Dell Annual Threat Report analyzes the most common attacks observed in 2014 and how emergent threats will affect organizations throughout 2015
Dell today announced the results of its annual Threat Report, which leverages research from Dell’s Global Response Intelligence Defense (GRID) network and telemetry data from Dell SonicWALL network traffic to identify emerging threats and equip organizations of all sizes with insights to improve their security posture.
Analyzing Dell data sources and the 2014 threat landscape, this year’s report found a surge in point-of-sale (POS) malware, increased malware traffic within encrypted (https) web protocols, as well as twice the number of attacks on supervisory control and data acquisition (SCADA) systems over 2013. The Dell Security Threat Report aims to equip organizations with practical, evidence-based advice to help them more effectively prepare for and prevent attacks, even from threat sources yet to emerge.
"Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed," said Patrick Sweeney, executive director, Dell Security. "Hacks and attacks continue to occur, not because companies aren’t taking security measures, but because they aren’t taking the right ones."
Retail industry experiences surge in point-of-sale (POS) malware and attacks
The retail industry was shaken to its core in 2014 after several major brands experienced highly publicized POS breaches, exposing millions of consumers to potential fraudulent purchases and risk for identity theft. Forrester Research notes, "The major breaches of 2013 and 2014 brought to the fore the lack of security surrounding point of sale (POS) systems, the risks involved with third parties and trusted business partners, and the new attack vectors opened through critical vulnerabilities such as Heartbleed."
The report shows that these retailers were not the only targets, as Dell also saw a rise in POS attacks attempted among Dell SonicWALL customers.
In addition to the increased quantity of attacks, Dell threat researchers observed an evolution of POS malware tactics.
"Malware targeting point-of-sale systems is evolving drastically, and new trends like memory scraping and the use of encryption to avoid detection from firewalls are on the rise," said Sweeney. "To guard against the rising tide of breaches, retailers should implement more stringent training and firewall policies, as well as re-examine their data policies with partners and suppliers."
More companies exposed to attacks within "secure" HTTPS web protocol
For many years, financial institutions and other companies that deal with sensitive information have opted for the secure HTTPS protocol that encrypts information being shared, otherwise known as SSL/TLS encryption. More recently, sites such as Google, Facebook, and Twitter began adopting this practice in response to a growing demand for user privacy and security.
While this move to a more secure web protocol is a positive trend, hackers have identified ways to exploit HTTPS as a means to hide malicious code. Given that data (or in this case malware) transmitted over HTTPS is encrypted, traditional firewalls fail to detect it. Without a network security system that provides visibility into HTTPS traffic, organizations run the risk of letting malware from sites using HTTPS enter their systems and go undetected.
Dell’s research saw a rise in HTTPS traffic in 2014, which could lead to an increase in attacks leveraging encrypted web traffic in 2015:
"Managing threats against encrypted web traffic is complicated. Just as encryption can protect sensitive financial or personal information on the web, it unfortunately can also be used by hackers to protect malware," said Sweeney. "One way organizations mitigate this risk is through SSL-based web browser restrictions, with exceptions for commonly used business applications to avoid slowing company productivity."
Attacks double on supervisory control and data acquisition (SCADA) systems
Industrial operations leverage SCADA systems to control remote equipment and collect data on that equipment’s performance. Attacks against SCADA systems are on the rise, and tend to be political in nature as they target operational capabilities within power plants, factories, and refineries.
Dell SonicWALL saw an increase in SCADA attacks against its customer base this year.
"Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported," said Sweeney. "This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will to continue to grow in the coming months and years."
Additional predictions: two-factor authentication, mobile malware, and Bitcoin
Dell’s Threat Report also identified the following trends and predictions, which are discussed in further detail in the full report.
About the Dell Security Annual Threat Report
The data for Dell’s report was gathered by the Dell Global Response Intelligence Defense (GRID) Network, which sources information from a number of devices and resources including:
Brett Hanlon, director of IT Infrastructure, La Jolla Group
"Our defense-in-depth security program, which is powered by Dell SonicWALL solutions, provides the multi-level protection we need to safeguard our corporate network and 18 retail store locations. Not only does Dell SonicWALL help ensure the integrity and safety of personal and financial customer data, it enables us to be more proactive in mitigating the risk of emerging threats with intrusion prevention, malware blocking, content/URL filtering, and application control. Both Dell SonicWALL SuperMassive firewalls and TZ Series Unified Threat Management firewalls are critical assets in La Jolla Group’s overarching security strategy."
Dell Inc. listens to customers and delivers innovative technology and services that give them the power to do more. For more information, visit www.dell.com.
Forrester Research, Inc., "TechRadar™: Zero Trust Network Threat Mitigation Technology, Q1 2015," January 28, 2015, John Kindervag, Kelley Mak with Stephanie Balaouras, Rick Holland, Heidi Shey, Andras Cser, Andre Kindness, Josh Blackborow
Dell is a trademark of Dell Inc. Dell disclaims any proprietary interest in the marks and names of others.