This research focuses on detecting stealthy threats that utilize anonymized and encrypted traffic to evade traditional security measures. By analyzing large-scale enterprise network traffic in collaboration with Qatari governmental entities, we identified WannaCry ransomware activity within encrypted connections. This led us to develop machine learning-based traffic analysis techniques, leveraging both connection-level and novel host-level features, to detect malicious activity with high accuracy. Our models achieved very low false positive rates and remained effective in zero-day scenarios. Additionally, we are investigating mobile proxies, where devices unknowingly relay third-party traffic, posing security and legal risks. Using an Android-based testbed, we analyzed proxy-enabled applications to help ISPs, cybersecurity firms, and content providers detect fraudulent traffic and ensure compliance.