Lamar Bailey, director of security research and development with nCircle, has selected five particular threats that are working now and which he thinks will be further refined and developed by hackers during 2013. These five are attacks against Adobe Acrobat and Reader, SQL injection attacks, compromised web sites, zero-day browser attacks and exploit kits.
A common theme in many of these attacks is the exploitation of extensible code; some of which has been around for a long time. Adobe’s extensible code has been around since 1982; SQL became an industry standard in 1986: both are still exploited now and will be further exploited next year.
Compromised and malicious websites have been around since the mid-1990s, and are not going to go away. 2012 saw the evolution of new methodologies to lure visitors to those sites, such as the waterhole technique and evermore sophisticated spear-phishing; and that evolution will continue through 2013.
The web browser will continue to be a primary threat vector for the foreseeable future. While the main browsers have started silent updates, no patch can defend against the unknown zero-day threat – and the annual hacking competitions show how many attacks still exist. And that’s without considering the weaknesses provided by third party extensions and plug-ins.
Finally, Bailey points to the exploit kit. This isn’t an exploit in itself, but a reservoir of current successful exploits that are automatically and rapidly fired at browsers until one succeeds. The most popular, Blackhole, is often considered to be the most potent threat on the internet; and Bailey expects further refinement and development of the genre.
“The key thing to remember about these threats,” he says, “is that while some of them may ostensibly appear to be old, they are still very much alive and kicking and will be exploited further in 2013 as the hackers upgrade and invigorate them.” Bailey is concerned that faced with the more esoteric and futuristic threats that will come with, for example, the internet of things, defenders will take their eye off the current ball. “This is an important issue,” he added, “as some security vendors allow older exploits to ‘drop off’ their first line defenses in order to store as many attack methodologies in memory as possible.”