News: Surge in SSL/TLS encryption is helping cybercriminals to hide attacks.
A new report from Dell has revealed a continued surge in malware, the evolution of exploit kits to keep hackers one step ahead, and the continued increase in SSL/TLS encryption which is giving cybercriminals more opportunities to conceal malware from firewalls.
In its Annual Threat Report, Dell found that HTTPS connections (SSL/TLS) made up an average of 64.6 percent of web connections, outpacing the growth of HTTP throughout most of the year.
Seen to be an emerging threat vector for hackers, using SSL or TLS encryption, skilled attackers can cipher command and control communications and malicious code to evade intrusion prevention systems (IPS) and anti-malware inspection systems.
This tactic was used in a crafty malvertising campaign in August 2015 to expose as many as 900 million Yahoo users to malware by redirecting them to a site that was infected by the Angler exploit kit.
The report also found Exploit kits were also on the rise, with Angler, Nuclear, Magnitude and Rig being the most active ones. Adobe Flash, Adobe Reader and Microsoft Silverlight were the most popular targets.
Cybercriminals were also found to employ a number of new tactics to better conceal exploit kits from security systems, including the use of anti-forensic mechanisms; URL pattern changes; steganography which is concealing the file, message, image, or video within another file, message, image, or video; and modifications in landing page entrapment techniques.
"Exploit kit behavior continued to be dynamic throughout the year," explains Patrick Sweeney, vice president of Product Management and Marketing, Dell Security. "For example, Spartan, which was discovered by the Dell SonicWALL threat team, effectively hid from security systems by encrypting its initial code and generating its exploitative code in memory rather than writing to disk.
"Exploit kits only have power when companies do not update their software and systems, so the best way to defeat them is to follow security best practices, including keeping up with updates and patches; employing up-to-date, host-based security solutions including NGFWs and Intrusion Prevention Services (IPS); and always be cautious while browsing both known and unknown sites."
Malware attacks nearly doubled to 8.19 billion, with the Android ecosystem being a prime target, putting a vast proportion of smartphones at risk globally.
Dell SonicWALL received 64 million unique malware samples, compared with 37 million in 2014, representing an increase of 73%.
The figure suggests that attackers are making additional efforts every year into infiltrating organisational systems with malicious code.
Dell Security vice president of product management and marketing Patrick Sweeney said: "The threat vectors for malware distribution are almost unlimited, ranging from classic tactics like email spam to newer technologies including wearable cameras, electric cars, and Internet of Things (IoT) devices.
"In today’s connected world, it’s vital to maintain 360 degrees of vigilance, from your own software and systems, to your employees’ training and access, to everyone who comes in contact with your network and data."
Looking ahead to 2016, some things will change, while others are anticipated to remain the same.
Android will continue to be a prime target, especially Android Pay, as uptake continues. The number of zero-day Adobe Flash viruses, however, will decrease gradually as major browser vendors no longer support Adobe Flash.
Android Pay will be a target via the vulnerabilities in near field communications, which can target point-of-sale terminals. Attacks against Android Auto are also expected, forcing victims to pay to exit the vehicle or even more severe tactics.