Browse archive

Latest news

Microsoft to pay up to 150k for vulnerabilities

(IN)SECURE Magazine issue 38 released

Collected data helped foil 50 terrorist plots, says NSA chief

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

Failed backups endanger revenue and productivity

How to detect hidden administrator apps on Android

CyanogenMod founder aims to thwart data-grabbing apps

Hacking charge stations for electric cars

How the security threat landscape will evolve this year

by Lamar Bailey - Director of Security Research and Development for nCircle - Wednesday, 16 January 2013.

Where 2012 was a period of great innovation amongst cybercriminals and hackers – many of whom keenly develop new and hybridized attack vectors that build on a constantly expanding range of extensible code environments seen running on Windows and Apple Mac platforms - 2013 is likely to go down in the darkware IT history books as a period of consolidation.

This trend will be driven, we predict, by the not inconsiderable fact that the incredible volume of new security threats seen over the last 12 months will push many of the so-called legacy threats out of the first tier of the attack tables that many IT security applications automatically load into memory.

But 2013 will also, we believe, be marked as a period of adaptive security threats, driven by the continual development of five key areas:

1. Adobe Acrobat and Reader security flaws

2. SQL injection threats

3. Compromised and malicious Web sites

4. Exploit Kits

5. Zero-day Web browser threats.

The four main groups of attackers that will be delivering the main strands of threats will be cyber-criminals, cyber-terrorists, political hacktivists and rogue employees - causing IT security professionals a number of headaches as never before.

All of this, of course, comes against a backdrop of an evolving Internet - using extensible code technologies such as ActiveX, HTML5, JavaScript and good old Multimedia - to introduce malware to the company IT platform and to monetise frauds, steal data, raid company bank accounts and hit corporate reputations where it hurts most: on the bottom line.

Adobe Acrobat and Reader security flaws

The first of our five threats that IT professionals should be on the lookout for in 2013 is the recurrent problem of Adobe Acrobat and Reader security flaws. Although Adobe’s software has been around since the early 1980s, it wasn’t until the company acquired Macromedia in 2005 – when Flash came under Adobe’s wing - that the extensible code threat landscape started to change.

Because much of Adobe's code structures are designed to be executed across multiple platforms, this makes the process of enhancement a tricky one, especially against a backdrop of a constant stream of Patch Tuesdays for Windows - and similar code updates for the Apple Mac and other operating system platforms.

A classic example of this was back in December of 2011 when hackers started tucking into a potentially major Adobe Acrobat and Reader security flaw, with Adobe issuing a warning to its user base about the issue, which affected Adobe Reader X (10.1.1) and earlier versions for Windows and Apple Mac systems, and Adobe Reader 9.4.6 and earlier 9.x versions for Unix, as well as Adobe Acrobat X (10.1.1) and earlier for Windows and Mac machines.