Exploit kits will get even more complex, warns Dell

In the fall of last year Dell’s security team revealed an exploit kit it dubbed Spartan with a twist: It hid from security systems by encrypting its initial code and running in memory rather than writing to disk. It also included three encrypted Flash flash files which flowed from each other to hide the ultimate Flash exploit.

It was an example of many exploits discovered last year that hid their true weapons in a number of complex ways, the company said Monday, pointing to a trend of obfuscation that malware writers are increasingly using to outwit defences.

That was one of the 2015 trends Dell outlined in its annual Security Threat Report released this morning.

“Evasion is the name of the game,” Dmitriy Ayrapteov, the company’s director of network security product management, said in an interview as he outlined the report’s conclusions.

Data came from its SonicWall threat research team.

The most active kits last year were dubbed Angler, Nuclear, Magnitude and Rig.

What’s a CISO to do? Defence in depth, said Ayrapteov — not necessarily buying more products but staying on top, especially patching. “I know it doesn’t sound sexy, but it’s probably the number one thing people can do to reduce their exposure.

“Every time somebody says ‘No, update later,’ or ‘I’m not going to update my entire enterprise, we have a yearly update schedule,’ that’s one year you’re exposed to the latest vulnerabilities”

Other top trends last year were

–Attackers increasingly used SSL/TLS encrypted traffic to hide communications with command and control servers and evade intrusion prevention and anti-malware inspection systems.

What’s a CISOs to do? Looking for solutions that allow admins greater visibility into encrypted traffic, said Ayrapteov.

–New offensive and defensive techniques that attempted to increase the strength of attacks against the Android ecosystem. For example, Stagefright was, in theory, one of the most dangerous vulnerabilities ever discovered for Android up to version 5.5.1. There were no infections reported before Google patched the bug.

By August Google and a number of handset makers agreed to issue Android patches faster.

In 2015, malware writers began shipping malicious code as part of a library file, rather than a classes file, which is more commonly scanned by anti-virus software. Taking this a step further, 2015 saw the rise of a new Android malware called AndroidTitanium that stored its malicious contents on a Unix library file in the lib folder as libTitaniumCore.so. This .so file was loaded as a native library by the classes from the classes.dex file. By simply referring to the content saved somewhere else, Dell notes, the malware kept the classes.dex file itself free of malicious content.

What’s a CISO to do? Find mobile device management solutions that allow devices to be scanned to ensure they run the latest OS, aren’t running blacklisted apps and haven’t been rooted, said Ayrapteov.

–Malware continued to expand almost exponentially. The Dyre Wolf corporate banking Trojan was one of the most active of the year. It came onto the scene in February and by April, companies had already lost between US $1.5 and $6.5 million.

Other long-lasting malware included TongJi, a widely used malicious JavaScript by multiple drive-by campaigns, Virut, a general cybercrime botnet active since at least 2006, and the resurgence of Conficker, a well-known computer worm targeting the Microsoft Windows operating system since 2008.

Dell also sees these trends for 2016:

–The battle between HTTPS encryption and threat scanning will continue to rage, as companies fear performance trade-offs;

–The number of zero-day Flash exploits will drop gradually because major browser vendors, such as Google and Mozilla, have stopped supporting Adobe Flash plugins;

–Malicious threats will target Android Pay through the vulnerabilities of Near Field Communication (NFC). These attacks may leverage malicious Android apps and point-of-sale (POS) terminals, tools that are easy to acquire and manipulate for hackers;

–There are few cars currently equipped with Android Auto, but with time the number is expected to grow. We can expect malicious entities to invade this new frontier soon, possibly via ransomware (where the victim must pay to exit the vehicle) or even more dangerous intent.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now