2013 Predictions: Software Vulnerabilities as the Main Target for Cyber-Criminals

By Nofar Gueta | December 23, 2012

As the year is coming to its ends, security summaries and predictions are being published on a daily basis. In this post, PandaLab predicts the security trends for 2013, and addresses one of the most alarming issues of 2012 – software vulnerabilities. The company describes exploitation of these vulnerabilities as “undoubtedly the preferred method of infection for compromising systems transparently”.

The questionably-desirable first place on that list is dedicated to software vulnerabilities with good reasons. During the last year, the information security community has witnessed a massive usage of software vulnerabilities in multiple high-profiled attacks. Excellent examples are the increasingly growing usage of Java vulnerabilities and the pervasive vulnerabilities in Adobe products.

Briefing through targeted attacks that have occurred lately indicates a clear preference among cyber attackers; Whether executing an attack leveraging a Zero-Day java vulnerability that affected countless computers, or attacking the governmental and industrial sectors by using familiar java exploits, it seems that java-based vulnerabilities usually get the job done. Another distinguished preference is the use of Adobe vulnerabilities. With the revelation of Zero day vulnerabilities in one the companies’ flag products, Adobe Reader, and even a targeted attack directed towards the company itself, during which the Adobe’s code signing certificate was compromised, it seems that the company’s products are a fertile ground for an attacker.

The solution for software vulnerability exploitation is supposed to be very clear – a regulated software update mechanism should prevent the vast majority of the attacks. But reality constantly proves otherwise. For many reasons, traditional security failed to face the challenges provided by the dynamic world of cyber attackers. Cyvera TRAPS specializes in preventing exploitation of software vulnerabilities, whether familiar or Zero-days.

Copyright ©2014 Palo Alto Networks • All Rights Reserved.