an infographic breakdown of the report results on Zscaler’s website.

Learn more about the report’s findings, and to download the results, read Deepen’s article on the latest November 2020 ThreatLabZ research. 

Enterprises must inspect encrypted SSL/TLS traffic to protect against attacks, period. Unfortunately, legacy on-premises security tools can’t scale to effectively decrypt, inspect, and re-encrypt traffic. That limitation carries immense risk to enterprises relying on legacy security.

Zscaler’s Zero Trust Exchange is the largest cloud  native security platform in the world, and processes more than 140 billion transactions per day (10x Google searches), and effectively blocks more than 100 million threats per day. Zscalers' cloud native-proxy architecture allows to accommodate traffic spikes and fully inspect SSL/TLS encrypted traffic for security & threat prevention using features like DLP, Sandbox, CASB, & CSPM all without compromising performance.

Among its extensive monitoring of the global Zscaler Zero Trust Exchange, the ThreatLabZ team produces the Global Internet Threats Insights dynamic dashboard. For more information on Zscaler ThreatLabZ cybersecurity research, check out our published reports here.

And a reminder: Zenith Live 2020, the premier virtual cloud summit, kicks off next month with sessions on how to secure enterprise digital transformation with scalable SSL inspection of all traffic.