nCircle predicts exploits, security threats and hacks will mutate in 2013

by Staff

five security threats to watch out for Lamar Bailey, Director of Security Research and Development with nCircle, has released his top five security threats to watch out for in 2013. The New Year -- and beyond -- he predicts, will be a time of highly adaptive security threats, with four main strands - cyber-criminals, cyber-terrorists, political hacktivists and rogue employees -- conspiring to create severe headaches for IT security professionals in all classes of public and private sector industries.

Quoting  begins The key thing to remember about these threats is that - whilst some of them may ostensibly appear to be old - they are still very much alive and kicking and will be exploited further in 2013 as the hackers upgrade and invigorate them. This is an important issue, as some security vendors allow older exploits to `drop off? their first line defences in order to store as many attack methodologies in memory as possible
      This trend is something we know that today?s cybercriminals are very well aware of, as they monitor the IT security newswires and reports as all professionals do on a regular basis - and then optimise their planned attack strategies to maximise the chances of compromising a targeted systemQuoting  ends

One of the key issues that nCircle's director of security says will be crucial in 2013, is the trend of exploiting extensible code platforms such as ActiveX, HTML5, JavaScript and the many variants of multimedia -- most of which are an evolving environment, especially against the backdrop of the new Windows 8 operating system.

Put simply, he adds, this means that cybercriminals can -- and will -- discover new malware insertion methodologies that allow them to monetise their frauds, steal data, raid company bank accounts and hit corporate reputations where it hurts most: on the bottom line.

Bailey's five top IT threats to watch out for 2013

Adobe Acrobat and Reader security flaws - although Adobe?s extensible code has been around since 1982, but we continue ? to this day - to see a steady stream of attacking code.

SQL injection threats - SQL first became an industry standard back in 1986, since when it has been central to database software and poses a juicy target for all manner of cybercriminals.

Compromised and malicious Web sites - have been around since the mid-1990s. The evolution of HTML5 and other Web advances has shifted the threats/solutions balance up significantly in recent years.

Exploit Kits - the BlackHole exploit kit is relatively young, only dating from last year, but it has evolved rapidly to become the number one Web threat.

Zero-day Web browser threats - the evolution of the three main Web browser clients (Google Chrome, Mozilla Firefox and MS-Internet Explorer) has been rapid over the last 12 months, with silent updates and plug-ins/apps changing the dynamics of browser defence requirements. With large numbers of legacy browser client users, this poses a potentially significant security problem.

Bailey says that nCircle's observations amongst its major clients -- which include Facebook,, the U.S. Department of Agriculture, and Vodafone, have given his research time a considerable insight into how the security threat landscape is evolving.

Quoting  begins This insight leads us to believe that many of the exploits of yesteryear will be revitalised in 2013 by the addition of extra coding and the raft of new hacker developers that are constantly joining the cybercriminal business.
      Coupled with the flotilla of new threats emerging from the black hats of cyberspace, we strongly recommend that IT security professionals develop a strategy of patching, remediating and reviewing their existing - plus ongoing - defences and defence strategiesQuoting  ends

Lamar Bailey, Director of Security R&D, nCircle concludes:

Quoting  begins IT security professionals must wake up and smell the coffee. They really do need to adapt to the new and constantly changing threat landscape, otherwise the cybercriminals will end up winning the battle for their digital assets Quoting  ends

To listen to a 2013 predictions podcast include predictions from Lamar Bailey, Director of Security Research and Development with nCircle and Tim "TK" Keanini, chief research officer for nCircle open this audio file:

GO EP57_Tis_the_Season_for_Predictions.mp3

nCircle is the leading provider of management solutions to more than 6,500 businesses and government agencies worldwide. Solutions enable enterprises of all sizes to (1) automate compliance and reduce risk, and (2) measure and compare the performance of their IT security program with their own goals and industry peers. nCircle solutions may be deployed on a customer's premises, as a cloud-based service, or in combination, for maximum flexibility and value.
      nCircle has won numerous awards for growth, innovation, customer satisfaction and technology leadership and has been ranked among the top 100 best places to work in the San Francisco Bay Area. nCircle is headquartered in San Francisco, CA, with regional offices throughout the United States and in London and Toronto. To learn how you can more effectively protect your company visit us at
      nCircle is a registered trademark of nCircle Network Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners.

Don't forget ... we encourage you to share your discoveries with other readers. Just send and email, contribute your own article, join the Design Cafe forums, or follow DTG on Facebook!

30th Anniversary for DTG Magazine