4 cyber threats dominated 2015, report finds

Tools

An assessment of cybersecurity incidents in 2015 revealed four trends, including vulnerabilities in a popular encryption method.

The number of HTTPS connections using Secure Sockets Layer/Transport Layer Security, or SSL/TLS, encryption grew steadily throughout 2015, with each month bringing a 53 percent increase over the same month in 2014, the 2016 Dell Security Annual Threat Report showed. But a weakness in this setup lets cybercriminals more frequently hide malware from firewalls, according to the report.

The Dell threat report (reg. req.) is based on data collected throughout 2015 from the Dell SonicWALL Global Response Intelligence Defense network, which gets daily feeds from more than 1 million firewalls and tens of millions of connected endpoints, Dell SonicWALL network traffic and other industry sources.

Overall, the number of unique malware attacks rose 73 percent between 2014 and 2015, Dell said.

These attacks are so successful because existing network solutions often can't inspect SSL/TLS-encrypted traffic, and when they can, their performance is so low that they become unstable, the report stated. This type of attack used an ad on Yahoo to expose up to 900 million users to malware when it redirected Yahoo visitors to a website infected by the Angler exploit kit.

To prevent SSL/TSL-based attacks, organizations should conduct a security audit, upgrade to a next-generation firewall, upgrade security policies, train employees on the dangers of e-scams and suspicious websites and update software, the report suggested.

Another trend the report found is that exploit kits are keeping cybercriminals a step ahead of security measures. Exploit kits are pre-packaged software systems that can infiltrate servers and automatically exploit vulnerabilities.

For example, a kit called Spartan that Dell discovered in September used malvertising to load an Adobe Flash file on a victim's browser, which in turn downloaded an XML file containing another encrypted Flash file. That file held a third file that exploited the Flash Software vulnerability.

Spartan was able to hide from security by encrypting its initial code and generating its exploitative code in memory, never writing to disk, where it could have been detected, according to the report.

To avoid these kits, Dell recommended staying up-to-date with patches, having a host-based antivirus system, using an intrusion-prevention system, isolating the network environment into zones for local-area, wireless-area and virtual local-area networks, and applying browser plug-ins to control scripts.

The third trend the report found was an increase in Android malware, which means increased risk for the smartphone market overall. Starfright was a major vulnerability that let attackers use videos sent via text message as a way to attack the mechanism Android uses to process video files.

Defenses to shore up Android include installing applications only from trusted sources, keeping the option to verify applications checked in system settings, using caution when connecting to a public Wi-Fi network and enabling remote wipe of the device.

Lastly, the report noted that malware attacks almost doubled from 4.2 billion attempts in 2014 to 8.19 billion in 2015.

"Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims' security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem," said Curtis Hutcheson, general manager of Dell Security, in a release. "Each successful attack provides an opportunity for security professionals to learn from others' oversights, examine their own strategies and shore up the holes in their defense systems."

Looking forward, the report predicted four more trends that will emerge this year:

  • A continued debate over the use of HTTPS encryption vs. threat scanning

  • A decrease in Flash zero-day viruses because major browser vendors, such as Google and Mozilla, have stopped supporting Flash plug-ins

  • A growth in the threats targeting Android Pay, a mobile-payment system

  • An emergence of hackers remotely controlling cars by attacking tools such as Android Auto, which lets mobile devices running an Android operating system operate in automobiles through the dashboard

For more:
- download the report (registration required)

Related Articles: 
NPPD head alarmed by BlackEnergy malware attack on critical infrastructure in Ukraine 
Report: MITRE's bug-numbering backlog has cyber researchers seeking an alternative 
Spotlight: Cyber sprint led to cyber sole-sourcing, finds report