Prediction #4: Software updating gets easier and exploiting vulnerabilities gets harder
As the drive-by download data above indicates, many attackers rely on outdated software to successfully compromise systems. This has been a successful tactic for many years and attackers will continue to use it in the foreseeable future. As I predicted above we will see large numbers of detections and blocks of drive-by download attacks and exploit attempts in 2013. But these attacks will become less effective than they have been in the past. We started to see some signs of this already. For example, following a surge in detections that peaked in the third quarter of 2011, detections of exploits that target vulnerabilities in Adobe Flash Player have decreased significantly in every subsequent quarter, likely due to the ease of keeping it updated.
As vendors like Adobe, Oracle, and others make it easier and easier for customers to keep ubiquitous software updated, the window of opportunity for attackers to exploit old vulnerabilities will get smaller and smaller. I'm also optimistic that app store distribution models will also help software vendors successfully distribute the latest and most secure versions of their software.
Prediction #5: Rootkits will evolve in 2013
Two new technologies, Unified Extensible Firmware Interface (UEFI) and secure boot, provide more protection against rootkits and other boot loader attacks. As systems that leverage these technologies become more pervasive, I expect to see purveyors of rootkits attempt to innovate and evolve their malware.
In conclusion, keeping all software up-to-date, running anti-malware software from a trusted source, and demanding software that has been developed using a security development lifecycle will continue to be best practices in 2013. These are among the best measures people can take in light of how the threat landscape is evolving.
Have a safe holiday season!
Sign up for Computerworld eNewsletters.