India has emerged as a major target for encrypted cyberattacks, ranking second globally with a staggering 5.2 billion incidents second only to the US that reported 11 billion incidents, according to the Zscaler ThreatLabz 2024 Encrypted Attacks Report. While France witnessed 854 million attacks, the UK and Australia followed with 741 million and 672 million respectively.
India witnessed a surge in web-based attacks, with cross-site scripting and browser exploit attacks increasing by 79 per cent and 173 per cent respectively.
The manufacturing sector in India experienced a dramatic 171 per cent rise in attacks, likely due to the increasing adoption of Industry 4.0 technologies. The technology and communication sector also faced a significant share of attacks, accounting for 32.6 per cent of the total.
The report reveals a concerning trend: over 87 per cent of all cyber threats were delivered via encrypted channels between October 2023 and September 2024, a 10 per cent increase from the previous year. This highlights the growing sophistication of attackers who exploit encryption to mask their malicious activities.
Malware accounted for 86 per cent of encrypted attacks, totalling 27.8 billion hits—a 19 per cent year-over-year increase. Encrypted malware includes malicious web content, malware payloads, and macro-based malware. This growing prevalence of malware reflects a strategic shift by attackers adapting tactics to thrive within encrypted traffic, using encryption to conceal malicious payloads and content.
Experts emphasise the urgent need for a robust cybersecurity strategy in India. Suvabrata Sinha, CISO-in-Residence at Zscaler India, said that it was important to inspect all traffic to detect and block threats hidden within encrypted channels. He asked organisations to increase investments in security measures and cybersecurity awareness to safeguard India’s digital future.
The Zscaler report underscores the critical importance of proactive measures to counter the evolving threat of encrypted cyberattacks. As the nation’s digital footprint expands, so too does the imperative to fortify its cyber defenses.
“The rise in encrypted attacks is a real concern as a significant share of threats are now delivered over HTTPS,” said Deepen Desai, Chief Security Officer, Zscaler.
“With threat actors focused on exploiting encrypted channels to deliver advanced threats and exfiltrate data, organisations must implement a zero-trust (trust no one) architecture. This approach helps to ensure that threats are detected and blocked effectively while safeguarding data without compromising performance,” Desai said.
