Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Using the past to predict the future: Top 5 threat predictions for 2013

Tim Rains, Director, Microsoft Trustworthy Computing | Dec. 19, 2012
Before I get to my predictions, it's no secret that privacy and cyber-security are two topic areas that will continue to be hot topics in 2013.

Prediction #4: Software updating gets easier and exploiting vulnerabilities gets harder
As the drive-by download data above indicates, many attackers rely on outdated software to successfully compromise systems.  This has been a successful tactic for many years and attackers will continue to use it in the foreseeable future.  As I predicted above we will see large numbers of detections and blocks of drive-by download attacks and exploit attempts in 2013.  But these attacks will become less effective than they have been in the past.  We started to see some signs of this already.  For example, following a surge in detections that peaked in the third quarter of 2011, detections of exploits that target vulnerabilities in Adobe Flash Player have decreased significantly in every subsequent quarter, likely due to the ease of keeping it updated.

As vendors like Adobe, Oracle, and others make it easier and easier for customers to keep ubiquitous software updated, the window of opportunity for attackers to exploit old vulnerabilities will get smaller and smaller.  I'm also optimistic that app store distribution models will also help software vendors successfully distribute the latest and most secure versions of their software.

Prediction #5: Rootkits will evolve in 2013
Two new technologies, Unified Extensible Firmware Interface (UEFI) and secure boot, provide more protection against rootkits and other boot loader attacks.  As systems that leverage these technologies become more pervasive, I expect to see purveyors of rootkits attempt to innovate and evolve their malware.

To learn more about UEFI and secure boot please see the Building Windows 8 blog.  To learn more about rootkits, please see the Microsoft Malware Protection Center's recent threat report on rootkits.

In conclusion, keeping all software up-to-date, running anti-malware software from a trusted source, and demanding software that has been developed using a security development lifecycle will continue to be best practices in 2013. These are among the best measures people can take in light of how the threat landscape is evolving.

Have a safe holiday season!

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.