Exploit Kits, Android Malware Dominated 2015: Dell

Monday, February 22, 2016

InfosecIsland News


Dell has released its Dell Security Annual Threat Report 2016, revealing that key trends defining the threat landscape, ranging from new, aggressive tactics employed by adversaries to a massive increase in malware attacks in 2015.

According to the report (PDF), exploit kits (EKs) have seen a significant increase in usage in 2015, with the most active of them being Angler, Nuclear, Magnitude and Rig. However, a large number of EKs allowed cybercriminals to target the latest zero-day vulnerabilities  in software such as Adobe Flash , Adobe Reader and Microsoft Silverlight.

Not only were EKs updated to target newly discovered security flaws, but they also improved their ability to avoid detection from security systems. For that, EK operators employed tactics such as the use of anti-forensic mechanisms, URL pattern changes, steganography for concealing files, messages, images, or videos within files, messages, images, or videos, and modifications in landing page entrapment techniques.

The report also shows that SSL/TLS Internet encryption continued to grow in 2015, becoming a tempting new threat vector for hackers, as they could cipher command and control communications and malicious code to evade intrusion prevention systems (IPS) and anti-malware inspection systems. This tactic was used in a malvertising campaign in August 2015 to expose as many as 900 million Yahoo users to malware by redirecting them to a site delivering the Angler EK.

However, the use of SSL/TLS encryption is a positive move, and HTTPS connections (SSL/TLS) accounted for 64.6 percent of web connections, outpacing the growth of HTTP throughout most of the year in 2015. HTTPS connections in January 2015 were 109 percent higher year-on-year, and an average 53 percent YoY increase was observed each month last year, Dell said.

In 2015, malware attacks almost doubled compared to the previous year, reaching 8.19 billion and causing a lot of damage to government agencies, organizations, companies and even individuals. Dell received 64 million unique malware samples last year, which marked an increase of 73 percent from the 37 million unique samples received in 2014.

The number of attacks almost doubled YoY, from 4.2 billion to 8.19 billion, with the combination of Dyre Wolf and Parite topping network traffic through 2015. Other long-lasting malware worth mentioning included TongJi, a JavaScript widely used by multiple drive-by campaigns, Virut, a botnet active since at least 2006, and Conficker, a well-known worm targeting the Windows operating system since 2008.

The strength of attacks against the Android ecosystem increased significantly last year, with the popularity of Android-specific ransomware accelerating throughout the year. Dell also notes in its report that the financial sector was the prime target for Android malware and that there were many malicious threats targeting banking apps on infected devices.

Based on the analysis of 2015’s threat landscape, Dell suggests that the number of malware samples using Adobe Flash vulnerabilities will drop gradually because major browser vendors and ad networks are dropping support for Adobe Flash. The report also notes that the battle between HTTPS encryption and threat scanning will continue to rage, as companies fear performance trade-offs.

Attacks on Android are expected to increase, with Android Pay coming into focus because of vulnerabilities in Near Field Communication (NFC), with attacks leveraging malicious Android apps and point-of-sale (POS) terminals. Cars equipped with Android Auto are also expected to become targets, possibly via ransomware, where victims must pay to exit the vehicle or even more dangerous tactics.

Dell’s report also notes that cybercriminals went especially big with breaches in 2015, increasing both the magnitude of data breached and the size of organizations targeted, and that they were successful because of security flaws in the victim’s systems. Some of last year’s targets included large insurance companies, government institutions like the U.S. Office of Personnel Management (OPM) , retailers including Walmart, CVS and Costco, and online businesses like the Ashley Madison dating site.

“Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims’ security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem. Each successful attack provides an opportunity for security professionals to learn from others’ oversights, examine their own strategies and shore up the holes in their defense systems,” Curtis Hutcheson, general manager, Dell Security, said. 

General Enterprise Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.