Dell reports a surge in point-of-sale malware, increased malware traffic within encrypted web protocols, and twice the number of attacks on supervisory control and data acquisition systems over 2013.
“Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed,” said Patrick Sweeney, executive director, Dell Security. “Hacks and attacks continue to occur, not because companies aren’t taking security measures, but because they aren’t taking the right ones.”
The retail industry was shaken to its core in 2014 after several major brands experienced highly publicized POS breaches, exposing millions of consumers to potential fraudulent purchases and risk for identity theft. Forrester Research notes, “The major breaches of 2013 and 2014 brought to the fore the lack of security surrounding point of sale (POS) systems, the risks involved with third parties and trusted business partners, and the new attack vectors opened through critical vulnerabilities such as Heartbleed.”
The Dell report shows that retailers were not the only targets, as Dell also saw a rise in POS attacks attempted among Dell SonicWALL customers.
In addition to the increased quantity of attacks, Dell threat researchers observed an evolution of POS malware tactics.
For many years, financial institutions and other companies that deal with sensitive information have opted for the secure HTTPS protocol that encrypts information being shared, otherwise known as SSL/TLS encryption. More recently, sites such as Google, Facebook, and Twitter began adopting this practice in response to a growing demand for user privacy and security.
While this move to a more secure web protocol is a positive trend, hackers have identified ways to exploit HTTPS as a means to hide malicious code. Given that data (or in this case malware) transmitted over HTTPS is encrypted, traditional firewalls fail to detect it. Without a network security system that provides visibility into HTTPS traffic, organizations run the risk of letting malware from sites using HTTPS enter their systems and go undetected.
Dell’s research saw a rise in HTTPS traffic in 2014, which could lead to an increase in attacks leveraging encrypted web traffic in 2015.
The threat report also identified the following trends and predictions
More organizations will enforce security policies that include two-factor authentication.
Android will remain a hot target for malware writers. Dell expects new, more sophisticated techniques to thwart Android malware researchers and users by making the malware hard to identify and research.
The emergence of more malware for Android devices targeting specific apps, banks, and user demographics, along with more malware tailored for specific technologies, such as watches and televisions, is expected.
As wearable technology becomes more widespread in the next year, expect to see the first wave of malware targeting these devices.