Lessons from 2014 for a Better Security Strategy in 2015
By John McClurg, CSO and VP, Dell
No industry is as accustomed to constant change as IT. Technology is moving forward at such breakneck speed, it’s interesting to remember that many of the most pressing security challenges we face today did not exist 10 years ago, and in some cases much more recently than that.
The IT organization of 2015 has to monitor a massive and diverse range of threat vectors, created by upward trends in mobility, BYOD, distributed enterprises, cloud storage, wearables, and Internet-connected devices, among others. In 2014, some of these threats began to crystallize as organizations saw breach after breach, despite their best efforts to remain secure and compliant.
The new Dell Security Annual Threat Report posits that the best way to predict and combat emerging threats is to familiarize ourselves with recent attacks and develop defense-in-depth strategies to thwart and respond immediately, or even proactively, to future attacks.
Let’s explore the top three trends the report identified.
1) A surge in point-of-sale (POS) attacks
There’s no question that 2014 was a rough year for retail-industry IT teams. Several major brands experienced large-scale data breaches, exposing many millions of consumers to potential fraudulent purchases and/or identity theft. Some attacks took place over several months before being detected, while another breach was detected by its security system but not recognized by IT staff until federal investigators got involved.
In 2014, Dell SonicWALL developed and deployed three times more new POS malware countermeasures than in 2013, finding the majority of POS hits were targeted toward the U.S. retail industry. However, PCI compliance simply does not go far enough when it comes to protecting customer data. As the Dell Security Annual Threat Report points out, one of the reasons PCI doesn’t “solve” security is that POS malware tactics are constantly evolving. In 2014, Dell recognized new attack trends including memory scraping and the use of encryption to avoid detection from firewalls.
Implementing a robust, defense-in-depth security program can help stop even these emerging threats. The most common reasons security programs fail is due to inadequately trained employees, lax firewall policies between network segments and in the B2B portal, and reliance on a single layer of defense or an array of poorly integrated products.
2) A dramatic increase in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encrypted Internet traffic
User privacy has become a hot-button issue in recent years, so sites like Google, Facebook, and Twitter have taken a tip from the financial industry and adopted the secure HTTPS protocol, or SSL/TLS encryption, for their sites. This new practice has become so common that Dell saw a 109 perc e n t increase in the volume of H T T PS web connections from the beginning of 2014 (182 billion) to the beginning of 2015 (382 billion). By March 2015, that number was 437 billion.
However, where there’s a security trend, there’s a hacker (or hundreds) working on new ways to exploit it. In the case of SSL/TLS-encrypted traffic, hackers have begun using this encryption as a way of “hiding” malware from corporate firewalls.
The Dell Security Annual Threat Report gives the example of a popular news site, where a compromised group of banner ads distributed malware to about 27,000 Europeans per hour for four days. As more and more commonly used sites become encrypted, this threat becomes increasingly complicated to manage. Dell recommends organizations start by providing threat protection for encrypted traffic using SSL inspection.
3) Twice the attacks on supervisory control and data acquisition (SCADA) systems
One of the more surprising and urgent trends identified in the Dell Security Annual Threat Report was the marked increase in attacks on industrial management software and devices, known as SCADA systems. Oil and gas companies, power plants, water treatment facilities, airports, and other industrial organizations use SCADA systems to remotely control and collect data on equipment.
Dell SonicWALL saw attacks on these systems double in 2014, a concerning statistic given how devastating a power or water treatment plant failure can be to citizens who depend on those services. The motive behind POS and secure web browser attacks is typically financial, but SCADA attacks tend to be political in nature, aiming to wreak exactly this type of societal havoc.
The majority of 2014’s SCADA attacks targeted Finland (more than 202,000), the United Kingdom (about 70,000), and the United States (more than 51,000). The report suggests these regions were the largest targets because of the commonality of SCADA systems, and especially Internet-connected systems, in these areas.
Buffer overflow vulnerabilities were the primary attack method, accounting for 25 percent of the attacks. To protect against SCADA breaches, Dell recommends ensuring software and systems are up to date, limiting network connectivity to trusted IP addresses, restricting unnecessary USB ports or Bluetooth connections, and reporting attacks when they occur so that other industrial companies can be appropriately vigilant.
The report weighs in on several other interesting trends, including the evolution of Android malware, as it begins to mimic desktop attack methods; the future of digital currency attacks; and a prediction that hackers might use already-compromised home router and home network utilities to stage distributed denial-of-service (DDoS) attacks in the coming months.
Dell asserts that, despite the challenging and ever-changing security landscape, IT organizations still have the upper hand in protecting their companies from data breaches. Keeping employees well-trained in security best practices, deploying vigorous endpoint defense, updating to next-generation firewalls, implementing two-factor authentication, and segmenting router access in distributed or home offices are just a few of the measures it recommends organizations take as part of a defense-in-depth program. But the first step is to familiarize yourself fully with the threats that have been presented in recent months, especially those that have succeeded. Understanding the threat landscape is the only way to ensure your organization’s security capabilities evolve alongside its technology, and ahead of the hacker’s intent on exploiting it.