The current IT threat landscape is dominated by point-of-sale (POS) malware variants and attacks against payment card infrastructures, within encrypted HTTPS web protocols, and on supervisory control and data acquisition (SCADA) systems.
This is according to Dell’s Annual Threat Report, which analyses the most common attacks observed in 2014 and how emergent threats will affect organisations throughout 2015.
"Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed," says Patrick Sweeney, Dell Security executive director.
"Hacks and attacks continue to occur, not because companies aren’t taking security measures, but because they aren’t taking the right ones."
Retail industry experiences surge in point-of-sale (POS) malware and attacks
In 2014 several major brands experienced highly publicised POS breaches, exposing millions of consumers to potential fraudulent purchases and risk for identity theft.
Forrester Research notes, "The major breaches of 2013 and 2014 brought to the fore the lack of security surrounding point of sale (POS) systems, the risks involved with third parties and trusted business partners, and the new attack vectors opened through critical vulnerabilities such as Heartbleed."
The Dell report shows that these retailers were not the only targets, as Dell also saw a rise in POS attacks attempted among Dell SonicWALL customers.
The Dell SonicWALL Threat Research Team created 13 POS malware signatures in 2014, compared to three in 2013 for a 333% increase in the number of new POS malware countermeasures developed and deployed.
In addition to the increased quantity of attacks, Dell threat researchers observed an evolution of POS malware tactics.
"Malware targeting point-of-sale systems is evolving drastically, and new trends like memory scraping and the use of encryption to avoid detection from firewalls are on the rise.
"To guard against the rising tide of breaches, retailers should implement more stringent training and firewall policies, as well as re-examine their data policies with partners and suppliers," Sweeney says.
More companies exposed to attacks within ‘secure’ HTTPS web protocol
For several years, financial institutions and other companies that deal with sensitive information have opted for the secure HTTPS protocol that encrypts information being shared, otherwise known as SSL/TLS encryption.
More recently, sites such as Google, Facebook, and Twitter began adopting this practice in response to a growing demand for user privacy and security.
While this move to a more secure web protocol is a positive trend, hackers have identified ways to exploit HTTPS as a means to hide malicious code, says Dell.
Given that data (or in this case malware) transmitted over HTTPS is encrypted, traditional firewalls fail to detect it.
Without a network security system that provides visibility into HTTPS traffic, organisations run the risk of letting malware from sites using HTTPS enter their systems and go undetected, Dell says.
According to the threat report, 2014 saw a rise in HTTPS traffic, which could lead to an increase in attacks leveraging encrypted web traffic in 2015.
Dell saw a 109% increase in the volume of HTTPS web connections from the start of 2014 to the start of 2015.
Furthermore, encrypted malware attacks have already begun to target mainstream media sources.
"Managing threats against encrypted web traffic is complicated. Just as encryption can protect sensitive financial or personal information on the web, it unfortunately can also be used by hackers to protect malware.
“One way organisations mitigate this risk is through SSL-based web browser restrictions, with exceptions for commonly used business applications to avoid slowing company productivity,” says Sweeney.
Attacks double on supervisory control and data acquisition (SCADA) systems
Industrial operations leverage SCADA systems to control remote equipment and collect data on that equipment’s performance.
Attacks against SCADA systems are on the rise, and tend to be political in nature as they target operational capabilities within power plants, factories, and refineries, Dell says.
Dell SonicWALL saw an increase in SCADA attacks against its customer base. Buffer overflow vulnerabilities continue to be the primary point of attack, says Dell.
"Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported," says Sweeney.
"This lack of information sharing combined with an ageing industrial machinery infrastructure presents huge security challenges that will to continue to grow in the coming months and years," he says.
Additional predictions: Two-factor authentication, mobile malware, and Bitcoin
Dell’s Threat Report also identified the following trends and predictions.
- More organisations will enforce security policies that include two-factor authentication. Along with this development there will be an increase in attacks against these technologies.
- Android will remain a hot target for malware writers. Dell expects new, more sophisticated techniques to thwart Android malware researchers and users by making the malware hard to identify and research.
- The emergence of more malware for Android devices targeting specific apps, banks, and user demographics, along with more malware tailored for specific technologies, such as watches and televisions, is expected.
- As wearable technology becomes more widespread in the next year, expect to see the first wave of malware targeting these devices.
- Digital currencies including Bitcoin will continue to be targeted; Botnets will be involved in the digital currency mining attacks.
- Home routers and home network utilities, such as surveillance systems, will be targeted and perhaps used to assist large DDoS attacks.
- Electric vehicles and their operating systems will be targeted.