Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyber criminals use aggressive tactics: Dell

Anuradha Shukla | March 8, 2016
Get more opportunities to conceal malware from firewalls.

Cyber Criminals are using aggressive, shape-shifting threat tactics, according to the new Dell Annual Threat Report.

Findings indicate that a continued surge in SSL/TLS encryption is giving cybercriminals more opportunities to conceal malware from firewalls.

Cybercriminals are leveraging the evolution of exploit kits to stay one step ahead of security systems.

Dell has also recorded a continued rise of Android malware and a marked increase in the number of malware attacks.

"Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims' security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem," said Curtis Hutcheson, general manager, Dell Security. "Each successful attack provides an opportunity for security professionals to learn from others' oversights, examine their own strategies and shore up the holes in their defense systems. At Dell Security, we believe the best way for customers to protect themselves is to inspect every packet on their network and validate every entitlement for access."

Use of exploit kits

2015 saw a rise in the use of exploit kits that evolved with greater speed, heightened stealth and novel shape-shifting abilities.

A large number of exploit kit options gave attackers a steady stream of opportunities to target the latest zero-day vulnerabilities, including those appearing in Adobe Flash, Adobe Reader and Microsoft Silverlight.

The cybercriminals used several new tactics to better conceal exploit kits from security systems, including the use of anti-forensic mechanisms and modifications in landing page entrapment techniques.

SSL/TLS encryption also continued to surge in 2015, which lead to under-the-radar hacks affecting at least 900 million users.

"The good news is that there are ways to enjoy the security benefits of SSL/TLS encryption without providing a tunnel for attackers," said Patrick Sweeney, vice president of Product Management and Marketing, Dell Security. "In addition to general security best practices like updating your software, you can upgrade to a capable, extensible next-generation firewall with integrated SSL-DPI inspection."

 

Sign up for CIO Asia eNewsletters.