5 Encrypted Attack Predictions for 2025

The cyberthreat landscape of 2024 was rife with increasingly sophisticated threats, and encryption played a pivotal role—a staggering 87.2% of threats were hidden in TLS/SSL traffic. The Zscaler cloud blocked 32.1 billion attempted encrypted attacks, a clear demonstration of the growing risk posed by cybercriminals leveraging encryption to evade detection.

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

ThreatLabz reported that malware continues to dominate as the leading encrypted threat, with phishing, cryptojacking, and cross-site scripting (XSS) rapidly on the rise. From nation-state-backed APT groups abusing cloud services to generative AI amplifying phishing, encrypted threats are evolving fast. Industries like manufacturing, technology, and services are bearing the brunt, and the United States and India remain prime targets.

Encrypted threats are showing no signs of slowing down in 2025. The following ThreatLabz predictions explore the shifting dynamics of these stealthy attacks—and the actions your organization must take to stay protected.

Top encrypted attack predictions for 2025Prediction 1: Artificial intelligence and automation will drive a surge in encrypted threatsThe convergence of AI and encrypted traffic will pose escalating challenges for security teams, especially those relying on outdated security tools. Generative AI is likely already fueling threats hidden in encrypted channels with its ability to automate and scale malicious operations, from crafting localized and personalized phishing emails to automating the creation of malicious scripts and payloads. By embedding these threats in TLS/SSL traffic, cybercriminals make detection even more challenging.

Prediction 2: Threat actors will archive encrypted communication for future post-quantum decryptionWith advancements in quantum computing, threat actors are preparing for a future where today’s encryption standards can be broken. More cybercriminals will begin archiving encrypted communications with the intent to decrypt them once post-quantum cryptography becomes viable.

In August 2024, the National Institute of Standards and Technology (NIST) finalized the first post-quantum encrypted standards. Although cryptanalytically relevant quantum computers are not expected until the 2030s, threat actors are already planning for this eventuality. Organizations must prioritize adopting post-quantum encrypted standards to safeguard their data against future decryption threats.

Prediction 3: Abuse of legitimate cloud services will drive encrypted attack growthAs organizations increasingly rely on trusted cloud platforms, cybercriminals will also increasingly turn to these cloud platforms to deliver encrypted threats, capitalizing on the inherent trust in these services. By leveraging default TLS/SSL encryption and the trust granted to widely used cloud providers and their certificates, attackers can embed malicious content within encrypted traffic, making detection far more difficult.

ThreatLabz research revealed a rise in cloud service abuse by advanced persistent threat (APT) groups in 2024, revealing Dropbox, OneDrive, and Telegram are the three most abused legitimate cloud services globally.

Prediction 4: Advanced persistent threat (APT) groups will intensify their use of encrypted channels to conceal activitiesNation-state-backed APT groups are poised to weaponize encrypted channels as a core tactic to conduct stealthy and persistent cyber operations, making encrypted threats a dominant challenge in the APT landscape. These groups have the resources and expertise to abuse weaknesses in encrypted protocols, posing heightened risks to government agencies and critical infrastructure.

A notable trend observed by ThreatLabz in 2024 is the rise of APT groups exploiting cloud platforms. By blending in with legitimate traffic, these groups extend the lifespan of their campaigns and make their command-and-control infrastructure harder to trace. This growing misuse of cloud services highlights the urgent need for advanced inspection of encrypted traffic across cloud environments. For further insights into this, check out the ThreatLabz 2024 Encrypted Attacks Report.

Prediction 5: Encrypted command-and-control (C2) activity will become stealthierMalware typically relies on C2 servers to receive information and exfiltrate data. The next wave of malware threats will be defined by a shift toward encrypted, low-profile C2 methods as attackers adapt to evade AI-driven defense systems that detect volume-based anomalies.

Rather than generating large volumes of traffic that can be easily detected, attackers will minimize the volume and signature of C2 communications. By using encrypted channels to conceal their activities, they can evade detection by traditional security systems. This trend will set a new standard for sophisticated threat tactics, making it even more difficult for organizations to identify and block malicious communications.

How to stop encrypted attacks in 2025Stopping encrypted attacks requires advanced security solutions capable of inspecting encrypted traffic without compromising performance. The Zscaler Zero Trust Exchange™ offers a comprehensive approach to tackling encrypted threats at every stage of an attack:Minimize the attack surfaceUnchecked encrypted connections, such as those through VPNs or exposed workloads, can expand the attack surface. Zscaler eliminates this risk by keeping applications and services invisible to the internet, effectively reducing the attack surface. By adopting a zero trust architecture, organizations can ensure that only authorized users can access specific applications, preventing attackers from exploiting encrypted connections to reach critical systems.Prevent initial compromiseZscaler Internet Access™ (ZIA) performs full TLS/SSL inspection to verify every connection and stop hidden threats without sacrificing performance. ZIA uses AI-powered analysis and inline detection to identify and block sophisticated threats within encrypted traffic. Unlike traditional, resource-intensive physical appliances, ZIA’s cloud native approach allows organizations to scale encrypted traffic inspection capabilities without performance bottlenecks. This ensures that encrypted threats are detected and blocked before they can cause harm.Eliminate lateral movementOnce attackers gain entry to a network, they often attempt to move laterally to access other systems and data. Zscaler Private Access™ (ZPA) prevents this by enforcing zero trust segmentation and granular access controls. ZPA’s context-aware policies limit users to specific applications, reducing the risk of lateral threat movement. Additionally, Zscaler Deception technology sets decoys to detect and thwart lateral movement attempts, providing an additional layer of defense.Block command-and-control callbacksMalware frequently relies on encrypted channels to communicate with C2 servers. ZIA inspects outgoing and incoming encrypted traffic to disrupt C2 communications, preventing attackers from executing commands, downloading additional malware, or exfiltrating sensitive data. Zscaler’s AI-powered data loss prevention detects and blocks malicious traffic, ensuring that sensitive data remains secure.The rise of encrypted attacks presents a significant challenge for organizations across industries. Threat actors will continue to take advantage of encryption to evade traditional security measures and carry out more sophisticated attacks. By adopting a zero trust architecture and platforms like the Zero Trust Exchange, organizations can minimize the attack surface, prevent initial compromise, and block C2 callbacks within encrypted traffic.To learn more about existing and emerging encrypted threats:

    Read the Zscaler ThreatLabz 2024 Encrypted Attacks Report.
    Request a custom demo on how Zscaler can help address your organization’s ransomware protection needs. 
    Follow Zscaler ThreatLabz on X (Twitter) and our Security Research Blog to stay on top of the latest cyberthreats and security research. The Zscaler ThreatLabz threat research team continuously monitors threat intelligence from the world’s largest inline security cloud and shares its findings with the wider security community.

Forward-Looking Statements This blog contains forward-looking statements that are based on our management’s beliefs and assumptions and on information currently available to our management. These forward-looking statements include, but are not limited to, statements concerning predictions about the state of encrypted threats and cyberattacks in calendar year 2025 and our ability to capitalize on such market opportunities; the use of Zero Trust architecture to combat encrypted attacks; and beliefs about the ability of AI and machine learning to reduce detection and remediation response times as well as proactively identify and stop cyberthreats. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. These forward-looking statements are subject to a number of risks, uncertainties and assumptions, and a significant number of factors could cause actual results to differ materially from statements made in this blog, including security risks and developments unknown to Zscaler at the time of this blog and the assumptions underlying our predictions regarding encrypted attacks in calendar year 2025. Additional risks and uncertainties are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 5, 2024, which is available on our website at ir.zscaler.com and on the SEC’s website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler does not undertake to update any forward-looking statements made in this blog, even if new information becomes available in the future.

Article Link: 5 Encrypted Attack Predictions for 2025 | Zscaler