Under The Radar: How Non-Web Protocols Are Redefining The Attack Surface
Zscaler, Wednesday, October 15th, 2025
Attackers have a new favorite playground, and it isn't on the web. The real action is happening below the surface, where they are hijacking non-web protocols like DNSP, RDP and SMB.
From silent data leaks to hidden command and control (C2) channels, these attacks turn ordinary network traffic into the enemy, exposing blind spots in traditional perimeter defenses. The Zscaler ThreatLabz 2025 Protocol Attack Surface Report pulls back the curtain on this hidden attack surface, revealing how non-web protocols are becoming tools of exploitation and which industries are feeling the heat.
In this blog, we explore the key findings from the report and what organizations can do to stay ahead of the attackers moving under the radar.