Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

How the security threat landscape will evolve this year

by Lamar Bailey - Director of Security Research and Development for nCircle - Wednesday, 16 January 2013.

Where 2012 was a period of great innovation amongst cybercriminals and hackers – many of whom keenly develop new and hybridized attack vectors that build on a constantly expanding range of extensible code environments seen running on Windows and Apple Mac platforms - 2013 is likely to go down in the darkware IT history books as a period of consolidation.

This trend will be driven, we predict, by the not inconsiderable fact that the incredible volume of new security threats seen over the last 12 months will push many of the so-called legacy threats out of the first tier of the attack tables that many IT security applications automatically load into memory.

But 2013 will also, we believe, be marked as a period of adaptive security threats, driven by the continual development of five key areas:

1. Adobe Acrobat and Reader security flaws

2. SQL injection threats

3. Compromised and malicious Web sites

4. Exploit Kits

5. Zero-day Web browser threats.

The four main groups of attackers that will be delivering the main strands of threats will be cyber-criminals, cyber-terrorists, political hacktivists and rogue employees - causing IT security professionals a number of headaches as never before.

All of this, of course, comes against a backdrop of an evolving Internet - using extensible code technologies such as ActiveX, HTML5, JavaScript and good old Multimedia - to introduce malware to the company IT platform and to monetise frauds, steal data, raid company bank accounts and hit corporate reputations where it hurts most: on the bottom line.

Adobe Acrobat and Reader security flaws

The first of our five threats that IT professionals should be on the lookout for in 2013 is the recurrent problem of Adobe Acrobat and Reader security flaws. Although Adobe’s software has been around since the early 1980s, it wasn’t until the company acquired Macromedia in 2005 – when Flash came under Adobe’s wing - that the extensible code threat landscape started to change.

Because much of Adobe's code structures are designed to be executed across multiple platforms, this makes the process of enhancement a tricky one, especially against a backdrop of a constant stream of Patch Tuesdays for Windows - and similar code updates for the Apple Mac and other operating system platforms.

A classic example of this was back in December of 2011 when hackers started tucking into a potentially major Adobe Acrobat and Reader security flaw, with Adobe issuing a warning to its user base about the issue, which affected Adobe Reader X (10.1.1) and earlier versions for Windows and Apple Mac systems, and Adobe Reader 9.4.6 and earlier 9.x versions for Unix, as well as Adobe Acrobat X (10.1.1) and earlier for Windows and Mac machines.