Exploits, security threats and hacks will mutate in 2013
Lamar Bailey, Director of Security Research and Development with nCircle, has released his top five security threats to watch out for in 2013.
The New Year – and beyond – will be a time of highly adaptive security threats, with four main strands – cyber-criminals, cyber-terrorists, political hacktivists and rogue employees – conspiring to create severe headaches for IT security professionals in all classes of public and private sector industries.
The key thing to remember about these threats is that – whilst some of them may ostensibly appear to be old – they are still very much alive and kicking and will be exploited further in 2013 as the hackers upgrade and invigorate them. This is an important issue, as some security vendors allow older exploits to drop off their first line defences in order to store as many attack methodologies in memory as possible.
This trend is something we know that today’s cybercriminals are very well aware of, as they monitor the IT security newswires and reports as all professionals do on a regular basis – and then optimise their planned attack strategies to maximise the chances of compromising a targeted system.
One of the key issues that nCircle’s director of security says will be crucial in 2013, is the trend of exploiting extensible code platforms such as ActiveX, HTML5, JavaScript and the many variants of multimedia – most of which are an evolving environment, especially against the backdrop of the new Windows 8 operating system.
Put simply, he adds, this means that cybercriminals can – and will – discover new malware insertion methodologies that allow them to monetise their frauds, steal data, raid company bank accounts and hit corporate reputations where it hurts most: on the bottom line.
Bailey’s five top IT threats to watch out for 2013 include:
Adobe Acrobat and Reader security flaws – although Adobe’s extensible code has been around since 1982, but we continue – to this day – to see a steady stream of attacking code.
SQL injection threats – SQL first became an industry standard back in 1986, since when it has been central to database software and poses a juicy target for all manner of cybercriminals.
Compromised and malicious Web sites – have been around since the mid-1990s. The evolution of HTML5 and other Web advances has shifted the threats/solutions balance up significantly in recent years.
Exploit kits – the BlackHole exploit kit is relatively young, only dating from last year, but it has evolved rapidly to become the number one Web threat.
Zero-day Web browser threats – the evolution of the three main Web browser clients (Google Chrome, Mozilla Firefox and MS-Internet Explorer) has been rapid over the last 12 months, with silent updates and plug-ins/apps changing the dynamics of browser defence requirements. With large numbers of legacy browser client users, this poses a potentially significant security problem.