Dell Annual Threat Report Reveals Cyber Criminals Using Aggressive, Shape-Shifting Threat Tactics; 50% Surge in Encrypted Traffic Affected Millions of Users in 2015
Dell today announced the results of the Dell Security Annual Threat Report detailing the cybercrime trends that shaped 2015 and identifying top emerging security risks for 2016. The report, based on data collected throughout 2015 from the Dell SonicWALL Global Response Intelligence Defense (GRID) network with daily feeds from more than one million firewalls and tens of millions of connected endpoints, Dell SonicWALL network traffic and other industry sources, equips organizations with practical, evidenced-based advice so they can effectively prepare for and prevent attacks.
"Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims’ security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem," said Curtis Hutcheson, general manager, Dell Security. "Each successful attack provides an opportunity for security professionals to learn from others’ oversights, examine their own strategies and shore up the holes in their defense systems. At Dell Security, we believe the best way for customers to protect themselves is to inspect every packet on their network and validate every entitlement for access."
Exploit kits evolved with greater speed, heightened stealth and novel shape-shifting abilities
In 2015, Dell SonicWALL noted a rise in the use of exploit kits. While the year’s most active kits were Angler, Nuclear, Magnitude and Rig, the overwhelming number of exploit kit options gave attackers a steady stream of opportunities to target the latest zero-day vulnerabilities, including those appearing in Adobe Flash, Adobe Reader and Microsoft Silverlight.
The Dell Security Annual Threat Report shows that cybercriminals employed a number of new tactics to better conceal exploit kits from security systems, including the use of anti-forensic mechanisms; URL pattern changes; steganography which is concealing the file, message, image, or video within another file, message, image, or video; and modifications in landing page entrapment techniques.
"Exploit kit behavior continued to be dynamic throughout the year," explains Patrick Sweeney, vice president of Product Management and Marketing, Dell Security. "For example, Spartan, which was discovered by the Dell SonicWALL threat team, effectively hid from security systems by encrypting its initial code and generating its exploitative code in memory rather than writing to disk. Exploit kits only have power when companies do not update their software and systems, so the best way to defeat them is to follow security best practices, including keeping up with updates and patches; employing up-to-date, host-based security solutions including NGFWs and Intrusion Prevention Services (IPS); and always be cautious while browsing both known and unknown sites."
SSL/TLS encryption continued to surge, leading to under-the-radar hacks affecting at least 900 million users in 2015
The growth of SSL/TLS Internet encryption is a mixed bag – a positive trend in many ways, but also a tempting new threat vector for hackers. Using SSL or TLS encryption, skilled attackers can cipher command and control communications and malicious code to evade intrusion prevention systems (IPS) and anti-malware inspection systems. This tactic was used in a crafty malvertising campaign in August 2015 to expose as many as 900 million Yahoo users to malware by redirecting them to a site that was infected by the Angler exploit kit.
The Dell SonicWALL team noted a sharp rise in the use of HTTPS throughout 2015:
"The good news is that there are ways to enjoy the security benefits of SSL/TLS encryption without providing a tunnel for attackers," said Sweeney. "In addition to general security best practices like updating your software, you can upgrade to a capable, extensible next-generation firewall with integrated SSL-DPI inspection."
Dell SonicWALL noted a few emerging trends among the attacks against Android devices in 2015.
"Even though the release of Android 6.0 Marshmallow operating system in October 2015 included a slew of new security features, we can expect cybercriminals to continue finding ways to circumvent these defenses," said Sweeney. "Android users should exercise caution by only installing applications from trusted app stores like Google Play, keeping their eye on the permissions being requested by apps, and avoid rooting their phones."
Malware attacks nearly doubled to reach up to 8.19 billion
Malware attempts continued a strong upsurge throughout 2015, causing unthinkable damage to government agencies, organizations, companies and even individuals.
Dell SonicWALL noticed a sharp rise in both the number and type of malware attacks targeting the SonicWALL installed base.
"The threat vectors for malware distribution are almost unlimited, ranging from classic tactics like email spam to newer technologies including wearable cameras, electric cars, and Internet of Things (IoT) devices," said Sweeney. "In today’s connected world, it’s vital to maintain 360 degrees of vigilance, from your own software and systems, to your employees’ training and access, to everyone who comes in contact with your network and data."
Additional predictions: Flash zero-day virus decrease, Android Pay attacks, and Android Auto hacks
The Dell Security Annual Threat Report also identified several trends and predictions which are discussed in further detail in the full report.
About the Dell Security Annual Threat Report
The data for the report was gathered by the Dell Global Response Intelligence Defense (GRID) Network, which sources information from a number of devices and resources including:
Kelley Parkes, director of technical operations, First Source
"As a nationwide distributor of specialty foods and confections from manufacturers like Godiva, Ghirardelli and Lindt, our top priority is to stay ahead of today’s evolving security risks and ensure our network stays secure, regardless of what emerging threat may be around the corner. With new attacks taking on a more blended, multi-dimensional approach, security programs across organizations must follow suit in order to thwart risk. The Dell security solutions we’ve deployed ensure we are ahead of the curve by giving us the broad, multi-faceted protection we need to secure our perimeter that covers eight locations from coast to coast."
Fred Zappolo, vice president of sales, CSDNET
"Dell’s security solutions have been part of CSDNET’s portfolio for years. With the increase and sophistication of new attacks, the urgency to ensure our customers are being protected has increased dramatically. Dell’s next-generation SonicWALL firewalls have allowed us to deliver security solutions that exceed our customer’s expectations. Dell’s DPI is second to none and our customer are able to sleep well at night knowing that Dell –- and CSDNET -- are protecting them. As an ancillary benefit, not only are we able to protect against these threats, we can provide a lower TCO to our customers with Dell SonicWALL’s built-in web-filtering. By consolidating these services to one easily managed GUI within the same box, we’re reducing our customers’ spend on expensive web-filtering solutions on the market. It’s a WIN-WIN for our clients, Dell and CSDNET."
Dell is a trademark of Dell Inc. Dell disclaims any proprietary interest in the marks and names of others.