Dell threat report tells you how to avoid SSL/TLS hack - Canadian Government Executive
Best PracticeManagementSecurity
Computer_Security_Symbol_-_Hacked_Big
February 22, 2016

Dell threat report tells you how to avoid SSL/TLS hack

SSL/TLS attacks can be “extremely effective,” according to Dell, because most companies do not have the infrastructure to detect them.

Hackers are zeroing in on users of SSL/TLS encryption and no less than 900 million users of the protocol fell victim to attacks in 2015, according to the latest Threat Report from Dell.

Chief security officers can protect their networks by following six security steps, according to the report.

“Secure Socket Layer/Tranport Layer Security encryption continued to surge, leading to under-the-radar hacks affecting at least 900 million users in 2015,” the report, which was released Monday, said.

TLS and its predecessor SSL are cryptographic protocols designed for communication over a computer network. Their primary goal is to provide privacy and data integrity between communicating computer applications. Versions of the protocols are used in such applications as Web browsing, email, Internet faxing, instant messaging and voice-over-Internet Protocol (VoIP). Major sites such as Google, Facebook and YouTube use TLS.

SSL/TLS attacks can be “extremely effective,” according to Dell because most companies do not have the infrastructure to detect them. Legacy network security solutions typically either don’t have the ability to inspect SSL/TLS-encrypted traffic or their performance is so low that they become unusable when conducting the inspection.

“Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims’ security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem,” said Curtis Hutcheson, general manager, Dell Security.

The 2015 Annual Threat Report from Dell details cyber crime trends and identifies top emerging threats for 2016. The report is based on data collected throughout 2015 from the Dell SonicWALL Global Response Intelligence Defence (GRID) network which gathers data daily from one million firewalls and tens of millions of connected endpoints. In 2015, SonicWall blocked 2.17 trillion IPS attacks and 8.19 billion malware attacks and saw a 73 per cent increase of unique malware samples from compared with 2014.

Attackers took full advantage of this lack of visibility, coupled with the growth of HTTPS traffic throughout the year. In August 2015, an attack leveraged an advertisement on Yahoo in precisely this way, exposing as many as 900 million users to malware. This campaign redirected Yahoo visitors to a site that was infected by the Angler exploit kit.iii. An additional 10 million users were likely affected in the weeks prior by accessing ads placed by a marketing company called E-planning.iv

How can CSOs protect their organizations from falling victims to SSL/TLS attacks?

Here are six ways:

  • If you haven’t conducted a security audit recently, undertake a comprehensive risk analysis to identify your risks and needs.
  • Upgrade to a capable, extensible NGFW with integrated IPS and SSL-inspection design that can scale performance to support future growth.
  • Update your security policies to defend against a broader field array of threat vectors and establish multiple security defense methods to respond to both HTTP and HTTPS attacks.
  • Train your staff continually to be aware of the danger of social media, social engineering, suspicious websites and downloads, and various spam and phishing scams.
  • Inform users never to accept a self-signed, non-valid certificate.
  • Make sure all your software is up-to-date. This will help protect you from older SSL exploits that have already been neutralized.

Dell also reported that exploit kits are becoming more complex and manage to stay “one step ahead of security systems, with greater speed, heightened stealth and novel shapeshifting abilities.

For example, in September last year, the Dell security team discovered an exploit kit they called Spartan.

“Evasion is the name of the game,” Dmitriy Ayrapteov, director of network security product management, for Dell.

This Spartan exploit kit manages to elude security systems by encrypting its initial code and running in memory rather than writing to disk. The exploit also included three Flash files which flowed from each other to mask the ultimate Flash exploit.

The goal of this exploit kit was likely to open the victim up to receiving further malware. Victims came into contact with Spartan via malicious advertisements, some of which were encountered on vertoz.com. The exploit was delivered using HTTP, with some of the components XOR-encrypted.

Malware for Android continued to rise, putting a majority of the smartphone market at risk.
In 2015, Dell SonicWALL saw a range of new offensive and defensive techniques that attempted to increase the strength of attacks against the Android ecosystem, which accounts for a majority of all smartphones globally.

“Even though the release of Android 6.0 Marshmallow operating system in October 2015 included a slew of new security features, we can expect cybercriminals to continue finding ways to circumvent these defenses,” said Patrick Sweeney, vice president of product management and marketing, Dell Security. “Android users should exercise caution by only installing applications from trusted app stores like Google Play, keeping their eye on the permissions being requested by apps, and avoid rooting their phones.”

About this author

Nestor Arellano

Nestor is a Toronto-based journalist who specializes in writing about technology and business. He is the editor of Vanguard Magazine and the associate editor of IT in Canada and a regular contributor to CGE.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Best Practice
 
We are excited to share with you the October/November 2018 edition...
 
As governments have sought to go digital, one of the most...
 
With the launch of the Canada Infrastructure Bank and US Congressional interest in Trump’s...
 
Why is strategic planning so dreaded? How often do we actually...
 
Most articles you’ll read within the pages of Canadian Government Executive...
 
A communications revolution has taken place but you would not know...
 
Headlines about the world of work are often dominated by the...
 
Earlier this year the Canadian government took a crucial step by...
 
The use of digital services in the day-to-day lives of most...
 
Since launching in 2014, Sweden’s radically ‘feminist’ foreign policy has gained international notoriety. While...
 
The International Civil Service Effectiveness (InCiSE) Index project, a collaboration between...
 
Today, the challenges facing governments are increasingly shifting away from traditional,...
 
Three years before his death in 2011, Jack Layton released a...
 
Canadian Government Executive Media, (CGE) publisher of Canadian Government Executive magazine...
 
Management in the Government of Canada is continuously searching for new...
 
With businesses and government agencies increasingly operating in a highly information-based...
 
Blockchain. There’s probably no other technology trend in recent years that...
 
Over the last two years, an ever-growing number of organizations around...
 
Canadian Government Executive Media (CGE) is pleased to announce its first batch...
 
In today’s workplace, individuals increasingly face dynamic and difficult challenges that...
 
Canadian Government Executive Media (CGE) is pleased to welcome Microsoft as its Platinum Sponsor for...
 
In a rather unusual, quiet manner this past summer, a new...
 
Canadian government agencies and departments are modernizing the way they do...
 
The health care system in Canada, known as Medicare, is publicly...
 
We are happy to share with you the May/June issue of...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
In this special episode of CGE Radio, your host John Jones...
 
The North Atlantic Treaty Organization, with its 28 independent member countries...
 
Cost overruns have become institutionalized in the federal government, according to...
 
Last year, procurement Minister Jody Foote was prompted by the swirling...
 
The rapid advances in digital technology, demographic and societal shift even...
 
Results Washington is Washington state government’s data-driven performance management and continuous...
 
Rules and accountability are helpful in developing and standardizing processes but...
 
You’ve probably heard a lot in recent months about the Phoenix payroll disaster . Between...
 
A study conducted by Robert Half, the world’s largest specialized staffing...
 
In order to find out which strategies and priorities CFOs are...
 
A small but rapidly growing number of businesses have started hiring...
 
CFOs around the world are changing – but an EY survey...
 
There’s a fine line between confidence and naivety – a line...
 
Around the world, more and more workers are seeking employment. At...
 
As populations grow and age, the demand for services increases. As...
 
By Nicole Verkindt Despite growing up in a small town in...
 
The agency responsible for safeguarding the Pentagon and several other buildings...
 
As much a 20 per cent of grade seven students in...
 
By Jason Zhang  The best way to cost effectively manage the retention...
 
He is often referred to as the federal government’s first “chief...
 
Are you absolutely clear what the government wants to achieve? Are...
 
Copyright owners have struggled to protect their intellectual property since the...
 
Here’s some bad news for organizations contemplating projects that have something...
 
Nearly half of Canadian organizations are falling behind on implementation of...
 
The idea of converged infrastructure and converged systems in the datacentre...
 
Hackers are zeroing in on users of SSL/TLS encryption and no...
 
There is no shortage of examples of businesses that effectively used...
 
Microsoft, on Tuesday, ended support for older versions of Internet Explorer...
 
Written by Tim Wacker Almost a quarter century ago, when most...
 
Written By Chris Brown To deliver results that senior executives value,...
 
Written By Jason McNaught Contrary to what you may have heard,...
 
Written by  Benjamin Selinger and Gabriel Flores A real challenge for...
 
Written by  Patrice Dutil It’s hard to believe we are still...
 
Written by  Patrice Dutil Craig Dowden, President and Founder of Craig...
 
Written by  Brady G. Wilson You may not realize it, but...
 
Written by  Roxanne Descôteaux When I first became a manager over...
 
The good news is that the Government of Canada recognizes the...
 
You sometimes wonder why government can’t be better at just getting...
 
Hill+Knowlton Canada announced last week that it has received the prestigious...
 
I’ve been giving 110 percent for as long as I can...
 
The National Voluntary Standard for psychological health and safety in the...
 
The government of Alberta has banded together with British Columbia and...
 
When we put out the call to cities across Canada for...
 
BC Hydro was experiencing ongoing challenges with IT assets decommissioned as...
 
City councils are important. They not only represent citizens at the...
 
Business continuity management has evolved into a specialized discipline, but you...
 
Saskatchewan’s Ministry of Health is leading a new approach to strategic...
 
Whether you have read John Kotter’s classic Leading Change or not,...
 
Energy, not time, is the fundamental currency of high performance. But...
 
Across the country, public sector leaders are challenged with the daunting...
 
When Neil Armstrong stepped onto the moon, it was government that...
 
Ego can do us in. It can lead to arrogance, blindness,...
 
and the more layers between a given employee and the relevant...
 
CGE Vol.14 No.2 February 2008 Management speaks of change in positive...
 
Innovation, leadership and a commitment to building a knowledge advantage are...
 
One of the most paradoxical Biblical parables, found the Gospel of...
 
CGE Vol.14 No.1 January 2008 “We’ve entered into an era in...
 
L’une des paraboles bibliques les plus paradoxales rapportées par Luc est...
 
Chris Baker is Deputy Minister, Policy and Priorities, and Deputy Minister,...
 
CGE Vol.14 No.2 February 2008 Often overworked and understaffed, the procurement...
 
Federal, provincial and municipal governments provide billions of dollars in grants...
 
During the American presidential election campaign of 1976, Jimmy Carter, then...
 
The Ontario Public Service celebrated ten years of hosting Showcase Ontario,...
 
Tell the truth. Deep down, do you sometimes – or often...
 
What if our general approach to brainstorming was all wrong? That...
 
Nearly two decades after I read Lincoln On Leadership, the messages...
 
True leaders are proactive. They get things done. They accomplish that...
 
Management and leadership are complicated. So it would be lovely if...
 
Government revolves around power. Political parties seek power. They implement their...
 
Managers generally walk around with a what’s-going-wrong mentality. They are fixated...
 
Government runs on expertise. Government executives seek the best knowledge and...
 
Let’s resume last month’s discussion on effective change initiatives with some...
 
When Ontario Premier Dalton McGuinty set as a prime goal of...
 
By now it’s commonplace knowledge that emotional intelligence is vital to...
 
Good leaders can make bad decisions. President Kennedy blundered over the...
 
The TRIC model of leadership is enshrined in the Ontario Public...
 
A respectful workplace is a critical ingredient of successful public service...
 
For the third year in a row, the Ontario Public Service...
 
Justice on Target (JOT) takes a unique and bold approach to...
 
Perched on top a 60 meter column in a bustling square...
 
For the second year in a row, the Ontario Public Service...
 
OTTAWA – Management consultants at Accenture, a respected longtime observer of...
 
La plupart des leaders reconnaissent d’emblée que leur efficacité dépend de...
 
Most leaders will readily agree that earning and keeping the trust...
 
Some title Some author
Some excerpt
We are excited to share with you the October/November 2018 edition...