Security Market Segment LS
Tuesday, 14 April 2015 11:35

Warning: Companies not taking the ‘right security’ measures Featured

By
Image courtesy of Stuart Miles, freedigitalphotos.net/images Image courtesy of Stuart Miles, freedigitalphotos.net/images

A newly published global security threat report warns that companies may have been taking the wrong security measures in the face of growing threats from increased malware traffic within encrypted (https) web protocols as well as twice the number of attacks on supervisory control and data acquisition (SCADA) systems.

Concern about the security measures taken by companies comes from the Dell Threat Report covering the 12-months of 2014, and compared with the security posture of these companies in 2013.

According to Dell, more companies were exposed to attacks within “secure” HTTPS web protocol in 2014 than they were in 2013.

“Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed,” said Patrick Sweeney, executive director, Dell Security.

“Hacks and attacks continue to occur, not because companies aren’t taking security measures, but because they aren’t taking the right ones.”

Sweeney says that for many years, financial institutions and other companies that deal with sensitive information have opted for the secure HTTPS protocol that encrypts information being shared, otherwise known as SSL/TLS encryption.

And, he says, more recently, sites such as Google, Facebook, and Twitter began adopting this practice in response to a growing demand for user privacy and security.

According to Sweeney, while this move to a more secure web protocol is a positive trend, hackers have identified ways to exploit HTTPS as a means to hide malicious code.

“Given that data (or in this case malware) transmitted over HTTPS is encrypted, traditional firewalls fail to detect it. Without a network security system that provides visibility into HTTPS traffic, organisations run the risk of letting malware from sites using HTTPS enter their systems and go undetected,” Sweeney warns.

Dell’s research saw a rise in HTTPS traffic in 2014, which it says could lead to an increase in attacks leveraging encrypted web traffic this year, with the company revealing:

•    A 109%  increase in the volume of HTTPS web connections from the start of 2014 to the start of 2015, and

•    Encrypted malware attacks have already begun to target mainstream media sources - in December 2014, Forbes’ Thought of the Day interstitial page was hijacked by Chinese hackers to distribute malware over a three-day period.

“Managing threats against encrypted web traffic is complicated. Just as encryption can protect sensitive financial or personal information on the web, it unfortunately can also be used by hackers to protect malware,” Sweeney says.

“One way organisations mitigate this risk is through SSL-based web browser restrictions, with exceptions for commonly used business applications to avoid slowing company productivity.”

Dell reports that last year, attacks on supervisory control and data acquisition (SCADA) systems doubled.

Sweeney says industrial operations leverage SCADA systems to control remote equipment and collect data on that equipment’s performance, and the research found that attacks against SCADA systems are on the rise, and “tend to be political in nature” as they target operational capabilities within power plants, factories, and refineries.  

According to the Dell SonicWALL research, there was a two-fold increase in SCADA attacks against its customer base last year compared to 2013:

•    The majority of these attacks targeted Finland, the United Kingdom, and the United States. According to Dell, one likely factor is that SCADA systems are more common in these regions and more likely to be connected to the Internet

•    Buffer overflow vulnerabilities continue to be the primary point of attack.

“Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported,” Sweeney says.

“This lack of information sharing combined with an ageing industrial machinery infrastructure presents huge security challenges that will to continue to grow in the coming months and years.”

The full Dell Threat Report also identified additional trends and predictions, including:

•    More organisations will enforce security policies that include two-factor authentication. Along with this development we will see an increase in attacks against these technologies

•    Android will remain a hot target for malware writers. Dell expects new, more sophisticated techniques to thwart Android malware researchers and users by making the malware hard to identify and research

•    The emergence of more malware for Android devices targeting specific apps, banks, and user demographics, along with more malware tailored for specific technologies, such as watches and televisions, is expected

•    As wearable technology becomes more widespread in the next year, expect to see the first wave of malware targeting these devices

•    Digital currencies including Bitcoin will continue to be targeted; Botnets will be involved in the digital currency mining attacks

•    Home routers and home network utilities, such as surveillance systems, will be targeted and perhaps used to assist large DDoS attacks

•    Electric vehicles and their operating systems will be targeted.


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Peter Dinham

Peter Dinham - retired and is a "volunteer" writer for iTWire. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments