Perimeter
1/11/2012
12:37 PM
Tom Parker
Tom Parker
Commentary
50%
50%

2012 Will Be The Year Of The...

After a rough 2011 for many large organizations, here's a look at what the world of advanced threats will bring in 2012

Much to the embarrassment of several large corporations, last year saw some of the most impactful compromises in the history of the Internet, with companies' digital dirty laundry dragged out in full view of competitors and the general public. Many companies hurried to find a new two-factor authentication solution, gamers were left wondering who now had their identities, and Lulzboat became part of the common lexicon. But what will 2012 offer in the big, bad world of the advanced threat?

Vulnerability research and offensive capabilities, in general, are almost generational by nature. The average researcher will generally dedicate years of his or her life focusing on an individual or group of technologies. The main reason for this is that to develop something that’s truly advanced, a lot of very dry fundamentals need to be first understood about that technology.

With a closed-source product, this isn’t something that happens overnight. When considering something complex like the internals of the Java Runtime Environment or Flash, this fundamental understanding could take half a year to acquire before your research starts to yield anything close to useful. This creates observable trends in the type of offensive technologies that we see baked into advanced threats and, historically speaking, also can be observed through the types of things that vendors have to fix most.

Five years ago, it was file format fuzzin; 10 years ago, it was attacking the Microsoft RPC stack; in more recent years, we have seen a definite trend toward research around embedded systems -- much of which has been spurred on by the advent of "Stuxmania," or Stuxnet.

And so my first prediction for 2012 is that we will continue to see an increased focus on offensive research toward embedded systems, utilized primarily in the industrial control systems realm. Much of the research we are likely to see in 2012 is unlikely to pose an imminent threat to the average electric utility or the nuclear enrichment efforts of the world’s super villains; however, it will get us significantly closer to having to really start to wonder whether we’re going to wake up one morning to no power -- and it might not come back on for weeks, if not months.

For those of you who have been relying on NoScript for the past three years to block anything that smells of Flash, I believe 2012 will see the large well of Flash vulnerabilities drawn from by the baddies over past few years start to dry up. A lot of effort has been invested in finding Flash vulnerabilities during the past 12 months, which can only result in a rapid reduction in the number of Flash zero-days that we see emerge on a regular basis at least. If you have secrets to steal, then this, of course, does not mean 2012 is going to cut you any kind of break.

Large corporations with the most to lose will see a continued uptick in the amount of campaigns designed at stealing treasure troves of industrial secrets. If anything, 2010 and 2011 showed us how effective these types of campaigns are, and while the tactics might change, the strategy remains the same. Due largely to the security product business getting a lot better at spotting drive-by downloads and malicious email attachments (such as PDFs containing malicious JavaScript), I further foresee many such techniques becoming less popular, and even greater emphasis being placed around client-side exploitation.

Will 2012 be the year of the so-called “cyberwar” that so many like to talk about? Doubtful. However, we absolutely are going to see things heat up between the West and many of the usual suspects who have persisted in their use of cyber as a means to stealing our secrets. At most, 2012 could see open suggestions of diplomatic sanctions against the worst offenders; however, this will largely depend on what happens in the lead-up to November, in the United States at least.

Happy 2012! Stay safe!

Tom Parker is Chief Technology Officer at FusionX.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JCharles
50%
50%
JCharles,
User Rank: Apprentice
12/21/2012 | 4:08:42 PM
re: 2012 Will Be The Year Of The...
So what do you need, good Security devices, a Big Data SIEM like Secnology and a Security Expert to set the rules, make the calls and educate the users.
LRAgurkis
50%
50%
LRAgurkis,
User Rank: Apprentice
12/21/2012 | 3:16:29 PM
re: 2012 Will Be The Year Of The...
The message in this article should be repeated again and again. All too often the insider threat is overlooked, particularly that of those with ultimate privilege.-Š This happens despite regulatory guidance out there that demands privileged user access and action be managed, monitored and reported. A combo of technology (available today) and education is a must.
kjhiggins
50%
50%
kjhiggins,
User Rank: Strategist
12/20/2012 | 3:50:13 PM
re: 2012 Will Be The Year Of The...
Anyone have any war stories on database-hardening steps? What are some things to look out for?

Kelly Jackson Higgins, Senior Editor, Dark Reading
dr606
50%
50%
dr606,
User Rank: Apprentice
12/20/2012 | 7:15:45 AM
re: 2012 Will Be The Year Of The...
Informative article
dr600
50%
50%
dr600,
User Rank: Apprentice
12/20/2012 | 7:13:18 AM
re: 2012 Will Be The Year Of The...
Yes i agree !!
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:09:07 AM
re: 2012 Will Be The Year Of The...
This is serious stuff!-Š
The only things that will change this horrendous
situation are if Congress finally passes a CyberSecurity Bill that has
measurable accountability controls and/or we suffer an attack that takes out
our power grid or another piece of critical infrastructure. I know there's a
lot of fear mongering out there which is unfortunate as it then becomes
difficult for people to separate the wheat from the chafe. I've been in the IT
Security space for enough time to understand how fragile our corporate and
government infrastructure is. Let's not remain in denial mode G«Ű everyone needs
to rally behind this initiative and make it happen. http://blog.securityinnovation...
DonG«÷t you think?
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:08:30 AM
re: 2012 Will Be The Year Of The...
Great article!-ŠI personally enjoyed every G«£mythG«• you
brought up and this article sure made my day! When it comes to Software
Vulnerability Management, my motto is: Be sure to classify and be careful with
your fix! When you conduct an application security assessment, whether itG«÷s a
static analysis scan, dynamic analysis scan, penetration test, or code review,
you are going to be presented with a set of vulnerabilities to fix. Often
times, there are more vulnerabilities to be fixed than time to fix them, so how
do you determine which you should address? There are three approaches that I
use and that work well individually, and more effectively, collectively: DREAD,
Data Asset Classification, Criticality Definitions. To better understand what I
mean, hereG«÷s a great article: http://blog.securityinnovation...
. Keep up the good work!
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:07:45 AM
re: 2012 Will Be The Year Of The...
Very insightful article!-ŠNo one has to tell you that
with the increased usage of mobile and social applications, or social
applications on mobile devices reaching an all-time high, this opens up a can
of security concerns. And thereG«÷s lots of buzz, from a security standpoint, on
different types of attack examples and how organizations are going to need to
implement a strategy -- soon. However, the most threatening of security risks
to the enterprise outside malicious or unknowing insiders are clearly malicious
third-party applications that often use sensitive user data. These applications
take control over mobile devices for personal data retrieval, UI impersonation,
unauthorized dialing and payments, or unauthorized network connectivity. HereG«÷s
a great article I think you might find interesting: http://blog.securityinnovation....
Keep up the good work!-Š
SSERGIO123
50%
50%
SSERGIO123,
User Rank: Apprentice
12/20/2012 | 4:14:37 AM
re: 2012 Will Be The Year Of The...
We have all the technology we need. What-¶s lacking is infosec education.
joes12
50%
50%
joes12,
User Rank: Apprentice
1/30/2012 | 5:01:51 AM
re: 2012 Will Be The Year Of The...
Though 2012 be a cyberwar, but to fight with them new technologies can also be expected to come, in order to have even more secured .
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Title Partnerís Role in Perimeter Security
Title Partnerís Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3407
Published: 2014-11-27
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

CVE-2014-4829
Published: 2014-11-27
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests tha...

CVE-2014-4831
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

CVE-2014-4832
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

CVE-2014-4883
Published: 2014-11-27
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?