www.canadiansecuritymag.com

News Data Security
Android system a prime target for malware: Dell threat report

Dell Security’s Annual Threat Report reveals that cyber criminals are using aggressive, shape-shifting threat tactics, that SSL/TLS encryption is leading to under-the-radar hacks; and that the Android ecosystem is the prime target of the growing number of malware attacks.


February 22, 2016
By Canadian Security

Topics

The annual report details the cyber crime trends that shaped 2015 and identifies top emerging security risks for 2016. The report is based on data collected throughout 2015 from the Dell SonicWALL Global Response Intelligence Defense (GRID) network with daily feeds from more than one million firewalls and tens of millions of connected endpoints, Dell SonicWALL network traffic and other industry sources.

“Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims’ security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem,” said Curtis Hutcheson, general manager, Dell Security. “Each successful attack provides an opportunity for security professionals to learn from others’ oversights, examine their own strategies and shore up the holes in their defense systems. At Dell Security, we believe the best way for customers to protect themselves is to inspect every packet on their network and validate every entitlement for access.”

The most recent Dell Security Annual Threat Report details four developing trends in cybercrime: The evolution of exploit kits to stay one step ahead of security systems; a continued surge in SSL/TLS encryption that is giving cybercriminals more opportunities; the continued rise of Android malware; and a marked increase in the number of malware attacks.

Exploit kits evolved with novel shape-shifting abilities

In 2015, Dell SonicWALL noted a rise in the use of exploit kits. While the year’s most active kits were Angler, Nuclear, Magnitude and Rig, the overwhelming number of exploit kit options gave attackers a steady stream of opportunities to target the latest zero-day vulnerabilities, including those appearing in Adobe Flash, Adobe Reader and Microsoft Silverlight.

The Dell Security Annual Threat Report shows that cyber criminals employed a number of new tactics to better conceal exploit kits from security systems, including the use of anti-forensic mechanisms; URL pattern changes; steganography which is concealing the file, message, image, or video within another file, message, image, or video; and modifications in landing page entrapment techniques.

“Exploit kit behavior continued to be dynamic throughout the year,” explains Patrick Sweeney, vice-president of product management and marketing, Dell Security. “For example, Spartan, which was discovered by the Dell SonicWALL threat team, effectively hid from security systems by encrypting its initial code and generating its exploitative code in memory rather than writing to disk. Exploit kits only have power when companies do not update their software and systems, so the best way to defeat them is to follow security best practices, including keeping up with updates and patches; employing up-to-date, host-based security solutions including NGFWs and Intrusion Prevention Services (IPS); and always be cautious while browsing both known and unknown sites.”

SSL/TLS encryption led to under-the-radar hacks

The growth of SSL/TLS Internet encryption is a mixed bag – a positive trend in many ways, but also a tempting new threat vector for hackers, according to Dell Security. Using SSL or TLS encryption, skilled attackers can cipher command and control communications and malicious code to evade intrusion prevention systems (IPS) and anti-malware inspection systems. This tactic was used in a crafty malvertising campaign in August 2015 to expose as many as 900 million Yahoo users to malware by redirecting them to a site that was infected by the Angler exploit kit.

The Dell SonicWALL team noted a sharp rise in the use of HTTPS throughout 2015. In Q4 of calendar year 2015, HTTPS connections (SSL/TLS) made up an average of 64.6 per cent of web connections, outpacing the growth of HTTP throughout most of the year.

“The good news is that there are ways to enjoy the security benefits of SSL/TLS encryption without providing a tunnel for attackers,” said Sweeney. “In addition to general security best practices like updating your software, you can upgrade to a capable, extensible next-generation firewall with integrated SSL-DPI inspection.”

Malware for Android puts smartphone market at risk

In 2015, Dell SonicWALL saw a range of new offensive and defensive techniques that attempted to increase the strength of attacks against the Android ecosystem, which accounts for a majority of all smartphones globally.

Dell SonicWALL noted a few emerging trends among the attacks against Android devices in 2015.

  • Android-specific ransomware popularity accelerated throughout the year.
  • The rise of a new Android malware that stored its malicious contents on a Unix library file, rather than the classes.dex file that security systems typically scan.
  • The financial sector continued to be a prime target for Android malware, with a number of malicious threats targeting banking apps on infected devices.

“Even though the release of Android 6.0 Marshmallow operating system in October 2015 included a slew of new security features, we can expect cyber criminals to continue finding ways to circumvent these defenses,” said Sweeney. “Android users should exercise caution by only installing applications from trusted app stores like Google Play, keeping their eye on the permissions being requested by apps, and avoid rooting their phones.”

Malware attacks nearly doubled to reach up to 8.19 billion

Malware attempts continued a strong upsurge throughout 2015, causing unthinkable damage to government agencies, organizations, companies and even individuals.

Dell SonicWALL noticed a sharp rise in both the number and type of malware attacks targeting the SonicWALL installed base. The team received 64 million unique malware samples, compared with 37 million in 2014, representing an increase of 73 per cent, indicating attackers are putting more effort each year into infiltrating organizational systems with malicious code. In addition, 2015 saw an almost two-times increase in attack attempts, from 4.2 billion to 8.19 billion.

“The threat vectors for malware distribution are almost unlimited, ranging from classic tactics like email spam to newer technologies including wearable cameras, electric cars, and Internet of Things (IoT) devices,” said Sweeney. “In today’s connected world, it’s vital to maintain 360 degrees of vigilance, from your own software and systems, to your employees’ training and access, to everyone who comes in contact with your network and data.”

Watch for Android Pay attacks, Android Auto hacks 

The Dell Security also identified several trends and predictions which are discussed in further detail in the full report.

  • The battle between HTTPS encryption and threat scanning will continue to rage, as companies fear performance trade-offs.
  • The number of zero-day Adobe Flash viruses will drop gradually because major browser vendors no longer support Adobe Flash.
  • Malicious threats will target Android Pay through the vulnerabilities of Near Field Communication (NFC). Such attacks may leverage malicious Android apps and point-of-sale (POS) terminals, tools that are easy to acquire and manipulate for hackers.
  • We can expect malicious entities to target cars equipped with Android Auto, possibly via ransomware where victims must pay to exit the vehicle or even more dangerous tactics.