Welcome!

AJAX & REA Authors: Sebastian Kruk, RealWire News Distribution, Harald Zeitlhofer

News Feed Item

Vulnerabilities in Java and Adobe Will Be Main Targets for Cybercriminals in 2013

PandaLabs makes predictions on what other security issues will dominate next year

ORLANDO, Fla., Dec. 18, 2012 /PRNewswire/ -- Software vulnerabilities will be the main target of cyber-criminals next year, according to a list of security trends that will dominate in 2013, by PandaLabs, Panda Security's malware laboratory.  

"It is undoubtedly the preferred method of infection for compromising systems transparently, used by both cyber-criminals and intelligence agencies in countries around the world," said Luis Corrons, technical director of PandaLabs.

In 2012, Java, which is installed on hundreds of millions of devices, was repeatedly compromised and used to actively infect millions of users. Adobe, given the popularity of its applications (Acrobat Reader, Flash, etc.) and its multiple security flaws, was also one of the favorite tools for massively infecting users as well as for targeted attacks.

"Although it is assumed that home users are exposed to the highest risk, updating applications, which is essential for protecting against these types of attacks, is a very complex process for corporations who must coordinate the update among all workstations," explained Luis Corrons. "At the same time, all the applications used in a company must work correctly. This makes the update processes slow, which opens a window that is exploited to steal information in general and launch targeted attacks in search of confidential data."

PandaLabs predicts that other areas that will emerge in 2013 as dominant security issues are:

  • Social networks: The second most widely used technique is social engineering. Tricking users into collaborating to infect their computers and steal their data is an easy task, as there are no security applications to protect users from themselves. In this context, use of social networks (Facebook, Twitter, etc.), places where hundreds of millions of users exchange personal information, makes them the preferred hunting ground for tricking users.

Particular attention should be paid to Skype, which after replacing Messenger, could become a target for cyber-criminals.

  • Malware for mobile devices: Android has become the dominant mobile operating system. In September 2012, Google announced that it had reached 700 million Android activations. Although it is mainly used on smartphones and tablets, its flexibility and the fact that you do not have to buy a license to use it are going to result in new devices opting to use Google's operating system. Its use is going to become increasingly widespread, from televisions to all types of home appliances, which opens up a world of possible attacks as yet unknown.
  • Cyber-warfare / Cyber-espionage: Throughout 2012, different types of attacks have been launched against nations. The Middle East is worth mentioning, where the conflict is also present in cyber-space. In fact, many of these attacks are not even carried out by national governments but by citizens, who feel that they should defend their nation by attacking their neighbors using any means available.

Furthermore, the governments of the world's leading nations are creating cyber commandos to prepare both defense and attack and therefore, the cyber-arms race will escalate.

  • Growth of malware: For two decades, the amount of malware has been growing dramatically. The figures are stratospheric, with tens of thousands of new malware strains appearing every day. This sustained growth seems very far from coming to an end.

Despite security forces being better prepared to combat this type of crime, they are still handicapped by the absence of borders on the Internet. A police force can only act within its jurisdiction, whereas a cyber-crook can launch an attack from country A, steal data from citizens of country B, send the stolen data to a server situated in country C and could be living in country D. This can be done in just a few clicks, whereas coordinated action of security forces across various countries could take months. For this reason, cyber-criminals are still living their own golden era.

  • Malware for Mac: Cases like Flashback, which occurred in 2012, have demonstrated that not only is Mac susceptible to malware attacks but that there are also massive infections affecting hundreds of thousands of users. Although the number of malware strains for Mac is still relatively low compared to malware for PCs, we expect it to continue rising. A growing number of users added to security flaws and lack of user awareness (due to over-confidence), mean that the attraction of this platform for cyber-crooks will continue to increase next year.
  • Windows 8: Microsoft's latest operating system, along with all of its predecessors, will also suffer attacks. Cyber-criminals are not going to focus on this operating system only but they will also make sure that their creations work equally well on Windows XP to Windows 8, through Windows 7.

One of the attractions of Microsoft's new operating system is that it runs on PCs, as well as on tablets and smartphones. For this reason, if functional malware strains that allow information to be stolen regardless of the type of device used are developed, we could see a specific development of malware for Windows 8 that could take attacks to a new level.

More information at PandaLabs blog.

About PandaLabs
Since 1990, PandaLabs, Panda Security's malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats. To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda's user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day. This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage. Get more information about PandaLabs and subscribe to its blog news feed at http://www.pandalabs.com. Follow Panda on Twitter at http://twitter.com/Panda_Security and Facebook at http://www.facebook.com/PandaUSA.

SOURCE Panda Security

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Cloud Expo Latest Stories
SYS-CON Events announced today that TechXtend (formerly Programmer’s Paradise), a leading value-added provider of server and storage virtualization, and r-evolution will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. TechXtend (formerly Programmer’s Paradise) is a leading value-added provider of software, systems and solutions for corporations, government organizations, and academic institutions across the United States and Canada. TechXtend is the Exclusive Reseller in the United States for r-evolution
Every healthy ecosystem is diverse. This is especially true in cloud ecosystems, where portability and interoperability are more important than old enterprise models of proprietary ownership. In his session at 15th Cloud Expo, Mark Baker, Server Product Manager at Canonical/Ubuntu, will discuss how single vendors used to take the lead in creating and delivering technology, but in a cloud economy, where users want tools of their preference, when and where they need them, it makes no sense.
The consumption economy is here and so are cloud applications and solutions that offer more than subscription and flat fee models and at the same time are available on a pure consumption model, which not only reduces IT spend but also lowers infrastructure costs, and offers ease of use and availability. In their session at 15th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, will discuss this shifting dynamic with an example of a top European Telco provider. Find out how they are leveraging the power of acloud-based consumption model services to offer more value to the mass market and enable a new revenue model that embraces the true meaning of the Third Industrial Revolution.
The emergence of cloud computing and Big Data warrants a greater role for the PMO to successfully manage enterprise transformation driven by these powerful trends. As the adoption of cloud-based services continues to grow, a governance model is needed to orchestrate enterprise cloud implementations and harness the power of Big Data analytics. In his session at 15th Cloud Expo, Mahesh Singh, President of BigData, Inc., to discuss how the Enterprise PMO takes center stage not only in developing the appropriate governance model but also in collaborating with key stakeholders to ensure a successful transformation.
SYS-CON Events announced today that Cloudian, Inc., the leading provider of hybrid cloud storage solutions, has been named “Bronze Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Cloudian is a Foster City, Calif.-based software company specializing in cloud storage. Cloudian HyperStore® is an S3-compatible cloud object storage platform that enables service providers and enterprises to build reliable, affordable and scalable hybrid cloud storage solutions. Cloudian actively partners with leading cloud computing environments including Amazon Web Services, Citrix Cloud Platform, Apache CloudStack, OpenStack and the vast ecosystem of S3 compatible tools and applications. Cloudian's customers include Vodafone, Nextel, NTT, Nifty, and LunaCloud. The company has additional offices in China and Japan.
In today's application economy, enterprise organizations realize that it's their applications that are the heart and soul of their business. If their application users have a bad experience, their revenue and reputation are at stake. In his session at 15th Cloud Expo, Anand Akela, Senior Director of Product Marketing for Application Performance Management at CA Technologies, will discuss how a user-centric Application Performance Management solution can help inspire your users with every application transaction.
Come learn about what you need to consider when moving your data to the cloud. In her session at 15th Cloud Expo, Skyla Loomis, a Program Director of Cloudant Development at Cloudant, will discuss the security, performance, and operational implications of keeping your data on premise, moving it to the cloud, or taking a hybrid approach. She will use real customer examples to illustrate the tradeoffs, key decision points, and how to be successful with a cloud or hybrid cloud solution.
Cloud computing started a technology revolution; now DevOps is driving that revolution forward. By enabling new approaches to service delivery, cloud and DevOps together are delivering even greater speed, agility, and efficiency. No wonder leading innovators are adopting DevOps and cloud together! In his session at DevOps Summit, Andi Mann, Vice President of Strategic Solutions at CA Technologies, will explore the synergies in these two approaches, with practical tips, techniques, research data, war stories, case studies, and recommendations.
The 16th International Cloud Expo announces that its Call for Papers is now open. 16th International Cloud Expo, to be held June 9–11, 2015, at the Javits Center in New York City brings together Cloud Computing, APM, APIs, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
14th International Cloud Expo, held on June 10–12, 2014 at the Javits Center in New York City, featured three content-packed days with a rich array of sessions about the business and technical value of cloud computing, Internet of Things, Big Data, and DevOps led by exceptional speakers from every sector of the IT ecosystem. The Cloud Expo series is the fastest-growing Enterprise IT event in the past 10 years, devoted to every aspect of delivering massively scalable enterprise IT as a service.
Hardware will never be more valuable than on the day it hits your loading dock. Each day new servers are not deployed to production the business is losing money. While Moore’s Law is typically cited to explain the exponential density growth of chips, a critical consequence of this is rapid depreciation of servers. The hardware for clustered systems (e.g., Hadoop, OpenStack) tends to be significant capital expenses. In his session at 15th Cloud Expo, Mason Katz, CTO and co-founder of StackIQ, to discuss how infrastructure teams should be aware of the capitalization and depreciation model of these expenses to fully understand when and where automation is critical.
Over the last few years the healthcare ecosystem has revolved around innovations in Electronic Health Record (HER) based systems. This evolution has helped us achieve much desired interoperability. Now the focus is shifting to other equally important aspects – scalability and performance. While applying cloud computing environments to the EHR systems, a special consideration needs to be given to the cloud enablement of Veterans Health Information Systems and Technology Architecture (VistA), i.e., the largest single medical system in the United States.
In his session at 15th Cloud Expo, Mark Hinkle, Senior Director, Open Source Solutions at Citrix Systems Inc., will provide overview of the open source software that can be used to deploy and manage a cloud computing environment. He will include information on storage, networking(e.g., OpenDaylight) and compute virtualization (Xen, KVM, LXC) and the orchestration(Apache CloudStack, OpenStack) of the three to build their own cloud services. Speaker Bio: Mark Hinkle is the Senior Director, Open Source Solutions, at Citrix Systems Inc. He joined Citrix as a result of their July 2011 acquisition of Cloud.com where he was their Vice President of Community. He is currently responsible for Citrix open source efforts around the open source cloud computing platform, Apache CloudStack and the Xen Hypervisor. Previously he was the VP of Community at Zenoss Inc., a producer of the open source application, server, and network management software, where he grew the Zenoss Core project to over 10...
Most of today’s hardware manufacturers are building servers with at least one SATA Port, but not every systems engineer utilizes them. This is considered a loss in the game of maximizing potential storage space in a fixed unit. The SATADOM Series was created by Innodisk as a high-performance, small form factor boot drive with low power consumption to be plugged into the unused SATA port on your server board as an alternative to hard drive or USB boot-up. Built for 1U systems, this powerful device is smaller than a one dollar coin, and frees up otherwise dead space on your motherboard. To meet the requirements of tomorrow’s cloud hardware, Innodisk invested internal R&D resources to develop our SATA III series of products. The SATA III SATADOM boasts 500/180MBs R/W Speeds respectively, or double R/W Speed of SATA II products.
As more applications and services move "to the cloud" (public or on-premise) cloud environments are increasingly adopting and building out traditional enterprise features. This in turn is enabling and encouraging cloud adoption from enterprise users. In many ways the definition is blurring as features like continuous operation, geo-distribution or on-demand capacity become the norm. NuoDB is involved in both building enterprise software and using enterprise cloud capabilities. In his session at 15th Cloud Expo, Seth Proctor, CTO at NuoDB, Inc., will discuss the experiences from building, deploying and using enterprise services and suggest some ways to approach moving enterprise applications into a cloud model.