Trend: Zero-day vulnerabilities dominate, increasingly destructive attacks

• Vulnerabilities emerging faster than they can be patched and quickly being incorporated into professional attack kits
• High-profile attacks in South Korea show that theft no longer sole focus; breaches designed to cripple critical networks

TREND Micro researchers have raised the alarm about zero-day vulnerabilities and expressed concerns about the recent concentrated attack in South Korea.
 
Collectively, these events demonstrate that zero-day vulnerabilities remain a threat while attack innovations are growing in sophistication, intensity and severity, the company said in a statement, referring to its Q1 2013 Security Roundup Report.
 
Zero-day attacks
 
New attacks against Oracle’s Java and Adobe’s Flash Player, Acrobat and Reader reveal that vulnerabilities are emerging faster than they can be patched and are quickly being incorporated into professional attack kits such as the ‘Black Hole Exploit Kit.’
 
 “Of course Java is cross-platform and that is somewhat attractive to criminals, but what is really attractive is its vulnerabilities and its ubiquity,” said Rik Ferguson, Trend Micro vice president, Security Research.
 
“This definitely won't be the last zero-day vulnerability in Java and it won't be the end of the vast attack surface that it currently offers to criminals,” he said (click chart to enlarge)..

 
Attacks on South Korea

The high-profile attacks executed in South Korea in March reinforce that theft is no longer the sole focus of hacking efforts. These breaches were also designed to cripple critical networks via innovative techniques including:

• Multiplatform focus such as Unix and Linux;

• Specific countermeasures for installed security software; and

• Hijacking of patch management systems

“Given the capability of what took place in South Korea, it is likely that increasingly destructive attacks will continue to be a threat,” said Tom Kellermann, Trend vice president of Cyber Security.
 
“With each quarter, attacks are becoming bolder and more targeted, pointing to concerns far beyond the compromise of personal data,” he added.
 
To get a PDF of the complete Q1 2013 Security Roundup Report, click here.
 
Related Stories:
 
Korean banks and media agencies under cyber-attack: Trend Micro
 
Facebook admits network breached, blames Java
 
 
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.