View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 23, 2016updated 31 Aug 2016 12:50pm

Surge in malware & encrypted traffic reveals shape-shifting tactics of hackers

News: Surge in SSL/TLS encryption is helping cybercriminals to hide attacks.

By CBR Staff Writer

A new report from Dell has revealed a continued surge in malware, the evolution of exploit kits to keep hackers one step ahead, and the continued increase in SSL/TLS encryption which is giving cybercriminals more opportunities to conceal malware from firewalls.

In its Annual Threat Report, Dell found that HTTPS connections (SSL/TLS) made up an average of 64.6 percent of web connections, outpacing the growth of HTTP throughout most of the year.

Seen to be an emerging threat vector for hackers, using SSL or TLS encryption, skilled attackers can cipher command and control communications and malicious code to evade intrusion prevention systems (IPS) and anti-malware inspection systems.

This tactic was used in a crafty malvertising campaign in August 2015 to expose as many as 900 million Yahoo users to malware by redirecting them to a site that was infected by the Angler exploit kit.

The report also found Exploit kits were also on the rise, with Angler, Nuclear, Magnitude and Rig being the most active ones. Adobe Flash, Adobe Reader and Microsoft Silverlight were the most popular targets.

Cybercriminals were also found to employ a number of new tactics to better conceal exploit kits from security systems, including the use of anti-forensic mechanisms; URL pattern changes; steganography which is concealing the file, message, image, or video within another file, message, image, or video; and modifications in landing page entrapment techniques.

"Exploit kit behavior continued to be dynamic throughout the year," explains Patrick Sweeney, vice president of Product Management and Marketing, Dell Security. "For example, Spartan, which was discovered by the Dell SonicWALL threat team, effectively hid from security systems by encrypting its initial code and generating its exploitative code in memory rather than writing to disk.

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

"Exploit kits only have power when companies do not update their software and systems, so the best way to defeat them is to follow security best practices, including keeping up with updates and patches; employing up-to-date, host-based security solutions including NGFWs and Intrusion Prevention Services (IPS); and always be cautious while browsing both known and unknown sites."

Malware attacks nearly doubled to 8.19 billion, with the Android ecosystem being a prime target, putting a vast proportion of smartphones at risk globally.

Dell SonicWALL received 64 million unique malware samples, compared with 37 million in 2014, representing an increase of 73%.

The figure suggests that attackers are making additional efforts every year into infiltrating organisational systems with malicious code.

Dell Security vice president of product management and marketing Patrick Sweeney said: "The threat vectors for malware distribution are almost unlimited, ranging from classic tactics like email spam to newer technologies including wearable cameras, electric cars, and Internet of Things (IoT) devices.

"In today’s connected world, it’s vital to maintain 360 degrees of vigilance, from your own software and systems, to your employees’ training and access, to everyone who comes in contact with your network and data."

Looking ahead to 2016, some things will change, while others are anticipated to remain the same.

Android will continue to be a prime target, especially Android Pay, as uptake continues. The number of zero-day Adobe Flash viruses, however, will decrease gradually as major browser vendors no longer support Adobe Flash.

Android Pay will be a target via the vulnerabilities in near field communications, which can target point-of-sale terminals. Attacks against Android Auto are also expected, forcing victims to pay to exit the vehicle or even more severe tactics.

 

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU