Cybercrime got more sophisticated in 2015

By Dylan Bushell-Embling
Tuesday, 23 February, 2016

Cybercrime exploit kits are rapidly evolving to stay ahead of security systems, and encryption is proving a double-edged sword for the fight against malware.

These are among the key findings of the latest Dell Security Annual Threat report, which also shows that the use of exploit kits is on the rise as the tools become more effective.

The most active exploit kits for 2015 were Angler, Nuclear, Magnitude and Rig, the report states. But the overwhelming number of exploit kit options gave attackers a steady stream of chances to attack the latest zero-day vulnerabilities.

Cybercriminals have been employing a number of new tactics to better conceal exploit kits from security systems, including the use of anti-forensic mechanisms, URL patter changes, steganography — concealing malicious files within another file, and new landing page entrapment techniques.

The growth in the use of SSL/TLS internet encryption is also showing to be a mixed bag, the report states. While it is a positive trend for security in many ways, skilled attackers are able to use SSL or TLS encryption to engineer malicious code to evade intrusion prevention and anti-malware systems.

The report identifies a sharp rise in the use of HTTPS in 2015, with such connections making up an average of 64.6% of total web connections. Each month of 2015 saw an average increase in use of HTTPS of 53% over the corresponding month the year before.

Another major trend in the threat landscape in 2015 was the continued rise of Android-based mobile malware.

Use of Android-specific ransomware became more popular, while a new threat arose in the form of Android malware that stores malicious contents on a Unix library file to avoid detection by conventional security systems.

Overall, malware attacks nearly doubled in 2015 to reach 8.19 billion, the report adds.

“The threat vectors for malware distribution are almost unlimited, ranging from classic tactics like email spam to newer technologies including wearable cameras, electric cars and Internet of Things devices,” Patrick Sweeney, Dell president of product management and marketing, said.

“In today’s connected world, it’s vital to maintain 360 degrees of vigilance, from your own software and systems, to your employees’ training and access, to everyone who comes in contact with your network and data.”

Image courtesy of Christiaan Colen under CC