All the latest UK technology news, reviews and analysis


Stuxnet tricks will aid cybercriminals, warns Microsoft

13 Dec 2012
Hacker

The vulnerabilities uncovered by targeted state-sponsored attacks could soon become a favourite avenue of attack for criminal malware developers, according to Microsoft.

Redmond's director of trustworthy computing Tim Rains warned that the one of the biggest threats in the coming year would be cyber crooks' use of flaws utilised for state-sponsored operations.

Rains said that the unintended consequence of operating a sophisticated cyber espionage activity is that criminal groups are essentially given free research on how to infect systems and little-known vulnerabilities are brought to the forefront.

He said that in the wake of the Stuxnet attack, the company noted an 85 percent increase in other attacks targeting the same vulnerability, an indication that malware writers picked up on the tactics used in the state-sponsored operation.

"The barriers to entry for criminals to leverage highly sophisticated techniques in their attacks are lowered each time the malware and vulnerabilities that highly skilled professionals develop and use, are discovered," Rains wrote.

"This is likely to amplify the unintended consequences of espionage in the coming years."

Rains also believes that malware writers will be moving away from the traditional "worm" infection technique and will instead be relying more heavily on Trojan downloaders disguised as media files and apps.

Additionally, Rains predicted that drive-by attacks and cross-site scripting operations will continue to grow over the course of 2013 as the popularity of exploit kits grows.

There is some hope for users and administrators, however. Microsoft believes that as users receive more frequent updates, the effectiveness of exploit techniques which rely on outdated software will plummet.

"As vendors like Adobe, Oracle, and others make it easier and easier for customers to keep ubiquitous software updated, the window of opportunity for attackers to exploit old vulnerabilities will get smaller and smaller," said Rains.

"I'm also optimistic that app store distribution models will also help software vendors successfully distribute the latest and most secure versions of their software."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
23%
14%
4%
17%
30%
12%

Popular Threads

Powered by Disqus
Galaxy S5 vs iPhone 5S vs Nexus 5 showdown

Galaxy S5 vs iPhone 5S vs Nexus 5

We speed test three of the most popular smartphones

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Digital Project Manager - Creative Technology House

Digital Project Manager - Creative Technology House Henley...

SQL Database Adminstrator (DBA) SQL 2012, SSIS, Windows 2012

SQL Database Adminstrator (DBA) SQL 2012, SSIS, Windows...

SharePoint Lead Developer - SharePoint 2013, C#, .Net

SharePoint Lead Developer – SharePoint 2013, C#, .Net...

Infrastructure Analyst - Storage, SAN, EMC, VMWare, Exchange

Infrastructure Analyst - Storage, SAN, EMC, VMWare, Exchange...
To send to more than one email address, simply separate each address with a comma.