(Page 3 of 4)
“We’ll see operational security champions build tighter connections with their developer counterparts. Threat modeling will grow to a broader, more systems-based approach,” he said. “And methodologies will become more repeatable and rigorous, borrowing from tried-and-true processes in development such as application threat modeling, and growing similar muscle in operations using continuous monitoring and operational reviews. While attackers are already trying to exploit these gaps, many of the pieces for the defenses’ playbook exist, and we’ll see them come together to increase the challenge for attackers.”
Cybercrime that Leverages Unsupported Software Will Increase
Rains said this topic has been discussed before, but it’s worth mentioning again again. The most effective way to protect systems in the current environment, where drive-by download attacks are so popular with attackers, is to keep all software installed on them up-to-date with security updates. But on April 8 2014, support will end for Windows XP.
“This means Windows XP users will no longer receive security updates, non-security hotfixes or free/paid assisted support options and online technical content updates. This venerable platform, built last century, will not be able to keep pace with attackers, and more Windows XP-based systems will get compromised,” he said. “The best way to stay ahead of attackers in 2014 and beyond is to migrate from Windows XP to a modern operating system that can provide increased and ongoing protections like Windows 7 or Windows 8, before April 2014.”
Increase in Social Engineering
Chris Betz, a senior director at the Microsoft Security Response Center, said as enterprises move off legacy systems, or restrict those systems to non-Internet-facing roles, we will see cybercriminals and some advanced actors increase use of social engineering and weak passwords to access systems. Social engineering and weak passwords have been part of the malicious actors’ kit for many years, he noted, and are some of the oldest hacking techniques still in use.
“For the past several years, vulnerabilities in unpatched and older applications, such as those targeted through web-based attacks, are the most common way that malicious actors compromise systems. Increasingly, enterprises and individual users are setting aside older systems and software for those with default patching and modern exploit defenses,” he said. (continued...)
Posted: 2014-01-09 @ 10:47pm PT
What about Neverquest?