Perimeter
1/11/2012
12:37 PM
Tom Parker
Tom Parker
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

2012 Will Be The Year Of The...

After a rough 2011 for many large organizations, here's a look at what the world of advanced threats will bring in 2012

Much to the embarrassment of several large corporations, last year saw some of the most impactful compromises in the history of the Internet, with companies' digital dirty laundry dragged out in full view of competitors and the general public. Many companies hurried to find a new two-factor authentication solution, gamers were left wondering who now had their identities, and Lulzboat became part of the common lexicon. But what will 2012 offer in the big, bad world of the advanced threat?

Vulnerability research and offensive capabilities, in general, are almost generational by nature. The average researcher will generally dedicate years of his or her life focusing on an individual or group of technologies. The main reason for this is that to develop something that’s truly advanced, a lot of very dry fundamentals need to be first understood about that technology.

With a closed-source product, this isn’t something that happens overnight. When considering something complex like the internals of the Java Runtime Environment or Flash, this fundamental understanding could take half a year to acquire before your research starts to yield anything close to useful. This creates observable trends in the type of offensive technologies that we see baked into advanced threats and, historically speaking, also can be observed through the types of things that vendors have to fix most.

Five years ago, it was file format fuzzin; 10 years ago, it was attacking the Microsoft RPC stack; in more recent years, we have seen a definite trend toward research around embedded systems -- much of which has been spurred on by the advent of "Stuxmania," or Stuxnet.

And so my first prediction for 2012 is that we will continue to see an increased focus on offensive research toward embedded systems, utilized primarily in the industrial control systems realm. Much of the research we are likely to see in 2012 is unlikely to pose an imminent threat to the average electric utility or the nuclear enrichment efforts of the world’s super villains; however, it will get us significantly closer to having to really start to wonder whether we’re going to wake up one morning to no power -- and it might not come back on for weeks, if not months.

For those of you who have been relying on NoScript for the past three years to block anything that smells of Flash, I believe 2012 will see the large well of Flash vulnerabilities drawn from by the baddies over past few years start to dry up. A lot of effort has been invested in finding Flash vulnerabilities during the past 12 months, which can only result in a rapid reduction in the number of Flash zero-days that we see emerge on a regular basis at least. If you have secrets to steal, then this, of course, does not mean 2012 is going to cut you any kind of break.

Large corporations with the most to lose will see a continued uptick in the amount of campaigns designed at stealing treasure troves of industrial secrets. If anything, 2010 and 2011 showed us how effective these types of campaigns are, and while the tactics might change, the strategy remains the same. Due largely to the security product business getting a lot better at spotting drive-by downloads and malicious email attachments (such as PDFs containing malicious JavaScript), I further foresee many such techniques becoming less popular, and even greater emphasis being placed around client-side exploitation.

Will 2012 be the year of the so-called “cyberwar” that so many like to talk about? Doubtful. However, we absolutely are going to see things heat up between the West and many of the usual suspects who have persisted in their use of cyber as a means to stealing our secrets. At most, 2012 could see open suggestions of diplomatic sanctions against the worst offenders; however, this will largely depend on what happens in the lead-up to November, in the United States at least.

Happy 2012! Stay safe!

Tom Parker is Chief Technology Officer at FusionX.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JCharles
50%
50%
JCharles,
User Rank: Apprentice
12/21/2012 | 4:08:42 PM
re: 2012 Will Be The Year Of The...
So what do you need, good Security devices, a Big Data SIEM like Secnology and a Security Expert to set the rules, make the calls and educate the users.
LRAgurkis
50%
50%
LRAgurkis,
User Rank: Apprentice
12/21/2012 | 3:16:29 PM
re: 2012 Will Be The Year Of The...
The message in this article should be repeated again and again. All too often the insider threat is overlooked, particularly that of those with ultimate privilege.-Š This happens despite regulatory guidance out there that demands privileged user access and action be managed, monitored and reported. A combo of technology (available today) and education is a must.
kjhiggins
50%
50%
kjhiggins,
User Rank: Strategist
12/20/2012 | 3:50:13 PM
re: 2012 Will Be The Year Of The...
Anyone have any war stories on database-hardening steps? What are some things to look out for?

Kelly Jackson Higgins, Senior Editor, Dark Reading
dr606
50%
50%
dr606,
User Rank: Apprentice
12/20/2012 | 7:15:45 AM
re: 2012 Will Be The Year Of The...
Informative article
dr600
50%
50%
dr600,
User Rank: Apprentice
12/20/2012 | 7:13:18 AM
re: 2012 Will Be The Year Of The...
Yes i agree !!
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:09:07 AM
re: 2012 Will Be The Year Of The...
This is serious stuff!-Š
The only things that will change this horrendous
situation are if Congress finally passes a CyberSecurity Bill that has
measurable accountability controls and/or we suffer an attack that takes out
our power grid or another piece of critical infrastructure. I know there's a
lot of fear mongering out there which is unfortunate as it then becomes
difficult for people to separate the wheat from the chafe. I've been in the IT
Security space for enough time to understand how fragile our corporate and
government infrastructure is. Let's not remain in denial mode G«Ű everyone needs
to rally behind this initiative and make it happen. http://blog.securityinnovation...
DonG«÷t you think?
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:08:30 AM
re: 2012 Will Be The Year Of The...
Great article!-ŠI personally enjoyed every G«£mythG«• you
brought up and this article sure made my day! When it comes to Software
Vulnerability Management, my motto is: Be sure to classify and be careful with
your fix! When you conduct an application security assessment, whether itG«÷s a
static analysis scan, dynamic analysis scan, penetration test, or code review,
you are going to be presented with a set of vulnerabilities to fix. Often
times, there are more vulnerabilities to be fixed than time to fix them, so how
do you determine which you should address? There are three approaches that I
use and that work well individually, and more effectively, collectively: DREAD,
Data Asset Classification, Criticality Definitions. To better understand what I
mean, hereG«÷s a great article: http://blog.securityinnovation...
. Keep up the good work!
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
12/20/2012 | 7:07:45 AM
re: 2012 Will Be The Year Of The...
Very insightful article!-ŠNo one has to tell you that
with the increased usage of mobile and social applications, or social
applications on mobile devices reaching an all-time high, this opens up a can
of security concerns. And thereG«÷s lots of buzz, from a security standpoint, on
different types of attack examples and how organizations are going to need to
implement a strategy -- soon. However, the most threatening of security risks
to the enterprise outside malicious or unknowing insiders are clearly malicious
third-party applications that often use sensitive user data. These applications
take control over mobile devices for personal data retrieval, UI impersonation,
unauthorized dialing and payments, or unauthorized network connectivity. HereG«÷s
a great article I think you might find interesting: http://blog.securityinnovation....
Keep up the good work!-Š
SSERGIO123
50%
50%
SSERGIO123,
User Rank: Apprentice
12/20/2012 | 4:14:37 AM
re: 2012 Will Be The Year Of The...
We have all the technology we need. What-¶s lacking is infosec education.
joes12
50%
50%
joes12,
User Rank: Apprentice
1/30/2012 | 5:01:51 AM
re: 2012 Will Be The Year Of The...
Though 2012 be a cyberwar, but to fight with them new technologies can also be expected to come, in order to have even more secured .
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web