Companies are being left exposed to malware by increasingly sophisticated techniques, such as using SSL/TSL to bypass firewalls and ever evolving exploit kits, according to a new report by Dell Security.
In its Annual Threat Report (registration required), Dell reported that the number of malware attacks that occurred in 2015 was nearly twice that of 2014, with hackers making particular use of weaknesses in businesses security programmes.
Curtis Hutcheson, general manager of Dell Security, said: "Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims' security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem."
Examples of this included the continued use of Windows XP, an underuse of security auditing and not having the right infrastructure in place to detect an intrusion once it had made its way into the company network.
Key trends noted by Dell Security that leave businesses vulnerable are the increased speed with which exploit kits are evolving, the continued and growing use of cyber criminals hiding malware within SSL/TSL encrypted traffic to penetrate firewalls, and the continued rise of Android malware.
With regard to exploit kits, Dell Security highlighted four key trends, including the use of forensic countermeasures such as encrypting the malware payload, new evasion techniques like URL pattern changes, concealing malicious files within benign ones, and new landing page entrapment techniques.
The company called the Android platform a prime target for malware, with a large number of smartphones at risk globally because of this, particularly with regard to attacks on banking apps and other financial information, as well as ransomware.
It also predicts that in 2016 this will grow to include attacks on Android Pay via malicious apps and vulnerabilities in point-of-sale (POS) terminals.
Dell Security is not the only organisation to notice the continued growth of Android malware, whith the trend also being noted also by Intel Security in its newly released Mobile Threat Report and IBM Security in its X-Force Threat Intelligence Report, also released today.
