Dell Annual Threat Report Reveals Cyber Criminals Using Aggressive, Shape-Shifting Threat Tactics; 50% Surge In Encrypted Traffic Affected Millions Of Users In 2015

• Exploit kits evolved with alarming speed, heightened stealth and novel shape-shifting abilities
• Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption passed the tipping point, encrypting 64.6 percent of web hits and leading to under-the-radar hacks affecting millions of users; new decryption/inspection strategies a clear necessity
• Malware attacks nearly doubled to 8.19 billion with Android ecosystem being prime target, putting a large percent of smartphones at risk globally

Dell recently announced the results of the Dell Security Annual Threat Report detailing the cybercrime trends that shaped 2015 and identifying top emerging security risks for 2016. The report, based on data collected throughout 2015 from the Dell SonicWALL Global Response Intelligence Defense (GRID) network with daily feeds from more than one million firewalls and tens of millions of connected endpoints, Dell SonicWALL network traffic and other industry sources, equips organizations with practical, evidenced-based advice so they can effectively prepare for and prevent attacks.

This year’s report details four developing trends in cybercrime.

1. The evolution of exploit kits to stay one step ahead of security systems.
2. A continued surge in SSL/TLS encryption that is giving cybercriminals more opportunities to conceal malware from firewalls.
3. The continued rise of Android malware.
4. A marked increase in the number of malware attacks.

“Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims’ security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem,” said Curtis Hutcheson, general manager, Dell Security. “Each successful attack provides an opportunity for security professionals to learn from others’ oversights, examine their own strategies and shore up the holes in their defense systems. At Dell Security, we believe the best way for customers to protect themselves is to inspect every packet on their network and validate every entitlement for access.”

Exploit kits evolved with greater speed, heightened stealth and novel shape-shifting abilities
In 2015, Dell SonicWALL noted a rise in the use of exploit kits. While the year’s most active kits were Angler, Nuclear, Magnitude and Rig, the overwhelming number of exploit kit options gave attackers a steady stream of opportunities to target the latest zero-day vulnerabilities, including those appearing in Adobe Flash, Adobe Reader and Microsoft Silverlight.

The Dell Security Annual Threat Report shows that cybercriminals employed a number of new tactics to better conceal exploit kits from security systems, including the use of anti-forensic mechanisms; URL pattern changes; steganography which is concealing the file, message, image, or video within another file, message, image, or video; and modifications in landing page entrapment techniques.

“Exploit kit behavior continued to be dynamic throughout the year,” explains Patrick Sweeney, vice president of Product Management and Marketing, Dell Security. “For example, Spartan, which was discovered by the Dell SonicWALL threat team, effectively hid from security systems by encrypting its initial code and generating its exploitative code in memory rather than writing to disk. Exploit kits only have power when companies do not update their software and systems, so the best way to defeat them is to follow security best practices, including keeping up with updates and patches; employing up-to-date, host-based security solutions including NGFWs and Intrusion Prevention Services (IPS); and always be cautious while browsing both known and unknown sites.”

SSL/TLS encryption continued to surge, leading to under-the-radar hacks affecting at least 900 million users in 2015
The growth of SSL/TLS Internet encryption is a mixed bag – a positive trend in many ways, but also a tempting new threat vector for hackers. Using SSL or TLS encryption, skilled attackers can cipher command and control communications and malicious code to evade intrusion prevention systems (IPS) and anti-malware inspection systems. This tactic was used in a crafty malvertising campaign in August 2015 to expose as many as 900 million Yahoo users to malware by redirecting them to a site that was infected by the Angler exploit kit.

The Dell SonicWALL team noted a sharp rise in the use of HTTPS throughout 2015:

• In Q4 of calendar year 2015, HTTPS connections (SSL/TLS) made up an average of 64.6 percent of web connections, outpacing the growth of HTTP throughout most of the year.
• In January 2015, HTTPS connections were 109 percent higher than the previous January.
• Each month throughout 2015 saw an average increase of 53 percent over the corresponding month in 2014.

“The good news is that there are ways to enjoy the security benefits of SSL/TLS encryption without providing a tunnel for attackers,” said Sweeney. “In addition to general security best practices like updating your software, you can upgrade to a capable, extensible next-generation firewall with integrated SSL-DPI inspection.”

Malware for Android continued to rise, putting a majority of the smartphone market at risk
In 2015, Dell SonicWALL saw a range of new offensive and defensive techniques that attempted to increase the strength of attacks against the Android ecosystem, which accounts for a majority of all smartphones globally.

Dell SonicWALL noted a few emerging trends among the attacks against Android devices in 2015.

• Android-specific ransomware popularity accelerated throughout the year.
• The rise of a new Android malware that stored its malicious contents on a Unix library file, rather than the classes.dex file that security systems typically scan.
• The financial sector continued to be a prime target for Android malware, with a number of malicious threats targeting banking apps on infected devices.

“Even though the release of Android 6.0 Marshmallow operating system in October 2015 included a slew of new security features, we can expect cybercriminals to continue finding ways to circumvent these defenses,” said Sweeney. “Android users should exercise caution by only installing applications from trusted app stores like Google Play, keeping their eye on the permissions being requested by apps, and avoid rooting their phones.”

Malware attacks nearly doubled to reach up to 8.19 billion
Malware attempts continued a strong upsurge throughout 2015, causing unthinkable damage to government agencies, organizations, companies and even individuals.

Dell SonicWALL noticed a sharp rise in both the number and type of malware attacks targeting the SonicWALL installed base.

• The team received 64 million unique malware samples, compared with 37 million in 2014, representing an increase of 73 percent, indicating attackers are putting more effort each year into infiltrating organizational systems with malicious code.
• 2015 saw an almost 2x increase in attack attempts from 4.2 billion to 8.19 billion.
• The combination of Dyre Wolf and Parite topped network traffic through 2015. Other long-lasting malware included TongJi, a widely used JavaScript by multiple drive-by campaigns (malware that downloads silently and automatically when a user visits an infected website); Virut, a general cybercrime botnet active since at least 2006; and the resurgence of Conficker, a well-known computer worm targeting Microsoft Windows operating system since 2008.
• In October and November 2015, the Spartan exploit kit was more highly concentrated in Russia than anywhere else.

“The threat vectors for malware distribution are almost unlimited, ranging from classic tactics like email spam to newer technologies including wearable cameras, electric cars, and Internet of Things (IoT) devices,” said Sweeney. “In today’s connected world, it’s vital to maintain 360 degrees of vigilance, from your own software and systems, to your employees’ training and access, to everyone who comes in contact with your network and data.”

Additional predictions: Flash zero-day virus decrease, Android Pay attacks, and Android Auto hacks
The Dell Security Annual Threat Report also identified several trends and predictions which are discussed in further detail in the full report.

• The battle between HTTPS encryption and threat scanning will continue to rage, as companies fear performance trade-offs.
• The number of zero-day Adobe Flash viruses will drop gradually because major browser vendors no longer support Adobe Flash.
• Malicious threats will target Android Pay through the vulnerabilities of Near Field Communication (NFC). Such attacks may leverage malicious Android apps and point-of-sale (POS) terminals, tools that are easy to acquire and manipulate for hackers.
• We can expect malicious entities to target cars equipped with Android Auto, possibly via ransomware where victims must pay to exit the vehicle or even more dangerous tactics.

About The Dell Security Annual Threat Report
The data for the report was gathered by the Dell Global Response Intelligence Defense (GRID) Network, which sources information from a number of devices and resources including:

• More than 1 million security sensors in nearly 200 countries and territories;
• Shared cross-vector, threat-related information between security systems, including firewalls, email security, endpoint security, honeypots, content filter system and sandbox technology in Dell’s threat centers;
• Dell SonicWALL proprietary malware analysis automation framework;
• Malware/IP reputation data from tens of thousands of firewalls and email security devices around the globe;
• Shared threat intelligence from more than 50 industry collaboration groups and research organizations;
• Intelligence from freelance security researchers; and
• Spam alerts from millions of computer users protected by Dell SonicWALL email security devices.

Supporting Quotes
Kelley Parkes, director of technical operations, First Source
“As a nationwide distributor of specialty foods and confections from manufacturers like Godiva, Ghirardelli and Lindt, our top priority is to stay ahead of today’s evolving security risks and ensure our network stays secure, regardless of what emerging threat may be around the corner. With new attacks taking on a more blended, multi-dimensional approach, security programs across organizations must follow suit in order to thwart risk. The Dell security solutions we’ve deployed ensure we are ahead of the curve by giving us the broad, multi-faceted protection we need to secure our perimeter that covers eight locations from coast to coast.”

Fred Zappolo, vice president of sales, CSDNET
“Dell’s security solutions have been part of CSDNET’s portfolio for years. With the increase and sophistication of new attacks, the urgency to ensure our customers are being protected has increased dramatically. Dell’s next-generation SonicWALL firewalls have allowed us to deliver security solutions that exceed our customer’s expectations. Dell’s DPI is second to none and our customer are able to sleep well at night knowing that Dell –- and CSDNET -- are protecting them. As an ancillary benefit, not only are we able to protect against these threats, we can provide a lower TCO to our customers with Dell SonicWALL’s built-in web-filtering. By consolidating these services to one easily managed GUI within the same box, we’re reducing our customers’ spend on expensive web-filtering solutions on the market. It’s a WIN-WIN for our clients, Dell and CSDNET.”

Supporting Resources

• Click here (https://www.sonicwall.com/whitepaper/2016-dell-security-annual-threat-report8107907) to view the Dell Security 2016 Annual Threat Report
• Register here (https://dell.6connex.com/event/DSVPK16/login?lang=en_US&mcc=DellSecurity) for the upcoming Dell Security Peak Performance Channel Partner Virtual Event on March 17

About Dell
Dell Inc. listens to customers and delivers innovative technology and services that give them the power to do more. For more information, visit www.dell.com.