Interviews

IT threats to watch for

by Mark Rowe

The New Year – and beyond – will be a time of highly adaptive security threats, with four main strands – cyber-criminals, cyber-terrorists, political hacktivists and rogue employees – conspiring to create severe headaches for IT security people in the public and private sector. That is according to Lamar Bailey, Director of Security Research and Development with nCircle, who has released his five security threats to watch out for in 2013.

“The key thing to remember about these threats is that – whilst some of them may ostensibly appear to be old – they are still very much alive and kicking and will be exploited further in 2013 as the hackers upgrade and invigorate them. This is an important issue, as some security vendors allow older exploits to `drop off’ their first line defences in order to store as many attack methodologies in memory as possible,” he said.

“This trend is something we know that today’s cybercriminals are very well aware of, as they monitor the IT security newswires and reports as all professionals do on a regular basis – and then optimise their planned attack strategies to maximise the chances of compromising a targeted system,” he added.

One of the key issues that nCircle’s director of security says will be crucial in 2013, is the trend of exploiting extensible code platforms such as ActiveX, HTML5, JavaScript and the many variants of multimedia – most of which are an evolving environment, especially against the backdrop of the new Windows 8 operating system.

Put simply, he added, this means that cybercriminals can – and will – discover new malware insertion methodologies that allow them to monetise their frauds, steal data, raid company bank accounts and hit corporate reputations where it hurts most: on the bottom line.

Five IT threats to watch out for 2013:

Adobe Acrobat and Reader security flaws – although Adobe’s extensible code has been around since 1982, but we continue – to this day – to see a steady stream of attacking code.

SQL injection threats – SQL first became an industry standard back in 1986, since when it has been central to database software and poses a juicy target for all manner of cybercriminals.

Compromised and malicious Web sites – have been around since the mid-1990s. The evolution of HTML5 and other Web advances has shifted the threats/solutions balance up significantly in recent years.

Exploit Kits – the BlackHole exploit kit is relatively young, only dating from last year, but it has evolved rapidly to become the number one Web threat.

Zero-day Web browser threats – the evolution of the three main Web browser clients (Google Chrome, Mozilla Firefox and MS-Internet Explorer) has been rapid over the last 12 months, with silent updates and plug-ins/apps changing the dynamics of browser defence requirements. With large numbers of legacy browser client users, this poses a potentially significant security problem.

Bailey says that his firm’s observations among its major clients – which include Facebook, Salesforce.com, the US Department of Agriculture, and Vodafone, have given his research time insight into how the security threat landscape is evolving.

“This insight leads us to believe that many of the exploits of yesteryear will be revitalised in 2013 by the addition of extra coding and the raft of new hacker developers that are constantly joining the cybercriminal business,” he said.

“Coupled with the flotilla of new threats emerging from the black hats of cyberspace, we strongly recommend that IT security professionals develop a strategy of patching, remediating and reviewing their existing – plus ongoing – defences and defence strategies,” he added.

“IT security professionals must wake up and smell the coffee. They really do need to adapt to the new and constantly changing threat landscape, otherwise the cybercriminals will end up winning the battle for their digital assets,” added Lamar Bailey.

To listen to a 2013 predictions podcast include predictions from Lamar Bailey, Director of Security Research and Development with nCircle and Tim ‘TK’ Keanini, chief research officer for nCircle follow the link.

Related News

  • Interviews

    Farm watch scheme

    by Mark Rowe

    Police in Rutland and local farmers have set up a ‘Farm Watch’ to tackle crime against farms in the area. It’s meant…

  • Interviews

    UK corruption risk

    by Mark Rowe

    While the UK does fairly well on global corruption indices, the corruption risk is rising for the UK, according to the head…

  • Interviews

    Cryptojacking campaigns

    by Mark Rowe

    Illicit cryptocurrency mining or cryptojacking is on the rise and is now one of the most popular and fastest-growing forms of cyber-criminal…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing