Here’s what I think we’re in for next year when it comes to APTs and the overall threat landscape.
1. The demand for cybersecurity and IR skills will reach new highs.
As advanced threats have become more commonplace, the demands on existing incident response (IR) teams have begun to outstrip capacity, especially in enterprises and government entities where cybersecurity skills are already in short supply. A recent survey by the Ponemon Institute held that only 26 percent of security professionals felt they had the security expertise needed to keep up with advanced threats. Computer science programs will continue to adapt to this trend with more focused training in cybersecurity disciplines.
This week, Palo Alto Networks researcher, Bo Qu, was credited with discovering 3 distinct critical vulnerabilities in Microsoft Internet Explorer. These vulnerabilities (CVE-2013-3915, CVE-2013-3916, CVE-2013-3917) were documented earlier this week in Microsoft Security Bulletin MS13-088. These vulnerabilities all enabled an attacker to place specially crafted content on a website that could cause a memory corruption and give a remote attacker the same rights as the target user including code execution capabilities. These types of vulnerabilities are particular valuable to advanced attackers interested in infecting users in drive-by-download and watering-hole attacks. The attacker simply lures the user into clicking on an infected link, and the attacker can gain control of the browser and user privileges.
Of particular interest, these vulnerabilities impacted versions of Internet Explorer from IE6 all the way up to IE11, which was just recently released in October (IE11 has been touted by Microsoft as making the web 40% more secure). The fact that these vulnerabilities are present up to the latest version of IE means that not only are the critical, but the scope of affected user is also particularly large.
These vulnerabilities were disclosed to Microsoft as part of Palo Alto Networks participation in the MAPP program, which ensures the timely, responsible disclosure of new vulnerabilities as well as allowing security vendors to create protections for new vulnerabilities to ensure that customers are protected as soon as the vulnerabilities are announced publicly.
Guy Fawkes Day is Tuesday, and a variety of loosely affiliated movements from Occupy to Anonymous are joining to commemorate the day with a Million Mask March. However, it seems that Anonymous or at least Anonymous affiliated hackers in Asia have decided to get an early start on the festivities with a variety of attacks against government websites in Australia, Singapore, and the Philippines.
Thus far, these attacks all bear the unmistakable signs of hacktivism, in that the compromised sites were defaced with political messages. Obviously, these sorts of attacks are nothing new, and we have been seeing a bit of their resurgence in the past few months. Prior to this action from Anonymous, the Syrian Electronic Army or SEA had claimed responsibility for a string of attacks targeting large news media organizations ranging from the New York Times to Twitter.
Whenever one of these attacks makes the news, it always seems to spur questions about how such a thing can continue to happen. I wanted to briefly share some of the more common tactics we are seeing against legitimate websites. …Continue reading