Hackers are zeroing in on users of SSL/TLS encryption and no less than 900 million users of the protocol fell victim to attacks in 2015, according to the latest Threat Report from Dell.

Chief security officers can protect their networks by following six security steps, according to the report.

“Secure Socket Layer/Tranport Layer Security encryption continued to surge, leading to under-the-radar hacks affecting at least 900 million users in 2015,” the report, which was released Monday, said.

TLS and its predecessor SSL are cryptographic protocols designed for communication over a computer network. Their primary goal is to provide privacy and data integrity between communicating computer applications. Versions of the protocols are used in such applications as Web browsing, email, Internet faxing, instant messaging and voice-over-Internet Protocol (VoIP). Major sites such as Google, Facebook and YouTube use TLS.

SSL/TLS attacks can be “extremely effective,” according to Dell because most companies do not have the infrastructure to detect them. Legacy network security solutions typically either don’t have the ability to inspect SSL/TLS-encrypted traffic or their performance is so low that they become unusable when conducting the inspection.

“Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims’ security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem,” said Curtis Hutcheson, general manager, Dell Security.

The 2015 Annual Threat Report from Dell details cyber crime trends and identifies top emerging threats for 2016. The report is based on data collected throughout 2015 from the Dell SonicWALL Global Response Intelligence Defence (GRID) network which gathers data daily from one million firewalls and tens of millions of connected endpoints. In 2015, SonicWall blocked 2.17 trillion IPS attacks and 8.19 billion malware attacks and saw a 73 per cent increase of unique malware samples from compared with 2014.

Attackers took full advantage of this lack of visibility, coupled with the growth of HTTPS traffic throughout the year. In August 2015, an attack leveraged an advertisement on Yahoo in precisely this way, exposing as many as 900 million users to malware. This campaign redirected Yahoo visitors to a site that was infected by the Angler exploit kit.iii. An additional 10 million users were likely affected in the weeks prior by accessing ads placed by a marketing company called E-planning.iv

How can CSOs protect their organizations from falling victims to SSL/TLS attacks?

Here are six ways:

  • If you haven’t conducted a security audit recently, undertake a comprehensive risk analysis to identify your risks and needs.
  • Upgrade to a capable, extensible NGFW with integrated IPS and SSL-inspection design that can scale performance to support future growth.
  • Update your security policies to defend against a broader field array of threat vectors and establish multiple security defense methods to respond to both HTTP and HTTPS attacks.
  • Train your staff continually to be aware of the danger of social media, social engineering, suspicious websites and downloads, and various spam and phishing scams.
  • Inform users never to accept a self-signed, non-valid certificate.
  • Make sure all your software is up-to-date. This will help protect you from older SSL exploits that have already been neutralized.

Dell also reported that exploit kits are becoming more complex and manage to stay “one step ahead of security systems, with greater speed, heightened stealth and novel shapeshifting abilities.

For example, in September last year, the Dell security team discovered an exploit kit they called Spartan.

“Evasion is the name of the game,” Dmitriy Ayrapteov, director of network security product management, for Dell.

This Spartan exploit kit manages to elude security systems by encrypting its initial code and running in memory rather than writing to disk. The exploit also included three Flash files which flowed from each other to mask the ultimate Flash exploit.

The goal of this exploit kit was likely to open the victim up to receiving further malware. Victims came into contact with Spartan via malicious advertisements, some of which were encountered on vertoz.com. The exploit was delivered using HTTP, with some of the components XOR-encrypted.

Malware for Android continued to rise, putting a majority of the smartphone market at risk.
In 2015, Dell SonicWALL saw a range of new offensive and defensive techniques that attempted to increase the strength of attacks against the Android ecosystem, which accounts for a majority of all smartphones globally.

“Even though the release of Android 6.0 Marshmallow operating system in October 2015 included a slew of new security features, we can expect cybercriminals to continue finding ways to circumvent these defenses,” said Patrick Sweeney, vice president of product management and marketing, Dell Security. “Android users should exercise caution by only installing applications from trusted app stores like Google Play, keeping their eye on the permissions being requested by apps, and avoid rooting their phones.”