Growth of SSL Encryption is Helping Hackers to Hide Attacks

According to the latest report by Dell, the continued surge in malware, the evolution of exploit kits to keep hackers one step ahead, and the continued increase in SSL/TLS encryption is now offering hackers more opportunities to conceal malware from firewalls.

Dell also reported that the HTTPS connections (SSL/TLS) made up an average of 64.6% of web connections, outpacing the growth of HTTP throughout most of the year.

This is said to be an emerging threat vector for hackers, using SSL or TLS encryption, and the skilled ones can cipher command and control communications and malicious code to evade intrusion prevention systems (IPS) and anti-malware inspection systems.

In August, 2015 this tactic was used in a malvertising campaign which exposed 900 million Yahoo users to malware by redirecting them to a website that was infected by the Angler exploit kit.

In addition, Dell’s annual report found out that Exploit kits were also on the rise, with Angler, Nuclear, Magnitude and Rig being the most active ones. The most popular targets were Adobe Flash, Adobe Reader and Microsoft Silverlight.

Additionally, hackers implemented lots of new methods to better conceal exploit kits from security systems, including the use of anti-forensic mechanisms; URL pattern changes; steganography which is concealing the file, message, image, or video within another file, message, image, or video; and modifications in landing page entrapment techniques.

Exploit kit behavior continued to be dynamic throughout the year,” said Patrick Sweeney, vice president of Product Management and Marketing, Dell Security.

For example, Spartan, which was discovered by the Dell SonicWALL threat team, effectively hid from security systems by encrypting its initial code and generating its exploitative code in memory rather than writing to disk. Exploit kits only have power when companies do not update their software and systems, so the best way to defeat them is to follow security best practices, including keeping up with updates and patches; employing up-to-date, host-based security solutions including NGFWs and Intrusion Prevention Services (IPS); and always be cautious while browsing both known and unknown sites” – Sweeney added.

According to the latest security reports, malware attacks totaled about 8.19 billion, where the Android ecosystem turns out to be a prime target, putting a vast proportion of smartphones at risk globally.

Dell SonicWALL received 64 million unique malware samples, compared with 37 million in 2014, which is a 73% increase. This is a clear sign that hackers are making additional efforts every year into infiltrating organizational systems with malicious code.

Patrick Sweeney, Dell Security vice president of product management and marketing, stated:

The threat vectors for malware distribution are almost unlimited, ranging from classic tactics like email spam to newer technologies including wearable cameras, electric cars, and Internet of Things (IoT) devices.

In today’s connected world, it’s vital to maintain 360 degrees of vigilance, from your own software and systems, to your employees’ training and access, to everyone who comes in contact with your network and data.”

Most probably, this year some things will change, however, others will certainly remain the same.

Looks like Android will continue to be a prime target, especially Android Pay, as uptake continues. Nevertheless, the number of zero-day Adobe Flash viruses will decrease gradually as major browser vendors no longer support Adobe Flash.

Android Pay will be target via the vulnerabilities in near field communications, which can target point-of-sale terminals. Android Auto is very likely to be threatened too, forcing its victims to pay to exit the vehicle or even more harsh methods.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.