What is the number one biggest threat or the fastest growing cyberthreat that people can expect to see in 2013?
The fastest growing cyberthreat in 2013 will be web based exploit kits for drive by infections such as Blackhole. Over the past three months I’ve noticed more exploit kit chatter amongst private security lists and I’ve begun to see more new kits springing up. From Redkit to CritXpack, Blackhole’s success in the underground markets seems to be spawning the opportunity for others to create their own kits.
What is facilitating the problem?
The rise in Web-based exploit kits is due to a couple of things. First is, as I’ve mentioned above, the continued success of Blackhole. It seems that most Web and e-mail based attacks lead to a site where Blackhole exploit kit is installed.
The other reason is continued borage of Java exploits that are popping up. Once these exploits make it out to the public, for one reason or another, kit producers are quickly putting these exploits in their packs. The reason that Java is used in Web-based exploit kits is because it’s so successful in exploitation, typically three times more successful than the next exploit.
Kits are so damaging because they are becoming widely accessible, are including these exploits faster in their cycle from 0-day to kit, and the exploit kit coders are beginning to offer more services modeled after professional service that help maintain and improve their effectiveness.
What specific measures can people take to address the threat?
Ensure that web based client applications are always kept up to date! In the case of Java, which has recently had 0-day exploits rolled into exploit kits, uninstall it. If Java is absolutely necessary for a custom application, try to use two browsers, one browser with Java enabled and intended for use specifically for that custom application and another with Java disabled for every day browsing.
- Chris Astacio, Manager, Security Research, Websense