How the Security Threat Landscape Will Evolve in 2013
By
Lamar Bailey

Where 2012 was a period of innovation amongst cybercriminals, 2013 is likely to go down in the darkware IT history books as a period of consolidation.The groups of attackers that will be delivering the main threats will be cyber-criminals, cyber-terrorists, political hacktivists and rogue employees—causing IT security professionals a number of headaches as never before.

Below are our top five threats, which we think you should be most aware of in 2013:

1. Adobe Acrobat and Reader Security Flaws

The first threat that IT professionals should be aware of is the recurrent problem of Adobe Acrobat and Reader security flaws.

Because much of Adobe’s code structures are designed to be executed across multiple platforms, this makes the process of enhancement a tricky one.

The solution to these vulnerabilities is the need to constantly patch—and stay on top of patches—in almost any computing environment.

2. SQL Injection Threats

The second threat identified is the problem of SQL injection attacks. The Lizamoon mass SQL attack vector was well used by cybercriminals and the principle behind the attack is that hackers exploit vulnerable web sites using an SQL injection, which then directs users to other sites containing malicious code. Mitigating the Lizamoon attack is not as easy as some vendors claim, as there are only a handful of products out there that were designed to secure databases. Of those, however, users report them to be effective security products.

3. Compromised and Malicious Websites

The third threat is the recurrent problem of compromised and malicious web sites. Whilst graphical web sites have been “around” since the mid-1990s, it has taken the evolution of HTML5 and other web technology advances to shift the threats/solutions balance up by more than a gear or two—and sadly in favor of the cybercriminals and hackers.

While HTML 5 adds many new functionalities to improve the Internet experience, it also opens more doors for hackers to exploit.

These types of threats cause major issues, and also affect hardware, including wireless routers, printers, cameras and most database applications.

4. Exploit Kits

Next up is the recently evolved threat of exploit kits, of which the BlackHole kit is arguably the best known. Despite its near-legendary status amongst hackers, this kit was first released by a Russian hacker back in 2011. Since then it has gone on to become the number one web threat.

In June 2012, several security experts spotted that the zero-day flaw (CVE-2012-1889) could be exploited using Internet Explorer.

The solution to these kits is to subscribe to one of the main information feeds on kit exploits on the Internet, and use cloud information collation from your vendor to stay ahead of the threat pack.

Within a week of the zero-day flaw being discovered, a Metasploit module was released by cybercriminals, allowing them to tap the exploit. Later in June, Sophos spotted a similar set of exploit code had been added to the BlackHole exploit kit landing page.

The Mal/ExpJS code was notable for attempting to evade detection by being obfuscated using a complex methodology that relied on a web drive-by download attack vector as a means of infection.

5. Zero-Day Web Browser Threats

Our final threat is that of zero-day web browser threats.

In September 2012, several researchers warned of a new zero-day exploit for Internet Explorer, which—owing to its severity led to some firms advising users to switch to using another web browser until the security flaw was remediated by Microsoft.

The feature sets seen in that attack have also resulted in a new harvest of threats. The problem these threats pose is that the actual patching process takes time, as the software vendors—despite user criticism—really do need to check and verify those patches. HTML5, for example, creates its own set of problems.

Mitigating those problems is no easy task. It is important to understand that, if users have a given web browser client installed, it is down to the IT security department to decide on an effective strategy, such as enhancing the performance of intrusion protection systems.

 Conclusions and Recommendations

I hope this overview of the top five threats for 2013 has piqued your interest. The field of IT security threats—and mitigating them—is a constantly changing landscape—meaning it is important to patch, remediate and review your existing devices, as well as applying the same processes to your ongoing defenses and defense strategies.

 

Lamar Bailey is Director of Security Research and Development for nCircle.